Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisorybug fixmoderate severityRed Hat OpenShift: RHSA-2023-2029-01 Moderate: Operator Bug Fix
An updated Security Profiles Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog. 2. Description: The OpenShift Security Profiles Operator v0.7.0 is now available. See the. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Security Profiles Operator bug fix update Advisory ID: RHSA-2023:2029-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:2029 Issue date: 2023-05-10 CVE Names: CVE-2023-0475 CVE-2023-25173 ==================================================================== 1. Summary: An updated Security Profiles Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog. 2. Description: The OpenShift Security Profiles Operator v0.7.0 is now available. See the documentation for bug fix information: https://docs.openshift.com/en/container-platform/4.12/security/security_profiles_operator/spo-release-notes.html 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2170844 - CVE-2023-0475 go-getter: go-getter vulnerable to denial of service via malicious compressed archive 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-10045 - The spod pods crash with rhel9 os due to "error parsing semanage configuration file" OCPBUGS-12879 - selinux: Allow using other container-selinux policy templates than container 6.References: https://access.redhat.com/security/cve/CVE-2023-0475 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFvaFNzjgjWX9erEAQhspw//Vw4vFa+ense7upZcydeEMMR2DRxw9Ht7 m4NkteViLRKBXUSp44JgH5FGHzpLrZZJ9XDsGMvum9utI+v7WwBaGiIjmDGual7f ZfHtpBCb2/h3r6CwUq+NQuK4optyLlUM9wo4z2FcZQLdrey0r7lDvywNUrBUzzd3 qPgRLdd1nOHepvG2uyqyAPb5gknjPDkWnp3CGbR6SHj97zmknAAfQbgIHbwFfakl QcjfKQYmo1fS8NnqdDt9VqYz96C0N9yGnSUOqZ2Gq8JKuR+u7VvYC0tuxTHvIacN I4qvwpEIKees3gmfYyw7XnNqJqztFGh9qGa4VHq20jIfsx4tywjNfxff5GfPDa9k pQshq/sRQBu9/yF5twwvjTtmOpDltJSVANBOqOIF4FG+L9xo1m4kDJ2DQ6OiKILa RExhThcYrBEJf/xUsP/y5fFUQGwwUpbdvi7ZKRarZExqDO+UpmrxKZ/2QhzfunvF EcEDA6zDXt+IhsIsppdmxBGVFe5LWeA0mLxXEpM2sv6gwvNxDF/8kgBEVLUOnXP2 PGYRLg1SoPD9+7xowmB5ElFU+j5eZgYlnSmTZ8Pgao4LGSb8qJzrF8btje2pfOAM FBfQq0uUFizjkEdC1j5evcHiINrOUL4ub6JWCuX3O93uIZpe5J8RGhV8XhcbpXJW lKkmxPiEFkM=Fvhj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 10, 2023
Red Hat
98
security advisorymiddlewarecontainer imageRHEL-8: RHSA-2022:8964-01 Important Security Update for rh-sso-7/sso76
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images Advisory ID: RHSA-2022:8964-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:8964 Issue date: 2022-12-13 CVE Names: CVE-2016-3709 CVE-2022-1304 CVE-2022-3782 CVE-2022-3916 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-37434 CVE-2022-42898 ==================================================================== 1. Summary: Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References). 3. Solution: The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. 4. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 5. JIRA issues fixed (https://issues.redhat.com/): CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8 CIAM-4413 - Generate new operator bundle image for this patch 6.References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-42898 https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY5ipn9zjgjWX9erEAQjCiRAAi5ZA/JuXoVbFoEvce4VnkiwYj3R9YGSF xcRYfIxIULSq4rRxjOKZroVyzZUp4HCYHxiNVjSOfreCVCUOrdSEipedwuJIIqvx SbYkdr9H0nww4Sne6rCOJZxVtgGMwMFBCVvQqeqRQAJH6qLpkuHnIda1wt/9HKbV 6kgg4BeqmYVReLO4f0QEXaBl6xuUWTAh8hr4B2fiKJ19r5On05Ob+rXUnpfzqu2p tA204sSB4y5sL6cNxGHXzxDcazRdYyLJj6KkN+3ydLANjFruU5pq9nxZoqKRlT7p CDYGoEguuheLNyDkIXjVngHs7mtKCS6da2jqcJC3fh3N/+hhepeGXk642jyF8u1o RMr6M8HPNsVL4Vdg9d3CZtzfBkDFXSHKD5O6Mi6SkCTKWrY/K6UG1JQtcIpDOTzd PWKE1WkqvpyA3Ie8DRUI0ztEDdRhazPCd+03HYKEVWoD/a+Q5NqgCaBViSuLLxpU 9FIq9OPwaxE4wzEjfuyOBNY183f6eTbAA7RE4ynfitiQiXMUKAhO3jLkFUgsogkp y/N2xyYR/SjIKyRH8zkQXc6+FD5gDX+8exWYnqD+dd8ucmK/D49nwoprXca7X4fH 1cBIpjuFF1pXQTwnygAh7Nyd40bIjEOB81YjoiroOhoLzfsBfBywLfon14bElgu/ c6KgATBEAcE=oocq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 13, 2022
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat: RHSA-2021-1079 Moderate Security Update for Ansible Platform
Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Ansible Automation Platform Operator 1.2 security update Advisory ID: RHSA-2021:1079-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:1079 Issue date: 2021-04-06 Keywords: Security Update CVE Names: CVE-2017-12652 CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-14973 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-17546 CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 CVE-2020-1971 CVE-2020-5313 CVE-2020-6829 CVE-2020-7595 CVE-2020-8177 CVE-2020-8625 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-14422 CVE-2020-15999 CVE-2021-3156 CVE-2021-3447 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 ==================================================================== 1. Summary: Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2.Description: Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Security fixes: CVE-2021-20191 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1916813) CVE-2021-20178 ansible: user data leak in snmp_facts module [ansible_automation_platform-1.2] (BZ#1914774) CVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes secured values [ansible_automation_platform-1.2] (BZ#1915808) CVE-2021-20228 ansible: basic.py no_log with fallback option [ansible_automation_platform-1.2] (BZ#1925002) CVE-2021-3447 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1939349) For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5.References: https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-5313 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8625 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/cve/CVE-2021-3447 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2021-3447 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHBeatzjgjWX9erEAQhLuw//QLV4QWc4E9o8cG3IJr3xIt6b/OHs6b9s hp04e5kT7IWFpmR3VXK+BEK2dd+NiGdvXPOpwe4BaOUWEDmq+dx4Vac5Z0GcZJUK AJz8dXFPYBgIafuIkWyY9UIvSO/VsQ2Dr4+KUnB1obALAz3ndSoQJFS1hysFBXHS +MulKiYVwFw7UbfvGuFLjmLrNTAflVa9MHmdh3P53bU+U2mCgzuHTFIpodkZhuIt aIR0H/dgHXXG8co20Zb5Nciqr0CxqejQ+xz84Yu0I+y1LWdBAhi34c3zJY4rlEQS 6/nfcsSPEadNCTXQu/TX6yvo6sE8A7/xGh1PDf0PLVv+Xh7TE53MtmTnYcl8uiRO 9m3CfJ7PLO2hpl6QuJzuUe7nXx65/qIoKQjZfNpZVXj/LQtL1F4RE7szmswIGNZL IG51pYEUE98aR3gIlLpoMjW4vtC+rdcwSBaLW5gH1Q5hNRlTLmFBTKmYNkCpd4Ho NP3AKEwx9R8ZdGYcCuZwYPvSQSqX+B9qURw5G4E/vbso8Vh9RYQ3kusnf93Q/1LG ImHCbsVWJDMMt/NRj5OvqgZc18ROqHhSpuJ+A44VCI+UihkZb2ai4DjGef0WHZhq XTMyLECTJIwM4aY+BC1ohYm0Whvs/w/hd03tGFBJhlIoBYakY6o8lRD7hCc8E/YI dEQ0aSabgEY=D/Lt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 09, 2021
Red Hat
98
security advisorydenial of serviceimportantRed Hat OpenShift Service Mesh 1.1 RHSA-2020-2795-01 Critical DoS Risk
An update for servicemesh-operator is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Service Mesh 1.1 servicemesh-operator security update Advisory ID: RHSA-2020:2795-01 Product: Red Hat OpenShift Service Mesh Advisory URL: https://access.redhat.com/errata/RHSA-2020:2795 Issue date: 2020-07-01 CVE Names: CVE-2019-11253 CVE-2020-14306 ==================================================================== 1. Summary: An update for servicemesh-operator is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: OpenShift Service Mesh 1.1 - x86_64 3. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Security Fix(es): * kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service (CVE-2019-11253) * openshift-service-mesh/istio-rhel8-operator: control plane can deploy gateway image to any namespace (CVE-2020-14306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: The OpenShift Service Mesh release notes provide information on the features and known issues: 5. Bugs fixed(https://bugzilla.redhat.com/): 1757701 - CVE-2019-11253 kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service 1850380 - CVE-2020-14306 openshift-service-mesh/istio-rhel8-operator: control plane can deploy gateway image to any namespace 6. Package List: OpenShift Service Mesh 1.1: Source: servicemesh-operator-1.1.4-3.el8.src.rpm x86_64: servicemesh-operator-1.1.4-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11253 https://access.redhat.com/security/cve/CVE-2020-14306 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvzahNzjgjWX9erEAQg6tA/7BGN9yUAhd3bJQ4Qa59K/jX98qJyo3PVN uWpKNC3iPwMJJT3UGIhcUgfDVsyEt3hcBqlYFyW7ZKO5UK7y3yKv12fjIX93NHbd LfiH7pha+OyqylRuZJDW5ibJyYhcD0FLGaoGA7JDhXbFoIEXuFcsf+C7JmS6P5OV yqKYEah6hX1ggTw1KSeaGc+2TN22n0YLuTueaRJ76vjiwFLPmdzfB1VwbDRGkcCG 4pJKHQtRl+HH1EJ0ZnElD9zBX1sEwRWtU8bAc3wagS3l/VoB2BRB5jas7xzu3LWY XAT2RPlea/jkBVXkK7m76KBD2Dhzb3gshZb0G6asLbskhFww/pYN+p674rbENPlE PBJRK7B7ofQSZUqsJvpctcOILA8oW4YyWsmWKUUiJT5wJBY5s0T/zmGav/4F7uSy fJGFhtMpRpIc8Vb7Gj3M/BtoZ1/mb1SdaCVJJ5N27PFaZt6VK3ICP7wXI+NQ4Ab8 ei5v1BDFPr66gME5BLROzzfNRzK3EMjQtfQm2JE9wBJDP7uiPxvuwkG2JpNf1cKX WAvpWMe2jVLkvwiQphlZJj96w32xgQ/qiPz3D+pbiihTj/SMZxaNpB6oY4obU1zT ToykkEUsrL/KOdv9Cwx3n09R/1QkVVL1ITklyAUuspRpVa/uaSfwmQx2LKu+uPEY 8zfguJ+XOXQ=javv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2020
•Important
Red Hat
98
security advisoryRed Hatmoderate severityRed Hat OpenShift 4.1 RHSA-2019-4082-01 Moderate: Operator Container Fix
An update for ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.1 operator security update Advisory ID: RHSA-2019:4082-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2019:4082 Issue date: 2019-12-04 CVE Names: CVE-2019-10213 ==================================================================== 1. Summary: An update for ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory includes ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container, which have been updated with the below security fix(es). Security Fix(es): * openshift: Secret data written to pod logs when operator set at Debug level or higher (CVE-2019-10213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.1 see the following documentation,which will be updated shortly for release 4.1.26, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.1/html/release_notes/ocp-4-1-release-notes Details on how to access this content are available at - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1734615 - CVE-2019-10213 openshift: Secret data written to pod logs when operator set at Debug level or higher 5. References: https://access.redhat.com/security/cve/CVE-2019-10213 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXee75tzjgjWX9erEAQioCw//cqM326MOX38f0m2pr54zVLvKCxA2Mcd6 IgysB9jw2875neGxI+AtuaqbILP4Pz2o7HvEjd+wDFHbw3GQmVqoxCA3bRLYD4n9 TNFTxdPMguVNdWUAjLrGXcUaomogs+GG2f0ytLE+vtuiH8LaMizdxDPf/5A8wkOP yOMB4Todb/wV0R8J9wbzsb1Zll8gnECujaxhChbHQMY0FS1j3ZP80vRjtUTpFciZ o/tHtKjKnPJpd0amdS/5JbVH24r5yV0yosOnxL1XSB9H5ogUYydUrKKJdnMWC1ym l95GNhO5gNq66yz+kJgfzDCsl70m0stGndDuSc9/hsRR2asEmIGOV4VblRzU7kHs C2NWlgsYdymOwHHurFkOxGx4phqxwx9sMWSi5HXLxAyULpnZT8Bp3qG7B/+vZiqp q5aPXpUaYfMrc4to9NwvWL3+IbevudNxFuAJCta7zyHifdOpJDSSrZs8oduiik++ gpjUHcLZLjXkotpjbx4jtrKEImg8ah7vZcbVeDfDYZNd5/KJ2QK4fo2kIbTTDRvv t4e4sTdBLo680OiWdxS2mRWJ8lxlqtQsPCy8fHdVdubNaVjJwPq4dcWCAiabW+MG Bo61mIs4ZkPKIxbNnNo6GyWVX400QMM4O7EqpdWHBZ6KAfXx8n4vuosJE79sOB1d 34lxJ4KFdSw=tu7b -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 04, 2019
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!