Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorysecurity updateaccess controlRed Hat OpenStack 16.1 RHSA-2023-3156-01 Critical: Access Control Flaw
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat OpenStack Platform 16.1 security update Advisory ID: RHSA-2023:3156-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3156 Issue date: 2023-05-17 CVE Names: CVE-2023-2088 ==================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes 6. Package List: Red Hat OpenStack Platform16.1: Source: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm noarch: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm noarch: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-2088 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGRr29zjgjWX9erEAQiVug//TcihV0I2Pf3ztuRxxZg10mh343oDhmKS kovBJNT8n5Cr+Vb6yXeVMrX8KNNfoaVuuI1A9tQCnck9H3KscAxVM3fO3T2rY7/p NqQ7S6B8nwoB9IK+AQjfZt6izlWlTs2C0T2u1JaSQBe+Cct0lJpCkSAba+UwHvu5 kbQt6GaTbHASUs5zY5yat1RIOqhDYGemJYg6dsEmZVA2ZiBFVyT+N5f5o23xofZ4 /ABji0DTlatWt8pGG7hbP00TDYyafswkIns3qnVDUP6PnB5wVhsDzpCHSWdTOuBw sREXOACYy5bXtM2MXdLWm8taafvFu60hnChjLsdtZ/+EV0B32lyDlH0aqi55Iatb NWAWg3B79aVul/CLwhrKmloZRiiyBQTWtLEpXIg5QU+ilF3gGfYX4ff7+PJeCJWW zZMFKY/oFrUbk+gFuID2qD3bwcS6oWqcjWzcHAm4dP1y4OcH5SvbHIrIwbdQF9QJ 6W2mawKCMMsX5CUj9tH+NR4mz8aBuLHr4q7eupPkOlswZmrS57UotJl7NjTUNr7A C8/6Deo3UeQUTBH9Osfy0kUVp3xJxF+WwXDGCNqpKnLLMSE3omvNO8gQOiPooVXW OVjAa/ewsLo+WXUFY4C+w92pzC9Nh2KXj5e714KjNRFBoi2CIXcy0cfj2KlP5BVE xx1mmidLJHw=1uh6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 17, 2023
•Critical
Red Hat
98
security advisoryarbitrary code executionimportantRed Hat OpenShift 4.7.45 RHSA-2022:0870 Important Arbitrary Code Execution
Red Hat OpenShift Container Platform release 4.7.45. is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.7.45 packages and security update Advisory ID: RHSA-2022:0870-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0870 Issue date: 2022-03-22 CVE Names: CVE-2022-0811 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.45. is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.7 - ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.45. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2022:0873 Security Fix(es): * CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter (CVE-2022-0811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/updating_clusters/updating-cluster-cli 4. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/release_notes/ocp-4-7-release-notes Details on how to access this content are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/updating_clusters/updating-cluster-cli 5. Bugs fixed (https://bugzilla.redhat.com/): 2059475 - CVE-2022-0811 CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter 2064013 - Placeholder bug for OCP 4.7.0 rpm release 6. Package List: Red Hat OpenShift Container Platform 4.7: Source: cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el7.src.rpm openshift-4.7.0-202203091647.p0.g0d60930.assembly.stream.el7.src.rpm openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el7.src.rpm x86_64: cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el7.x86_64.rpm cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el7.x86_64.rpm openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform4.7: Source: cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.src.rpm openshift-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.src.rpm openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.src.rpm ppc64le: cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.ppc64le.rpm cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el8.ppc64le.rpm cri-o-debugsource-1.20.6-11.rhaos4.7.git76ea3d0.el8.ppc64le.rpm openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.ppc64le.rpm s390x: cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.s390x.rpm cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el8.s390x.rpm cri-o-debugsource-1.20.6-11.rhaos4.7.git76ea3d0.el8.s390x.rpm openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.s390x.rpm x86_64: cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.x86_64.rpm cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el8.x86_64.rpm cri-o-debugsource-1.20.6-11.rhaos4.7.git76ea3d0.el8.x86_64.rpm openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0811 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYjo/1dzjgjWX9erEAQhzBxAAmyFntnZAn9BhZ8s/01/n0hP8cD/agYcd N0mB7d9I+gdCLiT/ZrSdya10aJIO3Tonneo9hJDH+GjpiDaWppnJOCFJk/3KXPPI mi6cWQTHtSrBCy8OKB0qt7IQSXlI0MfJIL2Y7qHS7iYSo1IKO4yDUYn7je+P6WLP 3y1vu2ZOYWfcVN2LIizo+QC6N8QHZqHG5aXJBMkD9c6P6fWQWWToA079eXw6uRDK tt+aqyPWS56oCAqX51Zhp3PktaV9aq7ssNqHu6szXW3xsGWg8ga7az51SDz8UUfU XIDlEePHuMs+6mOri0WJRywvFPJVcDkJoGYvmP26vsRV/FLPjDjPTVS1cA6namii B9shup0TuJqgRScIqfNXWwwJGuhSOTu6dwt6k2Jt7jeAVOvYYvVUT7i1eywG6wqK sIirEHXg5kOfqZ7HfiheLFOfUXAu+phXspL+n5cWgqzi/z7sGdcTd5aDfw4SloYX Amgqr+1Vv4mnqTBEXvo5ik3uCZORtJtVqegfka+MZpnT5KfM3q0gKlVsoytBwQeC 0mxR0txb5hpT80yew4Ov0gYswYh1LH5FZPu6NhYJVxJZzde3o+kPJ7G9+UJLp4rQ gLmGVTOl1XCYQaCKylklIRgsf4l7CnvcAGNSC57aBxoJ5pV/rrw64FbenK1tEOjp gh52wp9NPFM=DELS -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 22, 2022
•Important
Red Hat
98
security advisorysecurity issueRed HatRedHat OpenShift 4.3 Security Advisory RHSA-2020-4264-01 Low Impact
An update is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.3.40 security and bug fix update Advisory ID: RHSA-2020:4264-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:4264 Issue date: 2020-10-20 CVE Names: CVE-2017-12652 CVE-2017-18190 CVE-2018-20843 CVE-2019-2974 CVE-2019-5094 CVE-2019-5188 CVE-2019-5482 CVE-2019-8675 CVE-2019-8696 CVE-2019-11068 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12450 CVE-2019-12749 CVE-2019-14822 CVE-2019-14866 CVE-2019-14973 CVE-2019-15903 CVE-2019-16935 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-17546 CVE-2019-18197 CVE-2019-19126 CVE-2019-19956 CVE-2019-20386 CVE-2019-20388 CVE-2020-2181 CVE-2020-2182 CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 CVE-2020-2574 CVE-2020-2752 CVE-2020-2780 CVE-2020-2812 CVE-2020-6829 CVE-2020-7595 CVE-2020-8492 CVE-2020-9283 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-12825 CVE-2020-14352 CVE-2020-24750 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Low. ACommon Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Gather image registry config (backport to 4.3) (BZ#1836815) * Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176) * Login with OpenShift not working after cluster upgrade (BZ#1852429) * Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018) * [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110) * [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64 The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc 3. Solution: For OpenShift Container Platform 4.3 see the following documentation,which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.3/html/release_notes/ocp-4-3-release-notes Details on how to access this content are available at - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs 5.References: https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2017-18190 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-5482 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12450 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14822 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-19126 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-2181 https://access.redhat.com/security/cve/CVE-2020-2182 https://access.redhat.com/security/cve/CVE-2020-2224 https://access.redhat.com/security/cve/CVE-2020-2225 https://access.redhat.com/security/cve/CVE-2020-2226 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9283 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-12825 https://access.redhat.com/security/cve/CVE-2020-14352 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/updates/classification#low 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX49gEtzjgjWX9erEAQimmhAAnMxBmgEJRvi2IZBxfGh+cTjo/D6RRkVi bFbFw/bU8Zkgt/UY0228ijuDvsOMTMgRd97spx6I8gE5/ponzGNv7qvwVFWpIjp1 +g5B5LO6SyojYxT/DMS30gme9N7QDHFJ0z6Sloaa/YlXznMc+7vBb2o2gWbDipa1 lqRhaPxURXisTbSEJljD7PSatUFLCkYvfoJGW7YDGyEbGHVnl4qgvk0GSMPniRaw Cfz5e0yKPtH1SFZOKwnVEpvKdwHTKzq+bMn3lM64NHsvDNKZ/GxhbRHHmSOqucpw QXdeHFB2+tQ0CTt19PWOEwNuG5KZ3kjCPRJmEgc8CAs5cpHkGGboyIxA/ascBD8b zvQbkkzYYn26YQxfMUF5EgnU37iRhYh/9VGTczn2bP5NL8OECVsz//tzAXvoBchD 9RMgzRB7WrnPWochMC2L9ZHfnTU17EomC+OW5WAiPbz0ltf/0UoCX9TrDIESOIzy XQcEYSR894Zyr91y9wy+EC7ib80PLheLq9eluE3loX8VyYsRiSGE2ZD6SBgW2rxy WEjRPFtTUgrIWc7gyfSVKDvUrcCK98VyUGug4GkFbqRpSQUXTAxjv94zpcJbr9Xx 7wWnHqixM9YsHhr98ZaagRiFBaVXZ1bKirXJZySDAhc163kslXRHIE0ux9BysdSE TOsaaxyVzGg=qQjN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 20, 2020
•Low
Red Hat
98
security advisoryRed HatOpenShiftRed Hat: RHSA-2020-3520-01 Moderate: OpenShift 4.5.7 Disk DOS Issue
An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.5.7 openshift-enterprise-hyperkube-container security update Advisory ID: RHSA-2020:3520-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:3520 Issue date: 2020-08-24 CVE Names: CVE-2020-8557 ==================================================================== 1. Summary: An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for release 4.5.7, for important instructions on how to upgrade your cluster and fully apply this asynchronouserrata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.5/html/release_notes/ocp-4-5-release-notes Details on how to access this content are available at - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1835977 - CVE-2020-8557 kubernetes: Node disk DOS by writing to container /etc/hosts 5. References: https://access.redhat.com/security/cve/CVE-2020-8557 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX0PYltzjgjWX9erEAQiHsQ//ahHsMzyCOLpixW5DzSxZvTd3Yh/o0i7l OBYF7p3d5PanxtpkbHAVwQdgQPA2CRH/6c+V3QAZHp04qNSRZyzyt3TBoIqYvwxi 5Nmh7mOOjQ3vLfPcMqHLonqkx48m2558XdQCjYMpbWqoaf/SbMGeBcJzG+9uOU66 LsvHZy/ZU0giYV5LgMhdHBWgn61mP/gzrM1316A+dAzEO5nk6uiEzwZU2NRAnFAg XSTZlnQmse+ViMVVVb7Bq6GHOVTrZJi/Az694H3SW3DiKS//6RmR/dirtmPHk6so J7Y7RSTOA/6DFijr74avOHoeOdCF8B9zNVFD9udj1EyvLNXRFGkqO2Mmq+W+Jvdz 4HzslKYo2CjTgGv6tzT2idFmvTfvh8t2YpyUj7u+P2kTWQ8f2oo1Co2O/rJQgNpf rZYjI0UAzsUJC4BCVQU7utfmWVmJhy1fNaNGP9RXnjV2gxflx+kKyuThY4K+1j1H vDFUGF4PBZEXgjUQTeMlw61X15RNPCOhCxzmBPYs5EZRqFdz5CSSLGQzHlvtRj4x r1N2QebZbtCdj19uvLXfLZcIU4PbzJFkX5GoIVAzYXW7KE7pLLrSmyehE/f9KOG7 4AL77l4euKHD+k0JhRBhwzJprGf6kmvCTvSK/zqgvbxPKuYupDeNaVgHfPFPREx6 nimjSZL0ooU=M5xs -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 24, 2020
•Important
Red Hat
98
security advisoryimportantxssRed Hat OpenShift 3.11: RHSA-2019-1423-01 Important Jenkins Security Issues
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update Advisory ID: RHSA-2019:1423-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2019:1423 Issue date: 2019-06-10 Cross references: CVE-2019-1003040 CVE-2019-1003041 CVE-2019-1003042 CVE Names: CVE-2019-1003040 CVE-2019-1003041 CVE-2019-1003042 ==================================================================== 1. Summary: An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.11 - noarch 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix(es): * jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (CVE-2019-1003040) * jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (CVE-2019-1003041) * jenkins-plugin-lockable-resources: XSS vulnerability in Lockable Resources Plugin(CVE-2019-1003042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/3.11/html/release_notes/release-notes-ocp-3-11-release-notes 5. Bugs fixed (https://bugzilla.redhat.com/): 1694532 - CVE-2019-1003040 jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353) 1694536 - CVE-2019-1003041 jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353) 1694538 - CVE-2019-1003042 jenkins-plugin-lockable-resources: XSS vulnerability in Lockable Resources Plugin (SECURITY-1361) 6. Package List: Red Hat OpenShift Container Platform 3.11: Source: jenkins-2-plugins-3.11.1553788831-1.el7.src.rpm noarch: jenkins-2-plugins-3.11.1553788831-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-1003040 https://access.redhat.com/security/cve/CVE-2019-1003041 https://access.redhat.com/security/cve/CVE-2019-1003042 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXP6MWdzjgjWX9erEAQhuGQ/9FGnt40hw+2q9K/76q+3Scxk8WrphDpoP e87vKWxQDNwlJaiXkdiaxGtTfCCNDE2CAtrNZjdqxXqZvGlnGEbsqZbbiUjirf1I w6nepMQ3YIPw7zwii/VoN51EWqyFVUByQMztCvMoQ2XscJhbCghjMuuan9pi2pGD jgQB9wm03micMAakiDnNW3z1H9Au3U7zb0hFJPAyy97qpuK2xt5+1bCrITTbPqxN BWubEGs1YnzjtpmaPlk6Mo7ZauoMOmQTIIQyrxBP6KnMbtUVbYIyt35qe7E5Uv6k cTwqEhVXEgfhmYgFGDq1kUvP+lL4/5uRC6rTtVhp6ynihQNvjoyMQ9utFFyoT7fc V4PnT/yqJy8k68T21sSJS/bjOFZ8/1I9A7ZjczSRS+a+/b2aF32IyWD4brSTGasX Jh7t+EGVSOJ15bDIz6rmonRjF2aXuvHeJN6kbX42QTNXh6uxXAPqdgPNWYS55cA0 3rYXT+g6HQIdIwV4feN8nf3rZxBanA2XfknZ7DLBVJtfrDLh1iqCwUiWkk0Py8Iv akcQFz9f8xHdVIQfKUReutZl8APZV+DJV/tPtPmYO43YVs2OF5zlSVEAnS0s/1p2 ePFIvQgLVO9RC2MTI11W7F9hOATwlYx1YVQrBikRKPFNXLsOlMA/VA4hj4l1ur61 juBEKOWGcQQ=Xb9M -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 10, 2019
•Important
Red Hat
98
security advisorymoderatebug fixRedHat: RHSA-2019-0917 Moderate: OpenStack-Cinder Security Update
An update for openstack-cinder is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security and bug fix update Advisory ID: RHSA-2019:0917-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:0917 Issue date: 2019-04-30 CVE Names: CVE-2017-15139 ==================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fibre Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * openstack-cinder: Data retained after deletion of a ScaleIO volume (CVE-2017-15139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, image operations in cinder failed dueto file I/O issues. With this update, you can create volumes from an image in cinder without file I/O issues. (BZ#1476213) * Previously, the cinder logs contained fixed_key value. With this update, the fixed_key value is not logged. (BZ#1655742) * Previously, it was not possible to attach a volume on the host due to an issue with 3PAR driver and Fibre Channel World Wide Name. With this update, you can attach Fibre Channel volumes even with a wrong host configuration at the backend. (BZ#1667997) * Previously, only admin users could set the Volume Type in the glance image using cinder_img_vol_type custom property. With this update, non-admin users can also set the Volume Type in a glance image. (BZ#1671260) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1476213 - [OSP10] Cinder Volume lose MySQL connection during query under heavy load 1599899 - CVE-2017-15139 openstack-cinder: Data retained after deletion of a ScaleIO volume 1655742 - [OSP10] fixed_key value is logged in the cinder logs 1671260 - Glance image custom property is not implemented outside the Image's Project (owner) 6. Package List: Red Hat OpenStack Platform 10.0: Source: openstack-cinder-9.1.4-50.el7ost.src.rpm noarch: openstack-cinder-9.1.4-50.el7ost.noarch.rpm python-cinder-9.1.4-50.el7ost.noarch.rpm python-cinder-tests-9.1.4-50.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-15139 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXMiAkNzjgjWX9erEAQi44xAApZVIQ01xwGpLKoRmLUaYHmh8WGazeNFq MDOIqUkPb4RkTXmI+un9FBBBx/4z68cic8nc/mv9gOHtjGwmnRl8b7G16XMhMp/E PHOiuDTZWJn3n3czg6txX5wdCyF/Mo/tLn3iVsN+yxZMJJUVraPmYpJG7tvxV8nA iyInen/7h38FzvswiVGLzxnmUom7RrtVoj0OpOc3L4/r9UnELI/dX2/wAJLQjzqt ++Fxk69Gsy8vD1K76gTkC6Ke0+q5nc40uSjllzuTAIf44XW0h9MJi3P4WyghqKs4 S/J9OnlP2HwodJMRvAtqabWiJeNvHFmIPPWZlnRB8eDhFDiHJJTv9Kd9kZyUlpA6 5MxZdqyexc4QafbqLAYITxx6RXoqZ0YYrYh7JtwOsbEVd9PgZCHQaqO++yNVzLZY Twph513hdCQLydg3hDl2Ue7aJQd7u3St7M6IZCM39Clpfchn8TZJJayKI+k5B5CW Acrrj0fyTvigyYjziP1IUV4Zqb+YfDoOqVUH4ndgJ8pkwqYdRNBbtLJnz4QyYQHj Sf+C0S2Yi5Pq80hKjr6krKefDOCEh6m8EQy6XuZ7dGYqxZmJXEM0qY2vw1vhbyaB jDzocvRuzWB3noXIMUFlK1j0FnUvodbDX/c3ka+3C9AgCJMleQKT4/Jaq38Q5R/t FvGAQfkUC6g=doWl -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 30, 2019
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!