-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 3.10 haproxy security update Advisory ID: RHSA-2019:0548-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2019:0548 Issue date: 2019-03-14 CVE Names: CVE-2018-20615 ==================================================================== 1. Summary: An update for haproxy is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.10 - ppc64le, x86_64 3. Description: The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security fix(es): * haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash (CVE-2018-20615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. See the following documentation for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r elease_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1663060 - CVE-2018-20615 haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash 6. Package List: Red Hat OpenShift Container Platform 3.10: Source: haproxy-1.8.17-3.el7.src.rpm ppc64le: haproxy-debuginfo-1.8.17-3.el7.ppc64le.rpm haproxy18-1.8.17-3.el7.ppc64le.rpm x86_64: haproxy-debuginfo-1.8.17-3.el7.x86_64.rpm haproxy18-1.8.17-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-20615 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXIoJkNzjgjWX9erEAQhjwA//eYIHSbujIl7HsET/1pjeh0Lo1iF6gZ0P P4LCLTsUIMaPYg0UNTHUrnYU/9WOuhAtS/X9FxGOV7A4kxxrUmyF2PuLeKIjGW1v 9wHAY1CUkPuq2jN62MCJgCDirqRvRcEo6jD3dcq1kfo3ir2hTpO9qvOImT81Or3H X09062u/z67fgZuCgnzaNvZqAEvHvbyp5RsINDXrOQUQGzR64IGlMKEUvXWiet9x B4kyKJ6L8zq1VjiulswskKmaTlTL0y03e4N8HDZNdNhnLtSrmzTDFVLNi9q9MCPq btbUy7WrteVOIlI/b5bFeaPmIjAqbq1UlWZrYwTL8lKCnvWN2S4TAOLjBugiTy/S trBOZxELi5LfniI4ukrAP2GyelqsbWDgteJVPXTlaIzgp5Vrqgc+VA5mc/0nDZcr ZR2VRYQFPlRAl0PLmrLiCmMuXI1RuuPYAmG+26sjCdRAnDUeVUqAsEctpNNEF2ng 7LO2ULC58vISMxYERuDWwYiSmNBrFt8z8zZUuRYN6VDlxUIx81/Q23wC3S2rIrof MzTB9fFmBrW9bk9NxjnW/4fmgPwI3lVqY2D3VfITe6CSqMoYvw4e4AOBcQo7YD62 yTyS2DFNg9QEqvJ1dYuCRtICy35UevbVAbxfPLq6kly86asRdv6Gdf4+8iv995m5 5MIz9fMPjT04B -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce