-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.5.37 security update Advisory ID: RHSA-2021:1016-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1016 Issue date: 2021-04-13 CVE Names: CVE-2020-15586 CVE-2020-16845 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.5.37 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.5 - noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.5.37. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1015 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor Security Fix(es): * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.5/updating/updating-cluster - -cli.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1944040 - Placeholder bug for OCP 4.5.z rpm release 6. Package List: Red Hat OpenShift Container Platform 4.5: Source: kubefed-client-4.5.0-202002271711.git.2.3bd46d6.el7.src.rpm openshift-eventrouter-0.2-5.git7c289cc.el7.src.rpm ppc64le: kubefed-client-4.5.0-202002271711.git.2.3bd46d6.el7.ppc64le.rpm openshift-eventrouter-0.2-5.git7c289cc.el7.ppc64le.rpm openshift-eventrouter-debuginfo-0.2-5.git7c289cc.el7.ppc64le.rpm s390x: kubefed-client-4.5.0-202002271711.git.2.3bd46d6.el7.s390x.rpm openshift-eventrouter-0.2-5.git7c289cc.el7.s390x.rpm openshift-eventrouter-debuginfo-0.2-5.git7c289cc.el7.s390x.rpm x86_64: kubefed-client-4.5.0-202002271711.git.2.3bd46d6.el7.x86_64.rpm openshift-eventrouter-0.2-5.git7c289cc.el7.x86_64.rpm openshift-eventrouter-debuginfo-0.2-5.git7c289cc.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.5: Source: ignition-0.35.1-12.rhaos4.5.gitb4d18ad.el8.src.rpm podman-1.9.3-2.rhaos4.5.el8.src.rpm skopeo-1.1.1-2.rhaos4.5.el8.src.rpm noarch: podman-docker-1.9.3-2.rhaos4.5.el8.noarch.rpm ppc64le: containers-common-1.1.1-2.rhaos4.5.el8.ppc64le.rpm ignition-0.35.1-12.rhaos4.5.gitb4d18ad.el8.ppc64le.rpm ignition-debuginfo-0.35.1-12.rhaos4.5.gitb4d18ad.el8.ppc64le.rpm ignition-debugsource-0.35.1-12.rhaos4.5.gitb4d18ad.el8.ppc64le.rpm ignition-validate-0.35.1-12.rhaos4.5.gitb4d18ad.el8.ppc64le.rpm ignition-validate-debuginfo-0.35.1-12.rhaos4.5.gitb4d18ad.el8.ppc64le.rpm podman-1.9.3-2.rhaos4.5.el8.ppc64le.rpm podman-debuginfo-1.9.3-2.rhaos4.5.el8.ppc64le.rpm podman-debugsource-1.9.3-2.rhaos4.5.el8.ppc64le.rpm podman-remote-1.9.3-2.rhaos4.5.el8.ppc64le.rpm podman-remote-debuginfo-1.9.3-2.rhaos4.5.el8.ppc64le.rpm podman-tests-1.9.3-2.rhaos4.5.el8.ppc64le.rpm skopeo-1.1.1-2.rhaos4.5.el8.ppc64le.rpm skopeo-debuginfo-1.1.1-2.rhaos4.5.el8.ppc64le.rpm skopeo-debugsource-1.1.1-2.rhaos4.5.el8.ppc64le.rpm skopeo-tests-1.1.1-2.rhaos4.5.el8.ppc64le.rpm s390x: containers-common-1.1.1-2.rhaos4.5.el8.s390x.rpm ignition-0.35.1-12.rhaos4.5.gitb4d18ad.el8.s390x.rpm ignition-debuginfo-0.35.1-12.rhaos4.5.gitb4d18ad.el8.s390x.rpm ignition-debugsource-0.35.1-12.rhaos4.5.gitb4d18ad.el8.s390x.rpm ignition-validate-0.35.1-12.rhaos4.5.gitb4d18ad.el8.s390x.rpm ignition-validate-debuginfo-0.35.1-12.rhaos4.5.gitb4d18ad.el8.s390x.rpm podman-1.9.3-2.rhaos4.5.el8.s390x.rpm podman-debuginfo-1.9.3-2.rhaos4.5.el8.s390x.rpm podman-debugsource-1.9.3-2.rhaos4.5.el8.s390x.rpm podman-remote-1.9.3-2.rhaos4.5.el8.s390x.rpm podman-remote-debuginfo-1.9.3-2.rhaos4.5.el8.s390x.rpm podman-tests-1.9.3-2.rhaos4.5.el8.s390x.rpm skopeo-1.1.1-2.rhaos4.5.el8.s390x.rpm skopeo-debuginfo-1.1.1-2.rhaos4.5.el8.s390x.rpm skopeo-debugsource-1.1.1-2.rhaos4.5.el8.s390x.rpm skopeo-tests-1.1.1-2.rhaos4.5.el8.s390x.rpm x86_64: containers-common-1.1.1-2.rhaos4.5.el8.x86_64.rpm ignition-0.35.1-12.rhaos4.5.gitb4d18ad.el8.x86_64.rpm ignition-debuginfo-0.35.1-12.rhaos4.5.gitb4d18ad.el8.x86_64.rpm ignition-debugsource-0.35.1-12.rhaos4.5.gitb4d18ad.el8.x86_64.rpm ignition-validate-0.35.1-12.rhaos4.5.gitb4d18ad.el8.x86_64.rpm ignition-validate-debuginfo-0.35.1-12.rhaos4.5.gitb4d18ad.el8.x86_64.rpm podman-1.9.3-2.rhaos4.5.el8.x86_64.rpm podman-debuginfo-1.9.3-2.rhaos4.5.el8.x86_64.rpm podman-debugsource-1.9.3-2.rhaos4.5.el8.x86_64.rpm podman-remote-1.9.3-2.rhaos4.5.el8.x86_64.rpm podman-remote-debuginfo-1.9.3-2.rhaos4.5.el8.x86_64.rpm podman-tests-1.9.3-2.rhaos4.5.el8.x86_64.rpm skopeo-1.1.1-2.rhaos4.5.el8.x86_64.rpm skopeo-debuginfo-1.1.1-2.rhaos4.5.el8.x86_64.rpm skopeo-debugsource-1.1.1-2.rhaos4.5.el8.x86_64.rpm skopeo-tests-1.1.1-2.rhaos4.5.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHYqe9zjgjWX9erEAQibBxAAorJpj7QrP24Kd3x4PBaXlV/W4fRpFTr/ ncUNzel/o8R4RMSnwl3QvpMcdlLeg2GTcWIZybIfXt5pmLtf27pWQVYf1mkd9WNw +r00r3I7RAAi0rrU1GKGEURbskY7ohV4F4Y79pD8NaPQSDulQz79GEG8BIb6t18i I+4HUpNfgkVz8HcjTheHTH1TLqspw/OnruCVJQnFmIjOTc51xzjRIM7b8pHxtKoW TZQO0+PmUachXhjQfVGfXhFwi4byW395CYZKMMJJxA5nEsHSz+egsv/+UFesZ4mQ dqvAwealCF/fuIhE/d2V4rmOpPTHrB/ocA5UaAuLYKA3/3AKm3JfU8okgvcMuIm9 RtfxuEEz78Itk7mVXCYW5g1EvBEqHzqxYFR/98qZQfJJUucKM5zJchA0B6mqHSMy JSmnXUT9n/rlh+3ijzBJcuEFQF0ZlBhdiQp+lj/1z0v11cArVH8u7syTezKYGkrg 9O2HLm94jb3sTJ7pAhV0VgcKhGSVrw6lOiff5JMrCGOxyxLC+WKsAwbMp0Suecpg DqzrlOGef+s5FU8meVqRtqAEyrnEXczuk4p5dbqepWnPT2J9pT2S5gnTvMz097C7 ECdluqA/cWhsIeeATJgyVp/z2XAswrccfper31KkZtQxUCM5EcApRJcDxqzW0Nwt uMCoCyDOn0s= =ThE8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce