Red Hat Product Errata RHBA-2019:2685 - Bug Fix Advisory
Issued:
2019-09-09
Updated:
2019-09-09

RHBA-2019:2685 - Bug Fix Advisory

Synopsis

updated CodeReady Workspaces 1.2.1 container images

Type/Severity

Bug Fix Advisory

Topic

Updated Red Hat CodeReady Workspaces container images are now available in the Red Hat Container Registry.

Description

Red Hat CodeReady Workspaces 1.2.1 provides a cloud-developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development.

This update includes updated container images, which are based on an updated Red Hat Enterprise Linux image that contains fixes for the following security issues: CVE-2019-1125, CVE-2019-13272.

This update includes the following images:

codeready-workspaces-stacks-cpp-rhel8-container-1.2-5.1567586609
codeready-workspaces-stacks-python-rhel8-container-1.2-6.1567586611
codeready-workspaces-stacks-golang-rhel8-container-1.2-5.1567586612
codeready-workspaces-stacks-php-rhel8-container-1.2-8.1567586612
codeready-workspaces-stacks-node-rhel8-container-1.2-16.1567586612

All users of the Red Hat CodeReady Workspaces container images are advised
to pull these updated images from the Red Hat Container Registry.

Solution

The container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available on the pages of the respective images in the Red Hat Container Catalog as listed in the References section.

Dockerfiles and scripts should be amended either to refer to this new image specifically or to the latest image generally.

Affected Products

  • Red Hat Developer Tools (for RHEL Server) 1 x86_64

Fixes

  • BZ - 1724389 - CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability
  • BZ - 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.