RHBA-2020:2052 - Bug Fix Advisory

Topic

Updated 3scale-amp2/apicast-gateway-rhel8 container image is now available for 3scale API Management.

Description

The 3scale-amp2/apicast-gateway-rhel8 container image has been updated for 3scale API Management to address the following security advisory: RHSA-2020:1769 (see References)

Users of 3scale-amp2/apicast-gateway-rhel8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The 3scale API Management container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat 3scale API Management Platform 2 for RHEL 8 x86_64
• Red Hat 3scale API Management Platform 2 for RHEL 7 x86_64

Fixes

• BZ - 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
• BZ - 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service
• BZ - 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
• BZ - 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
• BZ - 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
• BZ - 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c
• BZ - 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol.
• BZ - 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
• BZ - 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
• BZ - 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS
• BZ - 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)
• BZ - 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS
• BZ - 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
• BZ - 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
• BZ - 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
• BZ - 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel.

CVEs

(none)

References

• https://access.redhat.com/errata/RHSA-2020:1769
• https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/3scale-amp2/apicast-gateway-rhel8