RHSA-2019:1245 - Security Advisory
Moderate: Red Hat Quay 3.0.2 security and bug fix update
Security Advisory: Moderate
An update is now available for Red Hat Quay 3.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Red Hat Quay is a secure, private container registry that builds, analyzes
and distributes container images. It provides a high level of automation
- A flaw was found in the way the DES/3DES cipher was used as part of the
TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
- Running Quay in config mode now works in a disconnected option which doesn't require pulling resources from the Internet.
- Quay's security scan endpoint is now enabled at startup for viewing results of Clair container image scans.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
- Red Hat Quay Enterprise 3 x86_64
- BZ - 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
- BZ - 1709477 - Quay 3.0.2 errata
The Red Hat security contact is firstname.lastname@example.org. More contact details at https://access.redhat.com/security/team/contact/.