Issued:: 2019-09-11
Updated:: 2019-09-11

RHSA-2019:2690 - Security Advisory

Overview
Updated Packages

Synopsis

Important: OpenShift Container Platform 3.10 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages and images.

Solution

For OpenShift Container Platform 3.10 see the following documentation,
which will be updated shortly for release 3.10.170, for important
instructions on how to upgrade your cluster and fully apply this
asynchronous errata update:

https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html

Affected Products

Red Hat OpenShift Container Platform 3.10 x86_64
Red Hat OpenShift Container Platform for Power 3.10 ppc64le

Fixes

BZ - 1732192 - CVE-2019-11247 kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced
BZ - 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
BZ - 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.10

SRPM
atomic-openshift-3.10.170-1.git.0.8e592d6.el7.src.rpm	SHA-256: 361923743ccfc4f2219df9fd374d35cd9d612d8d6c9ae7dee652ed14f15ad985
x86_64
atomic-openshift-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: 34edb691039564e81b0d7c2c9548aabb1015a3f2207cf2f83554107e86520e64
atomic-openshift-clients-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: a1fbb3f12626afa850d9924f5c54426a798e0d06f0d6ff92fae749f50b279e62
atomic-openshift-clients-redistributable-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: 77632f16474a6a3a66219cd17ff1a6d742e3affc495f504fe62455be393b0520
atomic-openshift-docker-excluder-3.10.170-1.git.0.8e592d6.el7.noarch.rpm	SHA-256: a09aadb7034ffe6c15df2f6bdf4081182e8e9b40553d10bbf10ae8651c01d4c5
atomic-openshift-excluder-3.10.170-1.git.0.8e592d6.el7.noarch.rpm	SHA-256: 2d3036bbc22584ffd45b8e0f451a1adbf2a5ed83b2fde9c87f0a45f6c5df2529
atomic-openshift-hyperkube-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: 814cb640e27a5fc4a0b2733fb41b9e567950915653b6af3013a78fdd0f94a4ed
atomic-openshift-hypershift-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: da1f3c0ced95e72facf22579e4f22faf51f49786480d347df921beda1443fc0b
atomic-openshift-master-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: a169d06f8500aa64fb44f58601aa6b06e129da8dea93e96332f98d99e1b7a86a
atomic-openshift-node-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: 7dab9aba0c87ecbc2a00892ea04ea2ab8363445960211b182c1f0fbf129e647e
atomic-openshift-pod-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: 85e9dadceba1f69b8376aa8ba1a70004c4ae41dc4d9717dae64a4642b23ea74c
atomic-openshift-sdn-ovs-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: 19e4ddebcb304ac4a0e8aa39739a700a8edd9770c90ca2e9c45acb0e5870ed99
atomic-openshift-template-service-broker-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: dc9b7cca0175dde45d101133b8fd0097f68cdd02ed0f1f8e3be47756257a0f4b
atomic-openshift-tests-3.10.170-1.git.0.8e592d6.el7.x86_64.rpm	SHA-256: fdd14da1976163e9443ce041e222a4556a132a73575dfd7225ed9f6751a90ad0

Red Hat OpenShift Container Platform for Power 3.10

SRPM
atomic-openshift-3.10.170-1.git.0.8e592d6.el7.src.rpm	SHA-256: 361923743ccfc4f2219df9fd374d35cd9d612d8d6c9ae7dee652ed14f15ad985
ppc64le
atomic-openshift-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: 1a0cd9bf8f8cf842c25cbde4c36682788fa009e81ec71593a93327a5bd3293a2
atomic-openshift-clients-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: 1e2fceecc35e5197fdd78f1ee0be5c9f0ddec99229bf20e271a757f3da50aa22
atomic-openshift-docker-excluder-3.10.170-1.git.0.8e592d6.el7.noarch.rpm	SHA-256: a09aadb7034ffe6c15df2f6bdf4081182e8e9b40553d10bbf10ae8651c01d4c5
atomic-openshift-excluder-3.10.170-1.git.0.8e592d6.el7.noarch.rpm	SHA-256: 2d3036bbc22584ffd45b8e0f451a1adbf2a5ed83b2fde9c87f0a45f6c5df2529
atomic-openshift-hyperkube-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: 479cc1e0f8d5461d6256a87e91f28010629cbb7789afb5e75a1a0df6ef025b5e
atomic-openshift-hypershift-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: c9d675a508e270f69ceaae29cc200e7f43ff79bf3e83c5cbc63c3fb5785395af
atomic-openshift-master-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: eb2aaefd05400c93cf6b71ebe72fd47cc9c6bbbf24c52ed6b6ae0cbd5abfe100
atomic-openshift-node-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: a0be55352288e9ca4f86aa1161a139a0b3753623ef5bbb7dcb0f7cda77dd8ab4
atomic-openshift-pod-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: cb313847373cd416d17b112861afd146e7f528e22320af218d91fe55f697dc20
atomic-openshift-sdn-ovs-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: 73d64c0ccdc5fef075d5c06209d60214d6a100d5f0ca18124aa8bac06180be87
atomic-openshift-template-service-broker-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: f48b97bdd89211fc7b6477eb7216f39e01663026bf0b4df8d607e12ee76d880c
atomic-openshift-tests-3.10.170-1.git.0.8e592d6.el7.ppc64le.rpm	SHA-256: fb8a7d3951a4fc8baa0abebe86d692cb73dc77a7f70814be0af54171f50766f1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation