Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:2769 - Security Advisory
Issued:
2019-10-24
Updated:
2019-10-24

RHSA-2019:2769 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 3.9 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An security update is now available for Red Hat OpenShift Container Platform 3.9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains RPM packages for Red Hat OpenShift Container
Platform 3.9, which have been rebuilt with an updated version of golang.

Security Fix(es):

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
  • kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For OpenShift Container Platform 3.9 see the following documentation, which
will be updated shortly for release 3.9.100, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

Affected Products

  • Red Hat OpenShift Container Platform 3.9 x86_64

Fixes

  • BZ - 1732192 - CVE-2019-11247 kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced
  • BZ - 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
  • BZ - 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth

CVEs

  • CVE-2019-9512
  • CVE-2019-9514
  • CVE-2019-11247

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.9

SRPM
ansible-service-broker-1.1.20-2.el7.src.rpm SHA-256: 5b0a6fee75433a30f46b71edcd26f217eaf399a1ac3f7cec1816251878a4176f
atomic-openshift-3.9.101-1.git.0.150f595.el7.src.rpm SHA-256: ba1caab1a4432d8e7cb57c1c08fa8924bd10f4a4ba1fa48a91bca7a87b0ab35f
atomic-openshift-descheduler-3.9.13-2.git.267.bb59a3f.el7.src.rpm SHA-256: 1d23928fb0905732851686b97f370d3b82c23485c4721ec343f728e131042af5
atomic-openshift-node-problem-detector-3.9.13-2.git.167.5d6b0d4.el7.src.rpm SHA-256: 324d9045913870f69f1d3ee472e4f8fce379edeb2d9bc3d08cf4cb9a1df24757
atomic-openshift-web-console-3.9.101-1.git.1.601c6d2.el7.src.rpm SHA-256: f8ccd843aba07085785368e636722770f6186e00ec7ecb3f408c1d1cc9c46615
cockpit-195-2.rhaos.el7.src.rpm SHA-256: b0faa6a526fd2b696d5cb080f6448d0da2b5df0848ec743e179763c559252f48
containernetworking-plugins-0.5.2-6.el7.src.rpm SHA-256: d5c121805d6be89470975b0872663172ecf8b7fdbf6dbf443f841b6a43b2f46e
cri-o-1.9.16-3.git858756d.el7.src.rpm SHA-256: 04e62e7a899366f6e9e8a22f6af0a9d04e1edc2f515ae17c4d3739bfc9ce2733
cri-tools-1.0.0-6.rhaos3.9.git8e6013a.el7.src.rpm SHA-256: 6de94c36693942405d0f2a9c82bd9ec36b9d6429476c8d2f6cb74d8326925bef
golang-github-openshift-oauth-proxy-2.1-3.git885c9f40.el7.src.rpm SHA-256: a4183ed11dc9faa28486a21b88d84183dcb83804199ddb31fbc74c5a81905da8
golang-github-openshift-prometheus-alert-buffer-0-3.gitceca8c1.el7.src.rpm SHA-256: 1f39b5641a985f835d6ad1cb62e6919ae1edfa882dc3c2f5cb00f20c8d247b5a
golang-github-prometheus-alertmanager-0.14.0-2.git30af4d0.el7.src.rpm SHA-256: da882dc8d247ee5d09d3de7dfd55bbaa59d9b7086912dfc286076a396b3b2410
golang-github-prometheus-node_exporter-3.9.101-1.git.1.8295224.el7.src.rpm SHA-256: 1c54f65885fda9c5ab6338f0264e278731a1b8804155e176bf9f27c0f80c1ceb
golang-github-prometheus-prometheus-2.2.1-2.gitbc6058c.el7.src.rpm SHA-256: a981c99c74b9efb06b30d7a73f5eeb858c21b3e5291864eab2f5ea9ab5ff8835
golang-github-prometheus-promu-0-5.git85ceabc.el7.src.rpm SHA-256: 10625fd90e813c07c5d0e6fdc82f7f875476acff9972cb635641ccd7a2a87904
hawkular-openshift-agent-1.2.2-3.el7.src.rpm SHA-256: b74704c11e2c37fe5306b6910412015443b7be9abab75816c0f7bb13a912b4bd
heapster-1.3.0-4.el7.src.rpm SHA-256: 42ea0fdb8fab301797f10d97ad586d044c8a558d5efdeae6bc6e99f846193650
image-inspector-2.1.3-2.el7.src.rpm SHA-256: 4897291716613496d42802b12566f664e0c2baa4be49211ce6495454de293f57
openshift-enterprise-image-registry-3.8.0-2.git.216.b6b90bb.el7.src.rpm SHA-256: 45173424392b155a1eaa3d0cb466e153484a2737c1d63c31656ea73050438cba
openshift-eventrouter-0.1-3.git5bd9251.el7.src.rpm SHA-256: 68aa57dbb1d254c870e7460658f97490eeba8d0da0ffe4094866a5acf0c0f589
openshift-external-storage-0.0.1-9.git78d6339.el7.src.rpm SHA-256: ebf4cbd83223d492b98c9a788490f6b16ef1d8fab482481b02c683208ffad653
openvswitch-ovn-kubernetes-0.1.0-3.el7.src.rpm SHA-256: f6159d12e0da99cfa244837bfa4adba6b8233dfc907fcae1a88a9b94f6b0f3ba
x86_64
ansible-service-broker-1.1.20-2.el7.x86_64.rpm SHA-256: f820df3cf9140a81a9ef5e46b5684c014aa372689471f3753c988fde5c4d169c
ansible-service-broker-container-scripts-1.1.20-2.el7.noarch.rpm SHA-256: 17a6658b60dca7dbe6ea0a5274bcad5ee3aed9b1cd6051d0515571f464c79191
ansible-service-broker-selinux-1.1.20-2.el7.noarch.rpm SHA-256: 8654232bbb333b9d9b8b73a1a21323915ab7aeab2b8c22851baf4d46c50f75ce
atomic-openshift-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 52cb90d243035b1a34487f9830af5753957614f348f822979ef301e72d5fe7fd
atomic-openshift-clients-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: d8914e06033922e6e50cf8b156ddca9ee2b12f48d202a575b8d6afa8c5a18663
atomic-openshift-clients-redistributable-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: c202c2b36233b63e2a1821b007b7da6bccc534f5a563982472f56900deb84cb8
atomic-openshift-cluster-capacity-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 0beeb1a8bc20a2a7f120cca6bce6711babceea803f290703d2090d58464fd30d
atomic-openshift-descheduler-3.9.13-2.git.267.bb59a3f.el7.x86_64.rpm SHA-256: 8c5b0f3aca576a210b598dedf269396f5231e434cce15d7df2a81144c4da1c12
atomic-openshift-docker-excluder-3.9.101-1.git.0.150f595.el7.noarch.rpm SHA-256: 33d86bc3efca955a20ba98e615d66463c8558644d55b49c186b68946909891bd
atomic-openshift-dockerregistry-3.9.101-1.git.1.13625cf.el7.x86_64.rpm SHA-256: 9204eebde6cbebe6af90a8ec3f7c250466f483e29c985cd82d782205a7d1788f
atomic-openshift-excluder-3.9.101-1.git.0.150f595.el7.noarch.rpm SHA-256: 520c1e605be486429d1586cf13c5daac3c9ecc4c68bcdbb834a006548fe8e5cb
atomic-openshift-federation-services-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 4ea7248671ca94f6c1a26f82918d55976192ce939dcba6697a90777c7004aa8e
atomic-openshift-master-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: ab0f3a167de8741688dda0d49dac1a8540879077efd00b3d79e13ef58694a78c
atomic-openshift-node-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 853a02bbeb3199acdbec2bb76be5edc943428c14d9043463a263a4407f52f9ff
atomic-openshift-node-problem-detector-3.9.13-2.git.167.5d6b0d4.el7.x86_64.rpm SHA-256: e1a8a7567b1a08a5a74b9960d537679216e8835580bb684b91e405b889a42e56
atomic-openshift-pod-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: a5a370f554b28314666f854f98ae90be9d937fcc2a823972506a43797d6ce30c
atomic-openshift-sdn-ovs-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 9dbc9152bf0f7a13508f7c5437eaf519a840f4d074300588922e03f5a58ee900
atomic-openshift-service-catalog-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 34b40d755faaca69e56891f10217bd8577c7df8931d1419491094d27ca6485a0
atomic-openshift-template-service-broker-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: d0bd053724c2f639774e3d3ecc8f22aa6cae8b6ac2b4795adc72ebc045abd916
atomic-openshift-tests-3.9.101-1.git.0.150f595.el7.x86_64.rpm SHA-256: 21fa6d95115585ebc31fb0d16de48ef6d846a1dff08a567053ebce39aafd8b88
atomic-openshift-web-console-3.9.101-1.git.1.601c6d2.el7.x86_64.rpm SHA-256: a6a6f75a958a586d94e598d05ba37586ac63328c89212a59c36f83952ca04fa9
cockpit-debuginfo-195-2.rhaos.el7.x86_64.rpm SHA-256: 60b1941e8151ce1b4492695bf427187014492a8c5e9b04f6f4399063d30bf373
cockpit-kubernetes-195-2.rhaos.el7.x86_64.rpm SHA-256: ed044fd7373953c6d5457417c44e1cdf6c652b803bc7c8242e5168ed138a6680
containernetworking-plugins-0.5.2-6.el7.x86_64.rpm SHA-256: 5db904b1acf1bc0df025351476c2729487c93dbaf4bd4e6d1de66e67a37725e8
containernetworking-plugins-debuginfo-0.5.2-6.el7.x86_64.rpm SHA-256: 820a68cf56181495e5abf2eb054b009c88002e4b2d9669ddaf25ebaf00620772
cri-o-1.9.16-3.git858756d.el7.x86_64.rpm SHA-256: 8c4dabe6df905910c127dc3679a4f4be632604d77609e5bcca28629dda8761dc
cri-o-debuginfo-1.9.16-3.git858756d.el7.x86_64.rpm SHA-256: d891eea80f4d30832c403f6b5f54b299a671a476858c493045bc5b1f99c7fdd5
cri-tools-1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64.rpm SHA-256: dd633a26334c39b3e9ce7fef9d21e45294fce1defd0696ad6848e9f505dbc1c3
cri-tools-debuginfo-1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64.rpm SHA-256: 20bc9ae93cbc134841c138066486b708e6c79fb03286929abee124bafa37d46e
golang-github-openshift-oauth-proxy-2.1-3.git885c9f40.el7.x86_64.rpm SHA-256: 72ae296005dc5691166c5872e05e3d98e624f0ddbbe2d844920d83cf815241c1
golang-github-openshift-prometheus-alert-buffer-0-3.gitceca8c1.el7.x86_64.rpm SHA-256: da8997ad505eaeae28083d1f27ceecb033d341ea62b55cff4540acb0499f5b19
golang-github-prometheus-promu-0-5.git85ceabc.el7.x86_64.rpm SHA-256: d7507eafcae8c7194c17a1883ed969f77518f26f0c378a0324496799b56fc693
hawkular-openshift-agent-1.2.2-3.el7.x86_64.rpm SHA-256: 0c600a7f5087c41340c192e87105695c60c102ae95e1bf646da373b9f9419977
heapster-1.3.0-4.el7.x86_64.rpm SHA-256: d92413580781c9fb8b040b4aa896adc6e85e02dc28eab3314f0da19acdf11011
image-inspector-2.1.3-2.el7.x86_64.rpm SHA-256: 6e1795bfcc28ce73a291da8198efd8a91e244f79572348bff393e3dfa0434715
openshift-enterprise-image-registry-3.8.0-2.git.216.b6b90bb.el7.x86_64.rpm SHA-256: be2701f716a7d71fe60850135fe2be18d562408c29f70eb1d3010f49e1cba722
openshift-eventrouter-0.1-3.git5bd9251.el7.x86_64.rpm SHA-256: bd8913fd37018556dd5bb5315fd4a1a93d33658c6e701a6418a544245733b77e
openshift-eventrouter-debuginfo-0.1-3.git5bd9251.el7.x86_64.rpm SHA-256: d57e52da48ca823d8ac5a4fa5ec94fa3afa0cde7b6ae12771d183b54bc356ad6
openshift-external-storage-debuginfo-0.0.1-9.git78d6339.el7.x86_64.rpm SHA-256: 25160c9e0ac4866c844a53e5180c662bd1dad9fc32a1f4c798dccc7d84a1a36a
openshift-external-storage-efs-provisioner-0.0.1-9.git78d6339.el7.x86_64.rpm SHA-256: 6362fb5e949cd7a3683fb3cc2ccc35d02acd0ccd1897647af915352cb3683c17
openshift-external-storage-local-provisioner-0.0.1-9.git78d6339.el7.x86_64.rpm SHA-256: 4ef304ba621ce9b45418c5a92b3e2c55a0be90c0d91f640736405818bf4bbdc2
openshift-external-storage-snapshot-controller-0.0.1-9.git78d6339.el7.x86_64.rpm SHA-256: bd1d0c408e339a0e56a347a0d1d390076955a1eee8fff2ff32bc35c95869dec2
openshift-external-storage-snapshot-provisioner-0.0.1-9.git78d6339.el7.x86_64.rpm SHA-256: bc216a0bad422f8ba73b699889fb940e0f8dceb924eeb32a03f00d4ee045da6d
openvswitch-ovn-kubernetes-0.1.0-3.el7.x86_64.rpm SHA-256: c7470a11ea10c640d305f15fcea21993cfa6cdcfc401dbaab9cb937f5a6f7494
prometheus-2.2.1-2.gitbc6058c.el7.x86_64.rpm SHA-256: 13843ddf5f27bff3c961e8cf53facea7dc59b3668c4586d0ab421b00f89edde1
prometheus-alertmanager-0.14.0-2.git30af4d0.el7.x86_64.rpm SHA-256: eafb9e867564b413a4f43a8a4b37cfad1ddb25e2d1d276befd1d501f63ab169f
prometheus-node-exporter-3.9.101-1.git.1.8295224.el7.x86_64.rpm SHA-256: 338c9dfa9257d24535f8d7b970c367b94fe818b24623631580c3fbb13465a1ba
prometheus-promu-0-5.git85ceabc.el7.x86_64.rpm SHA-256: 9be8ee087c39ac9655b60b212ecf0e432bd3a9d68bfe2a210dfab8ce49e99b67

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility