Red Hat Product Errata RHSA-2020:2443 - Security Advisory
Issued:
2020-06-17
Updated:
2020-06-17

RHSA-2020:2443 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.3.25 containernetworking-plugins security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for containernetworking-plugins is now available for Red Hat OpenShift Container Platform 4.3.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • containernetworking/plugins: A vulnerability in IPv4 networking implementations allowed malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks by redirecting traffic to the malicious container with “rogue” IPv6 router advertisements. (CVE-2020-10749)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.25, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.

Affected Products

  • Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.3 for RHEL 7 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 7 s390x

Fixes

  • BZ - 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

Red Hat OpenShift Container Platform 4.3 for RHEL 8

SRPM
containernetworking-plugins-0.8.6-1.rhaos4.3.el8.src.rpm SHA-256: 231fd72cbb03d8ef3d4764379687af2a32b6b7d7a7ee9f5a81364eea00381b55
x86_64
containernetworking-plugins-0.8.6-1.rhaos4.3.el8.x86_64.rpm SHA-256: 43b3ad89039cd743a3744711c47bbac1c70c091dc0e75c1d859f0f8fae7c1b33
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.3.el8.x86_64.rpm SHA-256: d595501986bd70480cb317ca61d235c2a7329ede594f48d5b7f712d6ee5d90c5
containernetworking-plugins-debugsource-0.8.6-1.rhaos4.3.el8.x86_64.rpm SHA-256: bc876922426fad5ec1226b6ba3c0df364ff6663afa25afcf6438df0105140360

Red Hat OpenShift Container Platform 4.3 for RHEL 7

SRPM
containernetworking-plugins-0.8.6-1.rhaos4.3.el7.src.rpm SHA-256: f4358af496b071743f31306ac0ba6aff702b991a2576c64704216e4df0a6d09b
x86_64
containernetworking-plugins-0.8.6-1.rhaos4.3.el7.x86_64.rpm SHA-256: 4cb3e9591a2951427af155a22a8c01912adc50e9164ca07f3ff9071948f7644a
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.3.el7.x86_64.rpm SHA-256: ad0dd66e3ae34e691252955357c72e08464ade9e1999945d45920130b2ae25cc

Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8

SRPM
containernetworking-plugins-0.8.6-1.rhaos4.3.el8.src.rpm SHA-256: 231fd72cbb03d8ef3d4764379687af2a32b6b7d7a7ee9f5a81364eea00381b55
ppc64le
containernetworking-plugins-0.8.6-1.rhaos4.3.el8.ppc64le.rpm SHA-256: e08a83bc715b235ace2a89937991002becf21947f44db48ac9ced5ec1a1123a5
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.3.el8.ppc64le.rpm SHA-256: 2f1229dc37fe62cd956c9dafa0cd0abb78343f197c2af30770513f69b39f56db
containernetworking-plugins-debugsource-0.8.6-1.rhaos4.3.el8.ppc64le.rpm SHA-256: b9df11af0ae3f146186cee589d9137aad5b851dbedd0faafd21fc4d1980497d0

Red Hat OpenShift Container Platform for Power 4.3 for RHEL 7

SRPM
containernetworking-plugins-0.8.6-1.rhaos4.3.el7.src.rpm SHA-256: f4358af496b071743f31306ac0ba6aff702b991a2576c64704216e4df0a6d09b
ppc64le
containernetworking-plugins-0.8.6-1.rhaos4.3.el7.ppc64le.rpm SHA-256: 3811d57d766e9d4e4695e17872de6a6c056463685486e3ed57c1e9f927a54ff3
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.3.el7.ppc64le.rpm SHA-256: bd866795d94a425dbe581403229469d5a5f0e9cc97dce6b62bc9c71bfcc5a803

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8

SRPM
containernetworking-plugins-0.8.6-1.rhaos4.3.el8.src.rpm SHA-256: 231fd72cbb03d8ef3d4764379687af2a32b6b7d7a7ee9f5a81364eea00381b55
s390x
containernetworking-plugins-0.8.6-1.rhaos4.3.el8.s390x.rpm SHA-256: a386ac156e0841d77b3346a813b8f646b6ce171cbabf43baef7c00a975708ab1
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.3.el8.s390x.rpm SHA-256: 5209b9d22274d30f17cff99342cb760b9bf3c9bc7f4a68cc6349490d41b33924
containernetworking-plugins-debugsource-0.8.6-1.rhaos4.3.el8.s390x.rpm SHA-256: b55350d123e70413ada2e52daa8c1da2232a5a804eb5f9b9031912741ba70cce

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 7

SRPM
containernetworking-plugins-0.8.6-1.rhaos4.3.el7.src.rpm SHA-256: f4358af496b071743f31306ac0ba6aff702b991a2576c64704216e4df0a6d09b
s390x
containernetworking-plugins-0.8.6-1.rhaos4.3.el7.s390x.rpm SHA-256: 8d1467b689454114bc39f54aa64cdea5501dfe411cadd8c37ab7f512733874ee
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.3.el7.s390x.rpm SHA-256: fccb1b8cec088a67d5c691976a4b110f7323af78561815ca86ea7d2dbb3d1e00

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.