红帽产品勘误 RHSA-2020:2479 - Security Advisory
发布:
2020-06-18
已更新:
2020-06-18

RHSA-2020:2479 - Security Advisory

概述

Moderate: OpenShift Container Platform 3.11 atomic-openshift security update

类型/严重性

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions (CVE-2017-18367)
  • kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)
  • kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information (CVE-2020-8555)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

See the following documentation, which will be updated shortly for release
3.11.232, for important instructions on how to upgrade your cluster and fully
apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.

受影响的产品

  • Red Hat OpenShift Container Platform 3.11 x86_64
  • Red Hat OpenShift Container Platform for Power 3.11 ppc64le

修复

  • BZ - 1706826 - CVE-2017-18367 libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions
  • BZ - 1819486 - CVE-2019-11254 kubernetes: Denial of service in API server via crafted YAML payloads by authorized users
  • BZ - 1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

Red Hat OpenShift Container Platform 3.11

SRPM
atomic-openshift-3.11.232-1.git.0.a5bc32f.el7.src.rpm SHA-256: 9ea56d045bbd96a67c325168befdd6371e1af7a1db464c710209656637210d45
x86_64
atomic-openshift-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: d7b435af90dc84d118bd55f84dbec7a18cd1f563c7b741c5b5d1b27bbe406a90
atomic-openshift-clients-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: a78139159ae89dbb5b7b00b412e5b1720713b2edd63a16e37d2e65a9c3934a38
atomic-openshift-clients-redistributable-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: 8b7424883ceabb53f35700027d5f0e5626a5982367f0cd12acac9d35ba122517
atomic-openshift-docker-excluder-3.11.232-1.git.0.a5bc32f.el7.noarch.rpm SHA-256: fd3807c93f0171971ef62df954dae4e34a4fce031f5f2f7683bf2a191c649cb6
atomic-openshift-excluder-3.11.232-1.git.0.a5bc32f.el7.noarch.rpm SHA-256: 7b9f9b3e8e855ef41443969eec68a13d4bf0b5b773624c00150613a260fc18c1
atomic-openshift-hyperkube-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: 10444d1db77b17d158763032d7ee0d0d5781e7a82adf33a5e6914fad354d364e
atomic-openshift-hypershift-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: cffccf8d434059f85da03ac29627c04a1290262943b0ae6aa9a0b8e6d04e486d
atomic-openshift-master-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: 66d07453d4e6ae01b4bbbc7e48780ef519e822d09fcdca2fac93f2ef4f191d0e
atomic-openshift-node-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: cf4694b4ba84c18af89070162fb91fe4b763407965e4e8b061b7633ef1e69829
atomic-openshift-pod-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: 048dcf439a5e63946848ee5a967b3ad720c4ef0830561d392f98c6555396dbee
atomic-openshift-sdn-ovs-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: d19fac10fe8aa3eb104f4ecb7a6672ce1eeb3114aeafd9e72238a6159d0f1c95
atomic-openshift-template-service-broker-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: 2a3463386801cf32141c1a39ccab5a93cb8ff81b63d5befe9fe74d9c41634940
atomic-openshift-tests-3.11.232-1.git.0.a5bc32f.el7.x86_64.rpm SHA-256: b51db8d5fddcb38b58453faec72064ad1b7a250498229abe140b8654e046b28d

Red Hat OpenShift Container Platform for Power 3.11

SRPM
atomic-openshift-3.11.232-1.git.0.a5bc32f.el7.src.rpm SHA-256: 9ea56d045bbd96a67c325168befdd6371e1af7a1db464c710209656637210d45
ppc64le
atomic-openshift-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 390ae5378e72c0392549d4238b12f7e082c17db42c9c5c6c93de9b6e4e3f1b9f
atomic-openshift-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 390ae5378e72c0392549d4238b12f7e082c17db42c9c5c6c93de9b6e4e3f1b9f
atomic-openshift-clients-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 3296f7ea115c98c0780bdd584378d801a5594509ba1dc6f7de592103419a47f4
atomic-openshift-clients-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 3296f7ea115c98c0780bdd584378d801a5594509ba1dc6f7de592103419a47f4
atomic-openshift-docker-excluder-3.11.232-1.git.0.a5bc32f.el7.noarch.rpm SHA-256: fd3807c93f0171971ef62df954dae4e34a4fce031f5f2f7683bf2a191c649cb6
atomic-openshift-docker-excluder-3.11.232-1.git.0.a5bc32f.el7.noarch.rpm SHA-256: fd3807c93f0171971ef62df954dae4e34a4fce031f5f2f7683bf2a191c649cb6
atomic-openshift-excluder-3.11.232-1.git.0.a5bc32f.el7.noarch.rpm SHA-256: 7b9f9b3e8e855ef41443969eec68a13d4bf0b5b773624c00150613a260fc18c1
atomic-openshift-excluder-3.11.232-1.git.0.a5bc32f.el7.noarch.rpm SHA-256: 7b9f9b3e8e855ef41443969eec68a13d4bf0b5b773624c00150613a260fc18c1
atomic-openshift-hyperkube-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: c93770a078e093aa756e30eeafcbe7cdb16967aee00bda7dacfb973685a7721a
atomic-openshift-hyperkube-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: c93770a078e093aa756e30eeafcbe7cdb16967aee00bda7dacfb973685a7721a
atomic-openshift-hypershift-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: cc3f36624810b097d4686bd7f81b7d0b6f521a9abe5f3f75d3356428d4c7f690
atomic-openshift-hypershift-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: cc3f36624810b097d4686bd7f81b7d0b6f521a9abe5f3f75d3356428d4c7f690
atomic-openshift-master-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 002b64a9a2b7b8a33b954847dc571a1c1bb190f73208a3af02463dabbe386432
atomic-openshift-master-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 002b64a9a2b7b8a33b954847dc571a1c1bb190f73208a3af02463dabbe386432
atomic-openshift-node-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: dc2533c020c5b119598cdd24a89b56035880cd8d8a520ea794d1f2891e104634
atomic-openshift-node-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: dc2533c020c5b119598cdd24a89b56035880cd8d8a520ea794d1f2891e104634
atomic-openshift-pod-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 185739300596ac67ca793526af478ffc68697032860fb53d1f2bae4f0eea5e73
atomic-openshift-pod-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 185739300596ac67ca793526af478ffc68697032860fb53d1f2bae4f0eea5e73
atomic-openshift-sdn-ovs-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: ca64138e44fa4e6c9204aa7a5df4563cf2d4c1972123e56ba63576afbb71a424
atomic-openshift-sdn-ovs-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: ca64138e44fa4e6c9204aa7a5df4563cf2d4c1972123e56ba63576afbb71a424
atomic-openshift-template-service-broker-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: ba82bb1060b9eb9316e7008eb86efc018306c6b19e0c47eb71316e589e464b0b
atomic-openshift-template-service-broker-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: ba82bb1060b9eb9316e7008eb86efc018306c6b19e0c47eb71316e589e464b0b
atomic-openshift-tests-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 143b10a8c463d0548301e0324aa0439ce26f4051acd7d15343a84ebdf714a457
atomic-openshift-tests-3.11.232-1.git.0.a5bc32f.el7.ppc64le.rpm SHA-256: 143b10a8c463d0548301e0324aa0439ce26f4051acd7d15343a84ebdf714a457

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/