Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat Application Foundations
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:0034 - Security Advisory
Issued:
2021-01-20
Updated:
2021-01-20

RHSA-2021:0034 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.5.27 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.5.27 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release also includes a security update for Red Hat OpenShift Container Platform 4.5.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
  • jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)
  • jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
  • jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin (CVE-2020-2307)
  • jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
  • jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs (CVE-2020-2309)
  • python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.5.27. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2021:0033

All OpenShift Container Platform 4.5 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.

Affected Products

  • Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x

Fixes

  • BZ - 1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP request method
  • BZ - 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not prevententing XML external entity (XXE) attacks
  • BZ - 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not prevententing XML external entity (XXE) attacks
  • BZ - 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure
  • BZ - 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
  • BZ - 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates
  • BZ - 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs
  • BZ - 1913121 - Placeholder bug for OCP 4.5.z rpm release

CVEs

  • CVE-2020-2304
  • CVE-2020-2305
  • CVE-2020-2306
  • CVE-2020-2307
  • CVE-2020-2308
  • CVE-2020-2309
  • CVE-2020-26137

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.5 for RHEL 8

SRPM
cri-o-1.18.4-5.rhaos4.5.gitd655863.el8.src.rpm SHA-256: 6826b0f8b275ec3e8c148a7627a97ca0cfa3816efa6774ba29898aae0618bb5b
machine-config-daemon-4.5.0-202101080743.p0.git.2585.5bf8919.el8.src.rpm SHA-256: 5f0452eab38f3a22a39b3d8bdff6917aa6b642b53172bf523de06becbd1208d5
openshift-4.5.0-202012221738.p0.git.0.9c544e4.el8.src.rpm SHA-256: 8e61148152468bd1058307eb4df4bf5ec5307b8ff0585115e3ff122c69e97dad
openshift-kuryr-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.src.rpm SHA-256: 3e409e78e6c7fd1edcadb4c893b4109a386badafac302cc3c2fdbb96ab17fe01
x86_64
cri-o-1.18.4-5.rhaos4.5.gitd655863.el8.x86_64.rpm SHA-256: 2b32097740cdc430539d5d07b71356c7297010cb027a9fb5d2882ed4cac8a7ea
cri-o-debuginfo-1.18.4-5.rhaos4.5.gitd655863.el8.x86_64.rpm SHA-256: 7aeb780931e49fc2b1c4af09f3a7e1d7be74a7c33e9a924532ecf60f44f6dea1
cri-o-debugsource-1.18.4-5.rhaos4.5.gitd655863.el8.x86_64.rpm SHA-256: fe0126fa628f88d406571fd32139a3e7b37ca51c24bf451cf23e6cc4df23bd45
machine-config-daemon-4.5.0-202101080743.p0.git.2585.5bf8919.el8.x86_64.rpm SHA-256: 2289e2073adc91c13c899fd88ddada31faed9e08057fd0ec11ed793b7934f67d
openshift-hyperkube-4.5.0-202012221738.p0.git.0.9c544e4.el8.x86_64.rpm SHA-256: 32b2ad9dcdd143f1752c59d8b86ca447e4ee72b799f1f53344cbfd0cbb8b7efd
openshift-kuryr-cni-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: 97601934645a404a2c7fb4797d72cce34fada5229d53e6b75926f53da736a07c
openshift-kuryr-common-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: f3489afdff670194da1d9f19a3512d15f2d26515830f9c26fce8dc7b5f0fb56c
openshift-kuryr-controller-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: 86c7704bf04bbc38c4ab7e7c7ba2cdd9d91a78bc5f2af81eafff81fabf727f52
python3-kuryr-kubernetes-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: 05db795292f76b7036852c7a508b106c722c4def75a773e78b61ed4b2ca75700

Red Hat OpenShift Container Platform 4.5 for RHEL 7

SRPM
cri-o-1.18.4-5.rhaos4.5.gitd655863.el7.src.rpm SHA-256: 9eea498c42b374bd84b38f6c5bd2c7b03c85bf360a6965c880045e8cba3b1b9e
jenkins-2-plugins-4.5.1610108899-1.el7.src.rpm SHA-256: 4a541ff91138de6bb71c4f65f1a4eb2827b0445dc0d79229937450dfeba8b98a
openshift-4.5.0-202012221738.p0.git.0.9c544e4.el7.src.rpm SHA-256: a2b33f9bd192013f223ce4c75d23c8abbcf181d7a0a3491aea8646c4303e9253
python-urllib3-1.26.2-1.el7.src.rpm SHA-256: 8fa532a78be9679604c2ca484de918979b70de15cb9812b0487403b10ff8cffd
x86_64
cri-o-1.18.4-5.rhaos4.5.gitd655863.el7.x86_64.rpm SHA-256: b38a9e9cfd2243d9cee06fc7713de18f2a5091ccfd15fb13de66858b1aeec5a2
cri-o-debuginfo-1.18.4-5.rhaos4.5.gitd655863.el7.x86_64.rpm SHA-256: 87145e293470f1b7ac309a4191a473d7b527e83f7621a71a02e376382930b8d9
jenkins-2-plugins-4.5.1610108899-1.el7.noarch.rpm SHA-256: 0761efeda7b4d2cdfbab88865ad1e5bc5f3818c38abd5b7a486a314ba000e835
openshift-hyperkube-4.5.0-202012221738.p0.git.0.9c544e4.el7.x86_64.rpm SHA-256: 1b1099f7dcd3bc9422e1ce8c59dad596bd7553be75941915b54e18b25b3f16d6
python2-urllib3-1.26.2-1.el7.noarch.rpm SHA-256: 87f44adfbf04c62dc6d53d1ec15715c75d9ed1bd4c48236e71451adaa4f5be2e

Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8

SRPM
cri-o-1.18.4-5.rhaos4.5.gitd655863.el8.src.rpm SHA-256: 6826b0f8b275ec3e8c148a7627a97ca0cfa3816efa6774ba29898aae0618bb5b
machine-config-daemon-4.5.0-202101080743.p0.git.2585.5bf8919.el8.src.rpm SHA-256: 5f0452eab38f3a22a39b3d8bdff6917aa6b642b53172bf523de06becbd1208d5
openshift-4.5.0-202012221738.p0.git.0.9c544e4.el8.src.rpm SHA-256: 8e61148152468bd1058307eb4df4bf5ec5307b8ff0585115e3ff122c69e97dad
openshift-kuryr-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.src.rpm SHA-256: 3e409e78e6c7fd1edcadb4c893b4109a386badafac302cc3c2fdbb96ab17fe01
ppc64le
cri-o-1.18.4-5.rhaos4.5.gitd655863.el8.ppc64le.rpm SHA-256: b5723afb6a7ef1935a209723eb1c574609dc3c77d2ff5cab0fd8a3d43f0762dd
cri-o-debuginfo-1.18.4-5.rhaos4.5.gitd655863.el8.ppc64le.rpm SHA-256: 962d428e20340f5022f450161d2633875c3d2b912af214e1334fec075e8e836a
cri-o-debugsource-1.18.4-5.rhaos4.5.gitd655863.el8.ppc64le.rpm SHA-256: b0ddf9cac3ab33bde6d8fa2368265781970fbc85af7076a4ad6ab6ddd862dd37
machine-config-daemon-4.5.0-202101080743.p0.git.2585.5bf8919.el8.ppc64le.rpm SHA-256: 0cad615de0626e2b786b08452fe0463af8449b2d2c1c53b2f1198c45efe9d99f
openshift-hyperkube-4.5.0-202012221738.p0.git.0.9c544e4.el8.ppc64le.rpm SHA-256: 75504a586f4592dcd8e8dff115bab18860398995aea51480554b51e98dd263f0
openshift-kuryr-cni-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: 97601934645a404a2c7fb4797d72cce34fada5229d53e6b75926f53da736a07c
openshift-kuryr-common-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: f3489afdff670194da1d9f19a3512d15f2d26515830f9c26fce8dc7b5f0fb56c
openshift-kuryr-controller-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: 86c7704bf04bbc38c4ab7e7c7ba2cdd9d91a78bc5f2af81eafff81fabf727f52
python3-kuryr-kubernetes-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.noarch.rpm SHA-256: 05db795292f76b7036852c7a508b106c722c4def75a773e78b61ed4b2ca75700

Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7

SRPM
cri-o-1.18.4-5.rhaos4.5.gitd655863.el7.src.rpm SHA-256: 9eea498c42b374bd84b38f6c5bd2c7b03c85bf360a6965c880045e8cba3b1b9e
jenkins-2-plugins-4.5.1610108899-1.el7.src.rpm SHA-256: 4a541ff91138de6bb71c4f65f1a4eb2827b0445dc0d79229937450dfeba8b98a
openshift-4.5.0-202012221738.p0.git.0.9c544e4.el7.src.rpm SHA-256: a2b33f9bd192013f223ce4c75d23c8abbcf181d7a0a3491aea8646c4303e9253
python-urllib3-1.26.2-1.el7.src.rpm SHA-256: 8fa532a78be9679604c2ca484de918979b70de15cb9812b0487403b10ff8cffd
ppc64le
cri-o-1.18.4-5.rhaos4.5.gitd655863.el7.ppc64le.rpm SHA-256: 0e5646a3bbd5f3f3cd8d17493c948cd7743e7682ffa919c00f6d991acbe947ec
cri-o-debuginfo-1.18.4-5.rhaos4.5.gitd655863.el7.ppc64le.rpm SHA-256: d26b5410c0a2ec3dce1faf43bebc4c8f3d0b0b06f4b33099eb92ad4502f73702
jenkins-2-plugins-4.5.1610108899-1.el7.noarch.rpm SHA-256: 0761efeda7b4d2cdfbab88865ad1e5bc5f3818c38abd5b7a486a314ba000e835
openshift-hyperkube-4.5.0-202012221738.p0.git.0.9c544e4.el7.ppc64le.rpm SHA-256: 8b8004792ab63310c54809addca552e7bdf34ba8c5792fba2ee44cb08b0555a1
python2-urllib3-1.26.2-1.el7.noarch.rpm SHA-256: 87f44adfbf04c62dc6d53d1ec15715c75d9ed1bd4c48236e71451adaa4f5be2e

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8

SRPM
cri-o-1.18.4-5.rhaos4.5.gitd655863.el8.src.rpm SHA-256: 6826b0f8b275ec3e8c148a7627a97ca0cfa3816efa6774ba29898aae0618bb5b
machine-config-daemon-4.5.0-202101080743.p0.git.2585.5bf8919.el8.src.rpm SHA-256: 5f0452eab38f3a22a39b3d8bdff6917aa6b642b53172bf523de06becbd1208d5
openshift-4.5.0-202012221738.p0.git.0.9c544e4.el8.src.rpm SHA-256: 8e61148152468bd1058307eb4df4bf5ec5307b8ff0585115e3ff122c69e97dad
openshift-kuryr-4.5.0-202012221738.p0.git.2004.e3caa5a.el8.src.rpm SHA-256: 3e409e78e6c7fd1edcadb4c893b4109a386badafac302cc3c2fdbb96ab17fe01
s390x
cri-o-1.18.4-5.rhaos4.5.gitd655863.el8.s390x.rpm SHA-256: 2c56ba5d5b10b57a1d90baf00dac9dcee084e639c4365d9e22a0745d6d64a79b
cri-o-debuginfo-1.18.4-5.rhaos4.5.gitd655863.el8.s390x.rpm SHA-256: 12a2890f0021b051789e06c37ea276d0295ec2bd1bfa0283f189c57506ffd57b
cri-o-debugsource-1.18.4-5.rhaos4.5.gitd655863.el8.s390x.rpm SHA-256: c1d7b86544b87596284dcef0f8cdf2bf5078d38f44aa2754503f015c5929ae81
machine-config-daemon-4.5.0-202101080743.p0.git.2585.5bf8919.el8.s390x.rpm SHA-256: aed9ca7d2a8780452a555b87290bf316574509399dd38dd87b49331192315f0b
openshift-hyperkube-4.5.0-202012221738.p0.git.0.9c544e4.el8.s390x.rpm SHA-256: bebcb21d81591b0072b05d49c318dbfb6ff0412cd25cc015cc3b61c37d3e08fb

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7

SRPM
cri-o-1.18.4-5.rhaos4.5.gitd655863.el7.src.rpm SHA-256: 9eea498c42b374bd84b38f6c5bd2c7b03c85bf360a6965c880045e8cba3b1b9e
jenkins-2-plugins-4.5.1610108899-1.el7.src.rpm SHA-256: 4a541ff91138de6bb71c4f65f1a4eb2827b0445dc0d79229937450dfeba8b98a
openshift-4.5.0-202012221738.p0.git.0.9c544e4.el7.src.rpm SHA-256: a2b33f9bd192013f223ce4c75d23c8abbcf181d7a0a3491aea8646c4303e9253
python-urllib3-1.26.2-1.el7.src.rpm SHA-256: 8fa532a78be9679604c2ca484de918979b70de15cb9812b0487403b10ff8cffd
s390x
cri-o-1.18.4-5.rhaos4.5.gitd655863.el7.s390x.rpm SHA-256: 107d709aebdf1e92d3b2b717ab9ad8ba191bada261254dd4c445a26395a76fbc
cri-o-debuginfo-1.18.4-5.rhaos4.5.gitd655863.el7.s390x.rpm SHA-256: 97188bc4b93d757b69e74b8fbd773e9abd10998c4aac4c641492b3a85696525b
jenkins-2-plugins-4.5.1610108899-1.el7.noarch.rpm SHA-256: 0761efeda7b4d2cdfbab88865ad1e5bc5f3818c38abd5b7a486a314ba000e835
openshift-hyperkube-4.5.0-202012221738.p0.git.0.9c544e4.el7.s390x.rpm SHA-256: b2e3f087d309ce70c52d33e51aca991536b8983d8f9d01b6876367c80339e445
python2-urllib3-1.26.2-1.el7.noarch.rpm SHA-256: 87f44adfbf04c62dc6d53d1ec15715c75d9ed1bd4c48236e71451adaa4f5be2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook