(RHSA-2019:2766) Important: Red Hat OpenShift Enterprise 4.1.15 gRPC security update

2019-09-12T22:20:25
ID RHSA-2019:2766
Type redhat
Reporter RedHat
Modified 2019-09-12T22:21:12

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red Hat OpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated with the below fixes.

Security Fix(es):

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

  • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.