(RHSA-2019:2769) Important: OpenShift Container Platform 3.9 security update

2019-10-24T06:58:50
ID RHSA-2019:2769
Type redhat
Reporter RedHat
Modified 2019-10-24T07:13:53

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains RPM packages for Red Hat OpenShift Container Platform 3.9, which have been rebuilt with an updated version of golang.

Security Fix(es):

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

  • kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.