(RHSA-2019:3132) Important: OpenShift Container Platform 4.1.20 openshift security update

2019-10-1615:24:10

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the openshift RPM package for Red Hat
OpenShift Container Platform 4.1.20.

Security Fix(es):

kubernetes: YAML parsing vulnerable to “Billion Laughs” attack, allowing for remote denial of service (CVE-2019-11253)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64openshift-hyperkube< 4.1.20-201910101746.git.0.a80aad5.el8openshift-hyperkube-4.1.20-201910101746.git.0.a80aad5.el8.x86_64.rpm
RedHat7x86_64openshift-hyperkube< 4.1.20-201910101746.git.0.a80aad5.el7openshift-hyperkube-4.1.20-201910101746.git.0.a80aad5.el7.x86_64.rpm
RedHat7x86_64openshift-clients< 4.1.20-201910101746.git.0.a80aad5.el7openshift-clients-4.1.20-201910101746.git.0.a80aad5.el7.x86_64.rpm
RedHat8x86_64openshift-clients-redistributable< 4.1.20-201910101746.git.0.a80aad5.el8openshift-clients-redistributable-4.1.20-201910101746.git.0.a80aad5.el8.x86_64.rpm
RedHat8x86_64openshift-clients< 4.1.20-201910101746.git.0.a80aad5.el8openshift-clients-4.1.20-201910101746.git.0.a80aad5.el8.x86_64.rpm
RedHat7x86_64openshift-clients-redistributable< 4.1.20-201910101746.git.0.a80aad5.el7openshift-clients-redistributable-4.1.20-201910101746.git.0.a80aad5.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	openshift-hyperkube	< 4.1.20-201910101746.git.0.a80aad5.el8	openshift-hyperkube-4.1.20-201910101746.git.0.a80aad5.el8.x86_64.rpm
RedHat	7	x86_64	openshift-hyperkube	< 4.1.20-201910101746.git.0.a80aad5.el7	openshift-hyperkube-4.1.20-201910101746.git.0.a80aad5.el7.x86_64.rpm
RedHat	7	x86_64	openshift-clients	< 4.1.20-201910101746.git.0.a80aad5.el7	openshift-clients-4.1.20-201910101746.git.0.a80aad5.el7.x86_64.rpm
RedHat	8	x86_64	openshift-clients-redistributable	< 4.1.20-201910101746.git.0.a80aad5.el8	openshift-clients-redistributable-4.1.20-201910101746.git.0.a80aad5.el8.x86_64.rpm
RedHat	8	x86_64	openshift-clients	< 4.1.20-201910101746.git.0.a80aad5.el8	openshift-clients-4.1.20-201910101746.git.0.a80aad5.el8.x86_64.rpm
RedHat	7	x86_64	openshift-clients-redistributable	< 4.1.20-201910101746.git.0.a80aad5.el7	openshift-clients-redistributable-4.1.20-201910101746.git.0.a80aad5.el7.x86_64.rpm