(RHSA-2020:2479) Moderate: OpenShift Container Platform 3.11 atomic-openshift security update

2020-06-18T07:52:41
ID RHSA-2020:2479
Type redhat
Reporter RedHat
Modified 2020-06-18T08:06:41

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions (CVE-2017-18367)

  • kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)

  • kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information (CVE-2020-8555)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.