Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:5634
HistoryFeb 24, 2021 - 1:56 p.m.

(RHSA-2020:5634) Moderate: OpenShift Container Platform 4.7.0 packages security update

2021-02-2413:56:32
access.redhat.com
136

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.8%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2020:5633

All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Security Fix(es):

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

  • kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4 (CVE-2020-8566)

  • containerd: credentials leak during image pull (CVE-2020-15157)

  • python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

  • atomic-openshift: cross-namespace owner references can trigger deletions of valid children (CVE-2019-3884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-pyroute2< 0.5.13-1.el8ostpython3-pyroute2-0.5.13-1.el8ost.noarch.rpm
RedHat8ppc64lenetworkmanager-adsl< 1.26.0-12.1.rhaos4.7.el8NetworkManager-adsl-1.26.0-12.1.rhaos4.7.el8.ppc64le.rpm
RedHat8ppc64leostree< 2020.7-1.el8ostree-2020.7-1.el8.ppc64le.rpm
RedHat8s390xignition-debuginfo< 2.9.0-2.rhaos4.7.git1d56dc8.el8ignition-debuginfo-2.9.0-2.rhaos4.7.git1d56dc8.el8.s390x.rpm
RedHat8x86_64openshift-eventrouter-debugsource< 0.2-4.git7c289cc.el8openshift-eventrouter-debugsource-0.2-4.git7c289cc.el8.x86_64.rpm
RedHat8noarchopenshift-kuryr-controller< 4.7.0-202101262230.p0.git.2494.cd95ce5.el8openshift-kuryr-controller-4.7.0-202101262230.p0.git.2494.cd95ce5.el8.noarch.rpm
RedHat8x86_64network-scripts-openvswitch2.13< 2.13.0-79.el8fdpnetwork-scripts-openvswitch2.13-2.13.0-79.el8fdp.x86_64.rpm
RedHat8s390xnetworkmanager-ppp-debuginfo< 1.26.0-12.1.rhaos4.7.el8NetworkManager-ppp-debuginfo-1.26.0-12.1.rhaos4.7.el8.s390x.rpm
RedHat8ppc64lenetworkmanager-wifi< 1.26.0-12.1.rhaos4.7.el8NetworkManager-wifi-1.26.0-12.1.rhaos4.7.el8.ppc64le.rpm
RedHat8ppc64lefaq< 0.0.6-5.el8faq-0.0.6-5.el8.ppc64le.rpm
Rows per page:
1-10 of 6411

Related

nessus 44
veracode 5
osv 20
mageia 2
openvas 19
fedora 5
ubuntu 2
redhatcve 6
debiancve 5
amazon 4
cve 6
oraclelinux 4
ubuntucve 5
prion 6
photon 9
github 5
ibm 12
alpinelinux 2
redhat 21
arista 1
cbl_mariner 1
gitlab 1
cgr 1
wolfi 1
threatpost 3
suse 3
archlinux 1
freebsd 1
altlinux 2
debian 1
almalinux 1
nessus
nessus
RHEL 7 / 8 : OpenShift Container Platform 4.7.0 packages (RHSA-2020:5634)
2021-02-24 00:00:00
Photon OS 3.0: Containerd PHSA-2020-3.0-0155
2020-10-24 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-4589-2)
2020-10-19 00:00:00
veracode
veracode
Insecure RSA Decryption (Bleichenbacher Timing Attack)
2020-11-10 06:54:44
Information Disclosure
2020-10-18 01:59:36
Information Disclosure
2020-10-19 09:09:35
osv
osv
CVE-2020-25658
2020-11-12 14:15:22
docker.io vulnerability
2020-10-15 20:00:45
CVE-2020-15157
2020-10-16 17:15:11
mageia
mageia
Updated python-rsa packages fix security vulnerability
2021-10-02 21:57:04
Updated docker packages fix a security vulnerability
2020-11-09 17:48:43
openvas
openvas
Fedora: Security Advisory for python-rsa (FEDORA-2021-c1fef03e71)
2021-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3932-1)
2022-11-11 00:00:00
Ubuntu: Security Advisory (USN-4589-2)
2020-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: python-rsa-4.7.2-1.fc34
2021-09-24 20:32:52
[SECURITY] Fedora 35 Update: python-rsa-4.7.2-1.fc35
2021-09-24 20:55:15
[SECURITY] Fedora 33 Update: python-rsa-4.7.2-1.fc33
2021-09-24 20:38:04
ubuntu
ubuntu
Docker vulnerability
2020-10-15 00:00:00
containerd vulnerability
2020-10-15 00:00:00
redhatcve
redhatcve
CVE-2020-15157
2020-10-21 15:55:41
CVE-2020-25658
2020-11-09 04:28:53
CVE-2020-28362
2021-07-25 09:33:47
debiancve
debiancve
CVE-2020-15157
2020-10-16 17:15:00
CVE-2020-8566
2020-12-07 22:15:00
CVE-2020-25658
2020-11-12 14:15:00
amazon
amazon
Medium: containerd
2021-12-28 23:54:00
Medium: python-rsa
2023-07-17 17:40:00
Medium: golang
2021-01-12 22:52:00
cve
cve
CVE-2020-15157
2020-10-16 17:15:00
CVE-2020-25658
2020-11-12 14:15:00
CVE-2020-28362
2020-11-18 17:15:00
oraclelinux
oraclelinux
containerd security update
2020-11-02 00:00:00
docker-engine docker-cli security update
2020-10-28 00:00:00
go-toolset:ol8 security update
2020-12-22 00:00:00
ubuntucve
ubuntucve
CVE-2020-15157
2020-10-15 00:00:00
CVE-2020-25658
2020-11-12 00:00:00
CVE-2020-28362
2020-11-18 00:00:00
prion
prion
Design/Logic Flaw
2020-10-16 17:15:00
Code injection
2020-12-07 22:15:00
Code injection
2020-11-12 14:15:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0292
2020-10-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0368
2021-03-08 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0326
2021-03-10 00:00:00
github
github
containerd v1.2.x can be coerced into leaking credentials during image pull
2022-02-11 23:27:39
Timing attacks in python-rsa
2021-04-30 17:35:15
Sensitive Information leak via Log File in Kubernetes
2024-04-24 20:02:08
ibm
ibm
Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.
2021-02-17 16:50:42
Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management.
2021-02-19 04:52:31
Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2020-28362)
2021-02-26 16:13:24
alpinelinux
alpinelinux
CVE-2020-28362
2020-11-18 17:15:00
CVE-2021-3121
2021-01-11 06:15:00
redhat
redhat
(RHSA-2021:0568) Moderate: OpenShift Container Platform 4.6 file-integrity-operator image security update
2021-02-16 08:39:26
(RHSA-2021:1563) Moderate: OpenShift Container Platform 4.7.12 extras and security update
2021-05-24 17:07:36
(RHSA-2021:3303) Moderate: OpenShift Container Platform 4.7.29 bug fix and security update
2021-09-08 11:33:15
arista
arista
Security Advisory 0062
2021-03-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-28362 affecting package golang 1.13.15-2
2021-07-08 21:56:48
gitlab
gitlab
Inclusion of Sensitive Information in Log Files
2020-12-07 00:00:00
cgr
cgr
CVE-2021-3121 vulnerabilities
2024-04-25 09:06:10
wolfi
wolfi
CVE-2021-3121 vulnerabilities
2024-04-25 09:06:43
threatpost
threatpost
Containerd Bug Exposes Cloud Account Credentials
2020-10-26 17:12:13
Deep Dive: Protecting Against Container Threats in the Cloud
2022-05-02 12:15:36
Nvidia Warns Gamers of Severe GeForce Experience Flaws
2020-10-23 14:09:28
suse
suse
Security update for go1.14 (moderate)
2020-11-26 00:00:00
Security update for go1.14 (moderate)
2020-11-27 00:00:00
Security update for go1.15 (moderate)
2020-12-01 00:00:00
archlinux
archlinux
[ASA-202011-16] go: multiple issues
2020-11-17 00:00:00
freebsd
freebsd
go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo
2020-11-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package golang version 1.15.5-alt1
2020-11-14 00:00:00
Security fix for the ALT Linux 10 package golang version 1.15.5-alt1
2020-11-14 00:00:00
debian
debian
[SECURITY] [DSA 4865-1] docker.io security update
2021-02-27 18:36:39
almalinux
almalinux
Moderate: go-toolset:rhel8 security update
2020-12-15 16:02:27

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for RHSA-2020:5634
nessus44veracode5osv20mageia2openvas19fedora5ubuntu2redhatcve6debiancve5amazon4cve6oraclelinux4ubuntucve5prion6photon9github5ibm12alpinelinux2redhat21arista1cbl_mariner1gitlab1cgr1wolfi1threatpost3suse3archlinux1freebsd1altlinux2debian1almalinux1