RHCOS 4 : OpenShift Container Platform 4.2.33 openshift-clients (RHSA-2020:2027)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2027 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Note that Nessus has not tested for this issue...

RHCOS 4 : OpenShift Container Platform 4.3.8 openshift-clients (RHSA-2020:0928)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0928 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Note that Nessus has not tested for this issue...

RHSA-2020:2027 Red Hat Security Advisory: OpenShift Container Platform 4.2.33 openshift-clients security update

Bulletin has no description...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

Design/Logic Flaw

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

CVE-2020-27833

CVE-2020-27833 describes a Zip Slip flaw in the oc binary from openshift-clients where an arbitrary file write can be achieved when processing a specially crafted tar image via oc image extract. The root cause is symlinks inside the tarball that bypass the tar’s path checks, enabling links to esc...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...