Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0495 Red Hat OpenShift Enterprise Multiple Security Updates:Multiple vulnerabilities 13 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenShift Container Platform 4.2.18 Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux Server 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-19335 CVE-2019-13734 Reference: ESB-2020.0272.2 ESB-2020.0213 ESB-2019.4688 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0476 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.2.18 ose-installer-container security update Advisory ID: RHSA-2020:0463-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:0463 Issue date: 2020-02-12 CVE Names: CVE-2019-13734 CVE-2019-19335 ===================================================================== 1. Summary: An update for ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions (CVE-2019-19335) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1777209 - CVE-2019-19335 openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions 5. References: https://access.redhat.com/security/cve/CVE-2019-13734 https://access.redhat.com/security/cve/CVE-2019-19335 https://access.redhat.com/security/updates/classification/#low 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkPhg9zjgjWX9erEAQhvGQ//R9xaejWGhe7FpWnNSwaK4bBcKJ4pDUiA hL2ivlopP+RkFfAwHahvM0PEALRRXgMh1DXfZA4tUZlM/v3SBovh+Fe7ia99rai2 Px1kNTn6qm9SXnUTLkRIg4hnKJCZkAWLAwNhowifnCOQ8BSxXOu6/4AEUUpA0dnR YDnUliR/1rEqymSuspSWnkkFUgF3R/1Po8uoxDc3pF0ICYV1J2rZpjwFGD/vtrDO 6vSA1zhLZWu+MTGDVimkCxXqCjmfiaFM5kGdKakzPmjDsNdPo1o+zHSVNnNByvS2 mySyGlfEJzVIxgbU816bBMG9T2NEoYlxiGreueTQJ+Hp/2C/o2/Ct181+bZlGWh6 n/o0bk2ZL1XPr7m/8/PUIMZqmSLE6vZ7eF19NZsjMRNUzlp50sUx0cU0epqRIFno WqNRUnT2J5D2lh+sHLjd78Veo2OPIw9zYA8TGIcl4EYkPYqxJ9nEr8CD8h3S40PV RylfskwWAyPWi5MNtASziE9MlJWfJInViWiJhwfxcqNZSxu5ecHatAjiyHnFWnrj 2lET5gBV6nsYKB0DaU1S5fkNIeyXDV+xarmb8uQrgcqwQI4I8Usdosz7wVwBqbVr EFKHGTOp6mO4mbCIhF1XSiISTyV8TTo6Tu5xY6uqHHW1q+jPJ6EQ/2yE4q0evcgv pP6ZNqbhcEE= =AEx9 - -----END PGP SIGNATURE----- - -------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.2.18 ose-baremetal-installer-container and ose-cli-artifacts-container security update Advisory ID: RHSA-2020:0476-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:0476 Issue date: 2020-02-12 CVE Names: CVE-2019-13734 CVE-2019-19335 ===================================================================== 1. Summary: An update for ose-baremetal-installer-container and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions (CVE-2019-19335) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1777209 - CVE-2019-19335 openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions 5. References: https://access.redhat.com/security/cve/CVE-2019-13734 https://access.redhat.com/security/cve/CVE-2019-19335 https://access.redhat.com/security/updates/classification/#low 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkPhvtzjgjWX9erEAQhfABAAi1TBPMDufTOh2rMV33j7Xp5qka0Fv1Ne qnmt9+yuAaeZM0HEaaSgPTSYqPzoS4doAKLdlKxnFO00dDOwOaNJZ3lvANq82dIS c+TQqpFBxgIntOpIn+YRGkTlT3E1cDvgyK6vcZO/9qjm4qR3XCr/vZNIS2eCQjo0 3Uw/zSa++iPgY/v3c06yLt5bBCsesRSCdcWuGb5NJ9y8SyubvNPfMmXc1ooXt8hR cARBN/08SBLxIeao7Wgft6J5EpjKjDlyyoVCnkEj82cnc96g+Kz5jXPfByMFbDr6 LyDl/W0yt5d7im/ISnp/2uUsyrSMSWyYIZaDrVUGP+lh+I1c7W9qIn/2kvhX/H7f npw0Aw4Bspkp7NXgtE3yBlpCW1wpAKA6Gs0wgutH2SSJaY8czt84YGQcuuO9OjTT 0q+qng8ezFaOVE5axWWz3Spm2UDyAT7yRwi0upbRc+5WIhmnD7CZXE5l/J968YOv GEFBaC3zUwaCxMBhVCxcvwDlpvMAPNtL1uV+avGgUVR/FkYLfQCGwvZd6bB+QuaO g2PrRtvmrh9J7ameBLSU1TqRFE9XCGit9K6DTAd+VFS0hwlhKPdkdbr0U4XZi+nm f0mWB508Sj0BMThK8hNvaUylnayIvJEuDG/sAyvc6YRunf6gAT5utWDdGeUvNjlT sNM0v4q69iY= =2u+E - -----END PGP SIGNATURE----- - -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXkS+xmaOgq3Tt24GAQg8yBAA0bplrfRk8XYXC2Tsn47otRO++axj8aKP 1Mw92Jec3Vdr1DOMcyYyPWNYpXMX40kaKKtZ/r+CmLMvw1Y+fPNy74oMcFBXj/Zj HqoROxPFqcmVjw4AfNrfBLesuG0eOWM9qhmxgUKCXYKX0uw5sp80rCWJO8HjESRq ORH+yR44wHv4ov3+SMMbZvbzm/fhuHT0OXMeaKHL/dYjdYjMqdHp1sUQzOFsR5Xm iMdRfsnIP7I2cdkIpFSAYZoEKX8dqWticWBMmlX3GMgog/846GjOrvnsJWFtdBqM Ra5ZZkOf3k2qx/7YaKXlCov15xaUgIb3r9tGJ7qcOJ5jUiX6f0j7XdgdbjfKdFYh YKgWr6eSaWGsd0J3vnrLLRWZLj+6bIhgWO+3NSFGVrpvVNX+0N/4hzG4fC5ucQM1 nfWxoWQ1VI6C/5iXFmC2PEzV/VEW7vfknkEQO+ogyaQHi23iRVM27qkM8O86M6q1 h7oHfnFANzX1CnJZxTsFhNw5n5WmeC++PsVshphsQSyproewD5TmDYb3I9Q5L1T9 mNrIp9TQIwe7DmBb3cDz+ymj8smjbwU9SOSsFlUNnG4PNEgKwCj4/sPUNvF8GlCw PqWjtBJ4+8rMSPaboE9APpW+oUAk44d+4ttA0Ju+e+oUKM6WeR4MZGbiPrEB26/3 e2LXaF/Kmpk= =r9S9 -----END PGP SIGNATURE-----