4.3 - RHSA-2019:3143

Executive Summary

Summary
Title	OpenShift Container Platform 3.11 atomic-openshift security update

Informations
Name	RHSA-2019:3143	First vendor Publication	2019-10-18
Vendor	RedHat	Last vendor Modification	2019-10-18
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.153.

Security Fix(es):

* atomic-openshift: OpenShift builds do not verify SSH Host Keys for the Git repository. (CVE-2019-10150)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

1713433 - CVE-2019-10150 atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-3143.html

CPE : Common Platform Enumeration

Type	Description	Count
Application	Redhat Openshift Container Platform cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.9.31:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.9:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.8:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.7:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.6:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.5:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.4:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.3:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11.286:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.10:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.1:::::::* cpe:2.3:a:redhat:openshift_container_platform:2.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:::::::: cpe:2.3:a:redhat:openshift_container_platform:-:::::::*	18

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-03-19 13:19:24	First insertion

	Related
5.9	CVE-2019-10150
Info : listing not affected by your CVSS Env Score

4.3 - RHSA-2019:3143

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU