Executive Summary

Summary
Title Red Hat OpenShift Service Mesh 1.0.1 RPMs
Informations
Name RHSA-2019:3041 First vendor Publication 2019-10-14
Vendor RedHat Last vendor Modification 2019-10-14
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Red Hat OpenShift Service Mesh 1.0.1.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

OpenShift Service Mesh 1.0 - x86_64 Red Hat OpenShift Service Mesh 1.0 - x86_64

3. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1 release.

Security Fix(es):

* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

The OpenShift Service Mesh release notes provide information on the features and known issues:

https://docs.openshift.com/container-platform/4.1/service_mesh/servicemesh- release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-3041.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-770 Allocation of Resources Without Limits or Throttling

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12
Os 1

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-03-19 13:19:21
  • First insertion