- Vulnerability/
- RHSA-2018:1320
RHSA-2018:1320: Critical: Red Hat OpenShift Application Runtimes security and bug fix update
First published: Thu May 03 2018(Updated: )
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.<br>This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.<br>Security Fix(es):<br><li> spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)</li> <li> spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)</li> <li> tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)</li> <li> tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)</li> <li> spring-framework: Multipart content pollution (CVE-2018-1272)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenShift Application Runtimes | >=1.5.10<=1.5.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1548282
- https://bugzilla.redhat.com/show_bug.cgi?id=1548289
- https://bugzilla.redhat.com/show_bug.cgi?id=1564408
- https://bugzilla.redhat.com/show_bug.cgi?id=1565307
- https://bugzilla.redhat.com/show_bug.cgi?id=1571050
- https://access.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=1.5.12
- https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/
- https://access.redhat.com/errata/RHSA-2018:1320 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2018:1320?
The severity of RHSA-2018:1320 is classified as moderate.
How do I fix RHSA-2018:1320?
To fix RHSA-2018:1320, update the affected packages to the latest version provided by Red Hat.
What are the affected software versions in RHSA-2018:1320?
RHSA-2018:1320 affects specific versions of Red Hat Openshift Application Runtimes and Spring Boot.
Is RHSA-2018:1320 related to security vulnerabilities?
Yes, RHSA-2018:1320 addresses security vulnerabilities found in the affected software.
What are the implications of not addressing RHSA-2018:1320?
Failing to address RHSA-2018:1320 may expose systems to potential security risks and operational issues.
- agent/severity
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2018:1320
- agent/remedy
- agent/references
- agent/title
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat openshift application runtimes