What is the severity of RHSA-2019:2661?

The severity of RHSA-2019:2661 is classified as important.

How do I fix RHSA-2019:2661?

To fix RHSA-2019:2661, you need to update to the specified version of the affected packages, such as 4.1.14-201908290858.git.0.3bd3467.el8.

Which packages are affected by RHSA-2019:2661?

The affected packages include openshift, openshift-clients, atomic-enterprise-service-catalog, and openshift-hyperkube among others.

What vulnerabilities are addressed in RHSA-2019:2661?

RHSA-2019:2661 addresses vulnerabilities related to unbounded memory growth caused by flooding using PING frames in HTTP/2.

Is there a specific version recommended for resolving RHSA-2019:2661?

Yes, the recommended version for resolving RHSA-2019:2661 is 4.1.14-201908290858.git.0.3bd3467.el8.

Vulnerability/
RHSA-2019:2661

11/9/2019

RHSA-2019:2661: Important: Red Hat OpenShift Container Platform 4.1 openshift RPM security update

First published: Wed Sep 11 2019(Updated: )

Both the openshift and atomic-enterprise-service-catalog packages have been rebuilt with updates versions of golang. The golang packages provide the Go programming language compiler.<br>Security Fix(es):<br><li> HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</li> <li> HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</li> For more details about the security issue(s), including the impact, a CVSS<br>score, acknowledgments, and other related information, refer to the CVE<br>page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/openshift	<4.1.14-201908290858.git.0.3bd3467.el8	4.1.14-201908290858.git.0.3bd3467.el8
redhat/openshift-clients	<4.1.14-201908290858.git.0.3bd3467.el8	4.1.14-201908290858.git.0.3bd3467.el8
redhat/openshift-clients-redistributable	<4.1.14-201908290858.git.0.3bd3467.el8	4.1.14-201908290858.git.0.3bd3467.el8
redhat/openshift-hyperkube	<4.1.14-201908290858.git.0.3bd3467.el8	4.1.14-201908290858.git.0.3bd3467.el8
redhat/atomic-enterprise-service-catalog	<4.1.14-201908290858.git.1.28cc9ff.el7	4.1.14-201908290858.git.1.28cc9ff.el7
redhat/openshift	<4.1.14-201908290858.git.0.3bd3467.el7	4.1.14-201908290858.git.0.3bd3467.el7
redhat/atomic-enterprise-service-catalog	<4.1.14-201908290858.git.1.28cc9ff.el7	4.1.14-201908290858.git.1.28cc9ff.el7
redhat/atomic-enterprise-service-catalog-svcat	<4.1.14-201908290858.git.1.28cc9ff.el7	4.1.14-201908290858.git.1.28cc9ff.el7
redhat/openshift-clients	<4.1.14-201908290858.git.0.3bd3467.el7	4.1.14-201908290858.git.0.3bd3467.el7
redhat/openshift-clients-redistributable	<4.1.14-201908290858.git.0.3bd3467.el7	4.1.14-201908290858.git.0.3bd3467.el7
redhat/openshift-hyperkube	<4.1.14-201908290858.git.0.3bd3467.el7	4.1.14-201908290858.git.0.3bd3467.el7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2019:2661?
The severity of RHSA-2019:2661 is classified as important.
How do I fix RHSA-2019:2661?
To fix RHSA-2019:2661, you need to update to the specified version of the affected packages, such as 4.1.14-201908290858.git.0.3bd3467.el8.
Which packages are affected by RHSA-2019:2661?
The affected packages include openshift, openshift-clients, atomic-enterprise-service-catalog, and openshift-hyperkube among others.
What vulnerabilities are addressed in RHSA-2019:2661?
RHSA-2019:2661 addresses vulnerabilities related to unbounded memory growth caused by flooding using PING frames in HTTP/2.
Is there a specific version recommended for resolving RHSA-2019:2661?
Yes, the recommended version for resolving RHSA-2019:2661 is 4.1.14-201908290858.git.0.3bd3467.el8.

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2019:2661
agent/software-canonical-lookup
agent/event
agent/title
agent/description
agent/remedy
agent/trending
agent/tags
agent/source
package-manager/redhat