What is the severity of RHSA-2019:2989?

The severity of RHSA-2019:2989 is categorized as moderate.

How do I fix RHSA-2019:2989?

To fix RHSA-2019:2989, update to the specific package versions mentioned in the advisory.

Which packages are affected by RHSA-2019:2989?

RHSA-2019:2989 affects multiple packages under Red Hat OpenShift Container Platform, including atomic-openshift and cri-o.

What is the main security issue in RHSA-2019:2989?

The main security issue in RHSA-2019:2989 is that OpenShift builds do not verify SSH Host Keys for the git repository.

Is there a known workaround for RHSA-2019:2989?

Currently, there is no documented workaround for RHSA-2019:2989; updating to the fixed package versions is recommended.

Vulnerability/
RHSA-2019:2989

14/10/2019

RHSA-2019:2989: Moderate: OpenShift Container Platform 3.10 atomic-openshift kube-apiserver security update

First published: Mon Oct 14 2019(Updated: )

Red Hat OpenShift Container Platform is Red Hat's cloud computing<br>Kubernetes application platform solution designed for on-premise or private<br>cloud deployments.<br>Security Fix(es):<br><li> atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository (CVE-2019-10150)</li> <li> containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/atomic-openshift	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/cri-o	<1.10.6-2.rhaos3.10.git56d7d9a.el7	1.10.6-2.rhaos3.10.git56d7d9a.el7
redhat/atomic-openshift	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-clients	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-clients-redistributable	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-docker-excluder	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-excluder	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-hyperkube	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-hypershift	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-master	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-node	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-pod	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-sdn-ovs	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-template-service-broker	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-tests	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/cri-o	<1.10.6-2.rhaos3.10.git56d7d9a.el7	1.10.6-2.rhaos3.10.git56d7d9a.el7
redhat/atomic-openshift	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-clients	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-hyperkube	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-hypershift	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-master	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-node	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-pod	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-sdn-ovs	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-template-service-broker	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/atomic-openshift-tests	<3.10.175-1.git.0.f9f0e81.el7	3.10.175-1.git.0.f9f0e81.el7
redhat/cri-o	<1.10.6-2.rhaos3.10.git56d7d9a.el7	1.10.6-2.rhaos3.10.git56d7d9a.el7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2019:2989?
The severity of RHSA-2019:2989 is categorized as moderate.
How do I fix RHSA-2019:2989?
To fix RHSA-2019:2989, update to the specific package versions mentioned in the advisory.
Which packages are affected by RHSA-2019:2989?
RHSA-2019:2989 affects multiple packages under Red Hat OpenShift Container Platform, including atomic-openshift and cri-o.
What is the main security issue in RHSA-2019:2989?
The main security issue in RHSA-2019:2989 is that OpenShift builds do not verify SSH Host Keys for the git repository.
Is there a known workaround for RHSA-2019:2989?
Currently, there is no documented workaround for RHSA-2019:2989; updating to the fixed package versions is recommended.

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2019:2989
agent/software-canonical-lookup
agent/title
agent/event
agent/remedy
agent/description
agent/trending
agent/tags
agent/source
package-manager/redhat