- Vulnerability/
- RHSA-2019:3131
RHSA-2019:3131: Important: OpenShift Container Platform 4.1.20 golang security update
First published: Wed Oct 16 2019(Updated: )
Red Hat OpenShift Container Platform is Red Hat's cloud computing<br>Kubernetes application platform solution designed for on-premise or private<br>cloud deployments.<br>This advisory contains the cri-o, cri-tools, faq, ignition, openshift-external-storage and pivot RPM packages, which have been rebuilt with an updated version of golang for Red Hat OpenShift Container Platform 4.1.20.<br>Security Fix(es):<br><li> HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</li> <li> HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cri-o | <1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8 | 1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8 |
| redhat/cri-tools | <1.13.0-3.rhaos4.1.gitb69a0b9.el8 | 1.13.0-3.rhaos4.1.gitb69a0b9.el8 |
| redhat/ignition | <0.32.0-2.git5941fc0.el8 | 0.32.0-2.git5941fc0.el8 |
| redhat/pivot | <0.0.5-2.el8 | 0.0.5-2.el8 |
| redhat/cri-o | <1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8 | 1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8 |
| redhat/cri-tools | <1.13.0-3.rhaos4.1.gitb69a0b9.el8 | 1.13.0-3.rhaos4.1.gitb69a0b9.el8 |
| redhat/ignition | <0.32.0-2.git5941fc0.el8 | 0.32.0-2.git5941fc0.el8 |
| redhat/ignition-validate | <0.32.0-2.git5941fc0.el8 | 0.32.0-2.git5941fc0.el8 |
| redhat/pivot | <0.0.5-2.el8 | 0.0.5-2.el8 |
| redhat/cri-o | <1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7 | 1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7 |
| redhat/cri-tools | <1.13.0-2.rhaos4.1.gitc06001f.el7 | 1.13.0-2.rhaos4.1.gitc06001f.el7 |
| redhat/faq | <0.0.6-4.el7 | 0.0.6-4.el7 |
| redhat/openshift-external-storage | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/cri-o | <1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7 | 1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7 |
| redhat/cri-o-debuginfo | <1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7 | 1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7 |
| redhat/cri-tools | <1.13.0-2.rhaos4.1.gitc06001f.el7 | 1.13.0-2.rhaos4.1.gitc06001f.el7 |
| redhat/cri-tools-debuginfo | <1.13.0-2.rhaos4.1.gitc06001f.el7 | 1.13.0-2.rhaos4.1.gitc06001f.el7 |
| redhat/faq | <0.0.6-4.el7 | 0.0.6-4.el7 |
| redhat/faq-debuginfo | <0.0.6-4.el7 | 0.0.6-4.el7 |
| redhat/openshift-external-storage-cephfs-provisioner | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/openshift-external-storage-debuginfo | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/openshift-external-storage-efs-provisioner | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/openshift-external-storage-local-provisioner | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/openshift-external-storage-manila-provisioner | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/openshift-external-storage-snapshot-controller | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
| redhat/openshift-external-storage-snapshot-provisioner | <0.0.2-7.gitd3c94f0.el7 | 0.0.2-7.gitd3c94f0.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/severity
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/tags
- agent/remedy
- agent/description
- agent/event
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2019:3131
- agent/software-canonical-lookup
- package-manager/redhat