- Vulnerability/
- RHSA-2019:3906
18/11/2019
22/10/2024
RHSA-2019:3906: Important: OpenShift Container Platform 3.11 HTTP/2 security update
First published: Mon Nov 18 2019(Updated: )
Red Hat OpenShift Container Platform is Red Hat's cloud computing<br>Kubernetes application platform solution designed for on-premise or private<br>cloud deployments.<br>The following RPM packages have been rebuilt with updated version of Go, which includes the security fixes listed further below:<br>atomic-enterprise-service-catalog<br>atomic-openshift-cluster-autoscaler<br>atomic-openshift-descheduler<br>atomic-openshift-metrics-server<br>atomic-openshift-node-problem-detector<br>atomic-openshift-service-idler<br>atomic-openshift-web-console<br>cockpit<br>csi-attacher<br>csi-driver-registrar<br>csi-livenessprobe<br>csi-provisioner<br>golang-github-openshift-oauth-proxy<br>golang-github-openshift-prometheus-alert-buffer<br>golang-github-prometheus-alertmanager<br>golang-github-prometheus-node_exporter<br>golang-github-prometheus-prometheus<br>hawkular-openshift-agent<br>heapster<br>image-inspector<br>openshift-enterprise-autoheal<br>openshift-enterprise-cluster-capacity<br>openshift-eventrouter<br>openshift-external-storage<br>Security Fix(es):<br><li> HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</li> <li> HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/atomic-enterprise-service-catalog | <3.11.154-1.git.1.fa68ced.el7 | 3.11.154-1.git.1.fa68ced.el7 |
| redhat/atomic-openshift-cluster-autoscaler | <3.11.154-1.git.1.532da7a.el7 | 3.11.154-1.git.1.532da7a.el7 |
| redhat/atomic-openshift-descheduler | <3.11.154-1.git.1.1d31032.el7 | 3.11.154-1.git.1.1d31032.el7 |
| redhat/atomic-openshift-metrics-server | <3.11.154-1.git.1.6a6b6ce.el7 | 3.11.154-1.git.1.6a6b6ce.el7 |
| redhat/atomic-openshift-node-problem-detector | <3.11.154-1.git.1.5e8e065.el7 | 3.11.154-1.git.1.5e8e065.el7 |
| redhat/atomic-openshift-service-idler | <3.11.154-1.git.1.f80fb86.el7 | 3.11.154-1.git.1.f80fb86.el7 |
| redhat/atomic-openshift-web-console | <3.11.154-1.git.1.f54cb18.el7 | 3.11.154-1.git.1.f54cb18.el7 |
| redhat/cockpit | <195-2.rhaos.el7 | 195-2.rhaos.el7 |
| redhat/csi-attacher | <0.2.0-4.git27299be.el7 | 0.2.0-4.git27299be.el7 |
| redhat/csi-driver-registrar | <0.2.0-2.el7 | 0.2.0-2.el7 |
| redhat/csi-livenessprobe | <0.0.1-2.gitff5b6a0.el7 | 0.0.1-2.gitff5b6a0.el7 |
| redhat/csi-provisioner | <0.2.0-3.el7 | 0.2.0-3.el7 |
| redhat/golang-github-openshift-oauth-proxy | <3.11.154-1.git.1.220e3dc.el7 | 3.11.154-1.git.1.220e3dc.el7 |
| redhat/golang-github-openshift-prometheus-alert-buffer | <0-3.gitceca8c1.el7 | 0-3.gitceca8c1.el7 |
| redhat/golang-github-prometheus-alertmanager | <3.11.154-1.git.1.4acd2e6.el7 | 3.11.154-1.git.1.4acd2e6.el7 |
| redhat/golang-github-prometheus-prometheus | <3.11.154-1.git.1.148db48.el7 | 3.11.154-1.git.1.148db48.el7 |
| redhat/hawkular-openshift-agent | <1.2.2-3.el7 | 1.2.2-3.el7 |
| redhat/heapster | <1.3.0-4.el7 | 1.3.0-4.el7 |
| redhat/image-inspector | <2.4.0-4.el7 | 2.4.0-4.el7 |
| redhat/openshift-enterprise-autoheal | <3.11.154-1.git.1.13199be.el7 | 3.11.154-1.git.1.13199be.el7 |
| redhat/openshift-enterprise-cluster-capacity | <3.11.154-1.git.1.5798c2c.el7 | 3.11.154-1.git.1.5798c2c.el7 |
| redhat/openshift-eventrouter | <0.2-4.git7c289cc.el7 | 0.2-4.git7c289cc.el7 |
| redhat/openshift-external-storage | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/atomic-enterprise-service-catalog | <3.11.154-1.git.1.fa68ced.el7 | 3.11.154-1.git.1.fa68ced.el7 |
| redhat/atomic-enterprise-service-catalog-svcat | <3.11.154-1.git.1.fa68ced.el7 | 3.11.154-1.git.1.fa68ced.el7 |
| redhat/atomic-openshift-cluster-autoscaler | <3.11.154-1.git.1.532da7a.el7 | 3.11.154-1.git.1.532da7a.el7 |
| redhat/atomic-openshift-descheduler | <3.11.154-1.git.1.1d31032.el7 | 3.11.154-1.git.1.1d31032.el7 |
| redhat/atomic-openshift-metrics-server | <3.11.154-1.git.1.6a6b6ce.el7 | 3.11.154-1.git.1.6a6b6ce.el7 |
| redhat/atomic-openshift-node-problem-detector | <3.11.154-1.git.1.5e8e065.el7 | 3.11.154-1.git.1.5e8e065.el7 |
| redhat/atomic-openshift-service-idler | <3.11.154-1.git.1.f80fb86.el7 | 3.11.154-1.git.1.f80fb86.el7 |
| redhat/atomic-openshift-web-console | <3.11.154-1.git.1.f54cb18.el7 | 3.11.154-1.git.1.f54cb18.el7 |
| redhat/cockpit-debuginfo | <195-2.rhaos.el7 | 195-2.rhaos.el7 |
| redhat/cockpit-kubernetes | <195-2.rhaos.el7 | 195-2.rhaos.el7 |
| redhat/csi-attacher | <0.2.0-4.git27299be.el7 | 0.2.0-4.git27299be.el7 |
| redhat/csi-attacher-debuginfo | <0.2.0-4.git27299be.el7 | 0.2.0-4.git27299be.el7 |
| redhat/csi-driver-registrar | <0.2.0-2.el7 | 0.2.0-2.el7 |
| redhat/csi-driver-registrar-debuginfo | <0.2.0-2.el7 | 0.2.0-2.el7 |
| redhat/csi-livenessprobe | <0.0.1-2.gitff5b6a0.el7 | 0.0.1-2.gitff5b6a0.el7 |
| redhat/csi-livenessprobe-debuginfo | <0.0.1-2.gitff5b6a0.el7 | 0.0.1-2.gitff5b6a0.el7 |
| redhat/csi-provisioner | <0.2.0-3.el7 | 0.2.0-3.el7 |
| redhat/csi-provisioner-debuginfo | <0.2.0-3.el7 | 0.2.0-3.el7 |
| redhat/golang-github-openshift-oauth-proxy | <3.11.154-1.git.1.220e3dc.el7 | 3.11.154-1.git.1.220e3dc.el7 |
| redhat/golang-github-openshift-prometheus-alert-buffer | <0-3.gitceca8c1.el7 | 0-3.gitceca8c1.el7 |
| redhat/hawkular-openshift-agent | <1.2.2-3.el7 | 1.2.2-3.el7 |
| redhat/heapster | <1.3.0-4.el7 | 1.3.0-4.el7 |
| redhat/image-inspector | <2.4.0-4.el7 | 2.4.0-4.el7 |
| redhat/openshift-enterprise-autoheal | <3.11.154-1.git.1.13199be.el7 | 3.11.154-1.git.1.13199be.el7 |
| redhat/openshift-enterprise-cluster-capacity | <3.11.154-1.git.1.5798c2c.el7 | 3.11.154-1.git.1.5798c2c.el7 |
| redhat/openshift-eventrouter | <0.2-4.git7c289cc.el7 | 0.2-4.git7c289cc.el7 |
| redhat/openshift-eventrouter-debuginfo | <0.2-4.git7c289cc.el7 | 0.2-4.git7c289cc.el7 |
| redhat/openshift-external-storage-cephfs-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-debuginfo | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-efs-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-local-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-manila-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-snapshot-controller | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-snapshot-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/prometheus | <3.11.154-1.git.1.148db48.el7 | 3.11.154-1.git.1.148db48.el7 |
| redhat/prometheus-alertmanager | <3.11.154-1.git.1.4acd2e6.el7 | 3.11.154-1.git.1.4acd2e6.el7 |
| redhat/prometheus-node-exporter | <3.11.154-1.git.1.bc9f224.el7 | 3.11.154-1.git.1.bc9f224.el7 |
| redhat/atomic-enterprise-service-catalog | <3.11.154-1.git.1.fa68ced.el7 | 3.11.154-1.git.1.fa68ced.el7 |
| redhat/atomic-enterprise-service-catalog-svcat | <3.11.154-1.git.1.fa68ced.el7 | 3.11.154-1.git.1.fa68ced.el7 |
| redhat/atomic-openshift-cluster-autoscaler | <3.11.154-1.git.1.532da7a.el7 | 3.11.154-1.git.1.532da7a.el7 |
| redhat/atomic-openshift-descheduler | <3.11.154-1.git.1.1d31032.el7 | 3.11.154-1.git.1.1d31032.el7 |
| redhat/atomic-openshift-metrics-server | <3.11.154-1.git.1.6a6b6ce.el7 | 3.11.154-1.git.1.6a6b6ce.el7 |
| redhat/atomic-openshift-node-problem-detector | <3.11.154-1.git.1.5e8e065.el7 | 3.11.154-1.git.1.5e8e065.el7 |
| redhat/atomic-openshift-service-idler | <3.11.154-1.git.1.f80fb86.el7 | 3.11.154-1.git.1.f80fb86.el7 |
| redhat/atomic-openshift-web-console | <3.11.154-1.git.1.f54cb18.el7 | 3.11.154-1.git.1.f54cb18.el7 |
| redhat/cockpit-debuginfo | <195-2.rhaos.el7 | 195-2.rhaos.el7 |
| redhat/cockpit-kubernetes | <195-2.rhaos.el7 | 195-2.rhaos.el7 |
| redhat/csi-attacher | <0.2.0-4.git27299be.el7 | 0.2.0-4.git27299be.el7 |
| redhat/csi-attacher-debuginfo | <0.2.0-4.git27299be.el7 | 0.2.0-4.git27299be.el7 |
| redhat/csi-driver-registrar | <0.2.0-2.el7 | 0.2.0-2.el7 |
| redhat/csi-driver-registrar-debuginfo | <0.2.0-2.el7 | 0.2.0-2.el7 |
| redhat/csi-livenessprobe | <0.0.1-2.gitff5b6a0.el7 | 0.0.1-2.gitff5b6a0.el7 |
| redhat/csi-livenessprobe-debuginfo | <0.0.1-2.gitff5b6a0.el7 | 0.0.1-2.gitff5b6a0.el7 |
| redhat/csi-provisioner | <0.2.0-3.el7 | 0.2.0-3.el7 |
| redhat/csi-provisioner-debuginfo | <0.2.0-3.el7 | 0.2.0-3.el7 |
| redhat/golang-github-openshift-oauth-proxy | <3.11.154-1.git.1.220e3dc.el7 | 3.11.154-1.git.1.220e3dc.el7 |
| redhat/golang-github-openshift-prometheus-alert-buffer | <0-3.gitceca8c1.el7 | 0-3.gitceca8c1.el7 |
| redhat/hawkular-openshift-agent | <1.2.2-3.el7 | 1.2.2-3.el7 |
| redhat/heapster | <1.3.0-4.el7 | 1.3.0-4.el7 |
| redhat/image-inspector | <2.4.0-4.el7 | 2.4.0-4.el7 |
| redhat/openshift-enterprise-autoheal | <3.11.154-1.git.1.13199be.el7 | 3.11.154-1.git.1.13199be.el7 |
| redhat/openshift-enterprise-cluster-capacity | <3.11.154-1.git.1.5798c2c.el7 | 3.11.154-1.git.1.5798c2c.el7 |
| redhat/openshift-eventrouter | <0.2-4.git7c289cc.el7 | 0.2-4.git7c289cc.el7 |
| redhat/openshift-eventrouter-debuginfo | <0.2-4.git7c289cc.el7 | 0.2-4.git7c289cc.el7 |
| redhat/openshift-external-storage-cephfs-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-debuginfo | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-efs-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-local-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-manila-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-snapshot-controller | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/openshift-external-storage-snapshot-provisioner | <0.0.2-9.gitd3c94f0.el7 | 0.0.2-9.gitd3c94f0.el7 |
| redhat/prometheus | <3.11.154-1.git.1.148db48.el7 | 3.11.154-1.git.1.148db48.el7 |
| redhat/prometheus-alertmanager | <3.11.154-1.git.1.4acd2e6.el7 | 3.11.154-1.git.1.4acd2e6.el7 |
| redhat/prometheus-node-exporter | <3.11.154-1.git.1.bc9f224.el7 | 3.11.154-1.git.1.bc9f224.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2019:3906?
The severity of RHSA-2019:3906 is classified as moderate.
How do I fix RHSA-2019:3906?
To fix RHSA-2019:3906, update the affected packages to the recommended versions listed in the advisory.
Which packages are affected by RHSA-2019:3906?
The affected packages by RHSA-2019:3906 include atomic-enterprise-service-catalog, atomic-openshift-cluster-autoscaler, and several others.
What vulnerabilities does RHSA-2019:3906 address?
RHSA-2019:3906 addresses vulnerabilities related to security fixes in the Go programming language.
Is it necessary to apply the update for RHSA-2019:3906?
Yes, it is necessary to apply the update for RHSA-2019:3906 to ensure the security and stability of your system.
- agent/type
- agent/severity
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2019:3906
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/event
- agent/source
- package-manager/redhat