First published: Mon Jul 13 2020(Updated: )
Red Hat OpenShift Container Platform is Red Hat's cloud computing<br>Kubernetes application platform solution designed for on-premise or private<br>cloud deployments.<br>Security Fix(es):<br><li> kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)</li> <li> kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)</li> <li> proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/machine-config-daemon | <4.5.0-202007012112.p0.git.2527.d12c3da.el8 | 4.5.0-202007012112.p0.git.2527.d12c3da.el8 |
redhat/openshift | <4.5.0-202007012112.p0.git.0.582d7fc.el8 | 4.5.0-202007012112.p0.git.0.582d7fc.el8 |
redhat/machine-config-daemon | <4.5.0-202007012112.p0.git.2527.d12c3da.el8 | 4.5.0-202007012112.p0.git.2527.d12c3da.el8 |
redhat/openshift-hyperkube | <4.5.0-202007012112.p0.git.0.582d7fc.el8 | 4.5.0-202007012112.p0.git.0.582d7fc.el8 |
redhat/openshift | <4.5.0-202007012112.p0.git.0.582d7fc.el7 | 4.5.0-202007012112.p0.git.0.582d7fc.el7 |
redhat/openshift-hyperkube | <4.5.0-202007012112.p0.git.0.582d7fc.el7 | 4.5.0-202007012112.p0.git.0.582d7fc.el7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2020:2413 is classified as a Denial of Service vulnerability.
To fix RHSA-2020:2413, upgrade the affected packages to the specified remedial versions provided in the advisory.
RHSA-2020:2413 affects specific versions of the machine-config-daemon and OpenShift packages, particularly those prior to 4.5.0-202007012112.p0.
RHSA-2020:2413 addresses a Denial of Service issue in the API server that can be triggered by crafted YAML payloads from authorized users.
Yes, the vulnerability in RHSA-2020:2413 can be exploited by authorized users who have access to the API server.