What is the severity of RHSA-2020:5615?

The severity of RHSA-2020:5615 is considered moderate due to a buffer overflow vulnerability.

How do I fix RHSA-2020:5615?

To fix RHSA-2020:5615, update the affected packages to their recommended versions specified in the advisory.

Which packages are affected by RHSA-2020:5615?

Affected packages for RHSA-2020:5615 include openshift-clients, openvswitch2.13, and python-sushy among others.

What CVE is associated with RHSA-2020:5615?

RHSA-2020:5615 is associated with the CVE-2015 vulnerability related to a buffer overflow in the lldp_decode function.

Is there a workaround for RHSA-2020:5615?

No specific workarounds for RHSA-2020:5615 are mentioned; the best course of action is to apply the security updates.

Vulnerability/
RHSA-2020:5615

CWE

119

21/12/2020

28/9/2024

RHSA-2020:5615: Important: OpenShift Container Platform 4.6.9 packages and security update

First published: Mon Dec 21 2020(Updated: )

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): <li> lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c (CVE-2015-8011)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.9. See the following advisory for the container images for this release: <a href="https://access.redhat.com/errata/RHBA-2020:5614" target="_blank">https://access.redhat.com/errata/RHBA-2020:5614</a> All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at <a href="https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor." target="_blank">https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.</a>

Affected Software	Affected Version	How to fix
redhat/openshift-clients	<4.6.0-202012121455.p0.git.3800.80a13a6.el8	4.6.0-202012121455.p0.git.3800.80a13a6.el8
redhat/openvswitch2.13	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/python-sushy	<3.5.0-2.20201005161238.74b8111.el8	3.5.0-2.20201005161238.74b8111.el8
redhat/network-scripts-openvswitch2.13	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/openshift-clients	<4.6.0-202012121455.p0.git.3800.80a13a6.el8	4.6.0-202012121455.p0.git.3800.80a13a6.el8
redhat/openshift-clients-redistributable	<4.6.0-202012121455.p0.git.3800.80a13a6.el8	4.6.0-202012121455.p0.git.3800.80a13a6.el8
redhat/openvswitch2.13-debuginfo	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/openvswitch2.13-debugsource	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/openvswitch2.13-devel	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/openvswitch2.13-test	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/python3-openvswitch2.13	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/python3-openvswitch2.13-debuginfo	<2.13.0-72.el8fd	2.13.0-72.el8fd
redhat/python3-sushy	<3.5.0-2.20201005161238.74b8111.el8	3.5.0-2.20201005161238.74b8111.el8
redhat/python3-sushy-tests	<3.5.0-2.20201005161238.74b8111.el8	3.5.0-2.20201005161238.74b8111.el8
redhat/openshift-clients	<4.6.0-202012121455.p0.git.3800.80a13a6.el7	4.6.0-202012121455.p0.git.3800.80a13a6.el7
redhat/openshift-clients	<4.6.0-202012121455.p0.git.3800.80a13a6.el7	4.6.0-202012121455.p0.git.3800.80a13a6.el7
redhat/openshift-clients-redistributable	<4.6.0-202012121455.p0.git.3800.80a13a6.el7	4.6.0-202012121455.p0.git.3800.80a13a6.el7
redhat/openshift-clients	<4.6.0-202012121455.p0.git.3800.80a13a6.el8	4.6.0-202012121455.p0.git.3800.80a13a6.el8

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2020:5615 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2020:5615?
The severity of RHSA-2020:5615 is considered moderate due to a buffer overflow vulnerability.
How do I fix RHSA-2020:5615?
To fix RHSA-2020:5615, update the affected packages to their recommended versions specified in the advisory.
Which packages are affected by RHSA-2020:5615?
Affected packages for RHSA-2020:5615 include openshift-clients, openvswitch2.13, and python-sushy among others.
What CVE is associated with RHSA-2020:5615?
RHSA-2020:5615 is associated with the CVE-2015 vulnerability related to a buffer overflow in the lldp_decode function.
Is there a workaround for RHSA-2020:5615?
No specific workarounds for RHSA-2020:5615 are mentioned; the best course of action is to apply the security updates.

agent/severity
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/remedy
agent/weakness
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:5615
agent/software-canonical-lookup
agent/references
agent/event
agent/tags
agent/source
package-manager/redhat