What is the severity of RHSA-2021:3193?

The severity of RHSA-2021:3193 is classified as Moderate due to the risk of leaking Docker config secrets.

How do I fix RHSA-2021:3193?

To fix RHSA-2021:3193, update to the specified patched package versions as per the advisory guidelines.

What products are affected by RHSA-2021:3193?

RHSA-2021:3193 affects multiple products including Red Hat OpenShift Container Platform and various associated packages.

What is the nature of the vulnerability addressed in RHSA-2021:3193?

RHSA-2021:3193 addresses vulnerabilities where improperly formatted files can lead to the exposure of sensitive information.

Is there a known exploit for RHSA-2021:3193?

As of the advisory, there are no known active exploits specifically targeting the vulnerability fixed in RHSA-2021:3193.

Vulnerability/
RHSA-2021:3193

25/8/2021

RHSA-2021:3193: Moderate: OpenShift Container Platform 3.11.z security and bug fix update

First published: Wed Aug 25 2021(Updated: )

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): <li> kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 (CVE-2020-8564)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): <li> [3.11] Wrong message error displayed when creating a route with path based (BZ#1884421)</li> <li> [3.11] passthrough route created using path (BZ#1884422)</li> <li> Hawkular cassandra pod readiness probe failed when run on the CRIO node. (BZ#1958718)</li> <li> Pods are getting stuck in ContainerCreating/ContainerCreateError/Terminating status (BZ#1965900)</li> <li> [3.11.z] Egress IP iptables rules not added due to iptables: Resource temporarily unavailable (BZ#1979216)</li> <li> Slowness in services propagation after upgrading to v3.11.465 (BZ#1981736)</li> <li> [3.11] NodePort is not working when configuring an egress IP address (BZ#1986413)</li>

Affected Software	Affected Version	How to fix
redhat/atomic-enterprise-service-catalog	<3.11.501-1.git.2e6be86.el7	3.11.501-1.git.2e6be86.el7
redhat/atomic-openshift	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-cluster-autoscaler	<3.11.501-1.git.99b2acf.el7	3.11.501-1.git.99b2acf.el7
redhat/atomic-openshift-descheduler	<3.11.501-1.git.d435537.el7	3.11.501-1.git.d435537.el7
redhat/atomic-openshift-dockerregistry	<3.11.501-1.git.3571208.el7	3.11.501-1.git.3571208.el7
redhat/atomic-openshift-metrics-server	<3.11.501-1.git.f8bf728.el7	3.11.501-1.git.f8bf728.el7
redhat/atomic-openshift-node-problem-detector	<3.11.501-1.git.c8f26da.el7	3.11.501-1.git.c8f26da.el7
redhat/atomic-openshift-service-idler	<3.11.501-1.git.39cfc66.el7	3.11.501-1.git.39cfc66.el7
redhat/atomic-openshift-web-console	<3.11.501-1.git.fc3b323.el7	3.11.501-1.git.fc3b323.el7
redhat/cri-o	<1.11.16-0.16.rhaos3.11.git54f9e69.el7	1.11.16-0.16.rhaos3.11.git54f9e69.el7
redhat/golang-github-openshift-oauth-proxy	<3.11.501-1.git.edebe84.el7	3.11.501-1.git.edebe84.el7
redhat/golang-github-prometheus-alertmanager	<3.11.501-1.git.13de638.el7	3.11.501-1.git.13de638.el7
redhat/golang-github-prometheus-prometheus	<3.11.501-1.git.99aae51.el7	3.11.501-1.git.99aae51.el7
redhat/openshift-ansible	<3.11.501-1.git.0.5ea39b1.el7	3.11.501-1.git.0.5ea39b1.el7
redhat/openshift-enterprise-autoheal	<3.11.501-1.git.f2f435d.el7	3.11.501-1.git.f2f435d.el7
redhat/openshift-enterprise-cluster-capacity	<3.11.501-1.git.22be164.el7	3.11.501-1.git.22be164.el7
redhat/openshift-kuryr	<3.11.501-1.git.c33a657.el7	3.11.501-1.git.c33a657.el7
redhat/atomic-enterprise-service-catalog	<3.11.501-1.git.2e6be86.el7	3.11.501-1.git.2e6be86.el7
redhat/atomic-enterprise-service-catalog-svcat	<3.11.501-1.git.2e6be86.el7	3.11.501-1.git.2e6be86.el7
redhat/atomic-openshift	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-clients	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-clients-redistributable	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-cluster-autoscaler	<3.11.501-1.git.99b2acf.el7	3.11.501-1.git.99b2acf.el7
redhat/atomic-openshift-descheduler	<3.11.501-1.git.d435537.el7	3.11.501-1.git.d435537.el7
redhat/atomic-openshift-docker-excluder	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-dockerregistry	<3.11.501-1.git.3571208.el7	3.11.501-1.git.3571208.el7
redhat/atomic-openshift-excluder	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-hyperkube	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-hypershift	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-master	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-metrics-server	<3.11.501-1.git.f8bf728.el7	3.11.501-1.git.f8bf728.el7
redhat/atomic-openshift-node	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-node-problem-detector	<3.11.501-1.git.c8f26da.el7	3.11.501-1.git.c8f26da.el7
redhat/atomic-openshift-pod	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-sdn-ovs	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-service-idler	<3.11.501-1.git.39cfc66.el7	3.11.501-1.git.39cfc66.el7
redhat/atomic-openshift-template-service-broker	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-tests	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-web-console	<3.11.501-1.git.fc3b323.el7	3.11.501-1.git.fc3b323.el7
redhat/cri-o	<1.11.16-0.16.rhaos3.11.git54f9e69.el7	1.11.16-0.16.rhaos3.11.git54f9e69.el7
redhat/cri-o-debuginfo	<1.11.16-0.16.rhaos3.11.git54f9e69.el7	1.11.16-0.16.rhaos3.11.git54f9e69.el7
redhat/golang-github-openshift-oauth-proxy	<3.11.501-1.git.edebe84.el7	3.11.501-1.git.edebe84.el7
redhat/openshift-ansible	<3.11.501-1.git.0.5ea39b1.el7	3.11.501-1.git.0.5ea39b1.el7
redhat/openshift-ansible-docs	<3.11.501-1.git.0.5ea39b1.el7	3.11.501-1.git.0.5ea39b1.el7
redhat/openshift-ansible-playbooks	<3.11.501-1.git.0.5ea39b1.el7	3.11.501-1.git.0.5ea39b1.el7
redhat/openshift-ansible-roles	<3.11.501-1.git.0.5ea39b1.el7	3.11.501-1.git.0.5ea39b1.el7
redhat/openshift-enterprise-autoheal	<3.11.501-1.git.f2f435d.el7	3.11.501-1.git.f2f435d.el7
redhat/openshift-enterprise-cluster-capacity	<3.11.501-1.git.22be164.el7	3.11.501-1.git.22be164.el7
redhat/openshift-kuryr-cni	<3.11.501-1.git.c33a657.el7	3.11.501-1.git.c33a657.el7
redhat/openshift-kuryr-common	<3.11.501-1.git.c33a657.el7	3.11.501-1.git.c33a657.el7
redhat/openshift-kuryr-controller	<3.11.501-1.git.c33a657.el7	3.11.501-1.git.c33a657.el7
redhat/prometheus	<3.11.501-1.git.99aae51.el7	3.11.501-1.git.99aae51.el7
redhat/prometheus-alertmanager	<3.11.501-1.git.13de638.el7	3.11.501-1.git.13de638.el7
redhat/prometheus-node-exporter	<3.11.501-1.git.609cd20.el7	3.11.501-1.git.609cd20.el7
redhat/python2-kuryr-kubernetes	<3.11.501-1.git.c33a657.el7	3.11.501-1.git.c33a657.el7
redhat/atomic-enterprise-service-catalog	<3.11.501-1.git.2e6be86.el7	3.11.501-1.git.2e6be86.el7
redhat/atomic-enterprise-service-catalog-svcat	<3.11.501-1.git.2e6be86.el7	3.11.501-1.git.2e6be86.el7
redhat/atomic-openshift	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-clients	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-cluster-autoscaler	<3.11.501-1.git.99b2acf.el7	3.11.501-1.git.99b2acf.el7
redhat/atomic-openshift-descheduler	<3.11.501-1.git.d435537.el7	3.11.501-1.git.d435537.el7
redhat/atomic-openshift-hyperkube	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-hypershift	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-master	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-metrics-server	<3.11.501-1.git.f8bf728.el7	3.11.501-1.git.f8bf728.el7
redhat/atomic-openshift-node	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-node-problem-detector	<3.11.501-1.git.c8f26da.el7	3.11.501-1.git.c8f26da.el7
redhat/atomic-openshift-pod	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-sdn-ovs	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-service-idler	<3.11.501-1.git.39cfc66.el7	3.11.501-1.git.39cfc66.el7
redhat/atomic-openshift-template-service-broker	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-tests	<3.11.501-1.git.0.f8c4746.el7	3.11.501-1.git.0.f8c4746.el7
redhat/atomic-openshift-web-console	<3.11.501-1.git.fc3b323.el7	3.11.501-1.git.fc3b323.el7
redhat/cri-o	<1.11.16-0.16.rhaos3.11.git54f9e69.el7	1.11.16-0.16.rhaos3.11.git54f9e69.el7
redhat/cri-o-debuginfo	<1.11.16-0.16.rhaos3.11.git54f9e69.el7	1.11.16-0.16.rhaos3.11.git54f9e69.el7
redhat/golang-github-openshift-oauth-proxy	<3.11.501-1.git.edebe84.el7	3.11.501-1.git.edebe84.el7
redhat/openshift-ansible-test	<3.11.501-1.git.0.5ea39b1.el7	3.11.501-1.git.0.5ea39b1.el7
redhat/openshift-enterprise-autoheal	<3.11.501-1.git.f2f435d.el7	3.11.501-1.git.f2f435d.el7
redhat/openshift-enterprise-cluster-capacity	<3.11.501-1.git.22be164.el7	3.11.501-1.git.22be164.el7
redhat/prometheus	<3.11.501-1.git.99aae51.el7	3.11.501-1.git.99aae51.el7
redhat/prometheus-alertmanager	<3.11.501-1.git.13de638.el7	3.11.501-1.git.13de638.el7
redhat/prometheus-node-exporter	<3.11.501-1.git.609cd20.el7	3.11.501-1.git.609cd20.el7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2021:3193?
The severity of RHSA-2021:3193 is classified as Moderate due to the risk of leaking Docker config secrets.
How do I fix RHSA-2021:3193?
To fix RHSA-2021:3193, update to the specified patched package versions as per the advisory guidelines.
What products are affected by RHSA-2021:3193?
RHSA-2021:3193 affects multiple products including Red Hat OpenShift Container Platform and various associated packages.
What is the nature of the vulnerability addressed in RHSA-2021:3193?
RHSA-2021:3193 addresses vulnerabilities where improperly formatted files can lead to the exposure of sensitive information.
Is there a known exploit for RHSA-2021:3193?
As of the advisory, there are no known active exploits specifically targeting the vulnerability fixed in RHSA-2021:3193.

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:3193
agent/software-canonical-lookup
agent/remedy
agent/title
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat