Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2018-10184
Vulnerability from cvelistv5
Published
2018-05-09 07:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"name": "RHSA-2018:1372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"name": "RHSA-2018:1372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28",
"refsource": "CONFIRM",
"url": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"name": "RHSA-2018:1372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"name": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588",
"refsource": "CONFIRM",
"url": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10184",
"datePublished": "2018-05-09T07:00:00",
"dateReserved": "2018-04-17T00:00:00",
"dateUpdated": "2024-08-05T07:32:01.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.8.8\", \"matchCriteriaId\": \"65C3E88A-F1D5-4E0F-AA23-58FCDA5FE3D5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B99A2411-7F6A-457F-A7BF-EB13C630F902\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041F9200-4C01-4187-AE34-240E8277B54D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB48767-F095-444F-9E05-D9AC345AB803\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en versiones anteriores a la 1.8.8 de HAProxy. La longitud del frame H2 entrante se comprob\\u00f3 con la opci\\u00f3n max_frame_size en lugar de con bufsize. max_frame_size solo aplica al tr\\u00e1fico saliente y no al entrante, por lo que si un tama\\u00f1o de frame lo suficientemente grande se anuncia en el frame SETTINGS, un frame ajustado se desfragmentar\\u00e1 en un b\\u00fafer asignado temporalmente en el que el segundo fragmento podr\\u00eda desbordar la memoria din\\u00e1mica (heap) hasta los 16 kB. Es muy improbable que esto pueda ser explotado para ejecutar c\\u00f3digo, teniendo en cuenta la corta duraci\\u00f3n de los b\\u00fafers y que sus direcciones no son predecibles de forma realista en producci\\u00f3n, pero la posibilidad de un cierre inesperado inmediato es totalmente certera.\"}]",
"id": "CVE-2018-10184",
"lastModified": "2024-11-21T03:40:58.027",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-05-09T07:29:00.280",
"references": "[{\"url\": \"http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1372\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1372\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10184\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-05-09T07:29:00.280\",\"lastModified\":\"2024-11-21T03:40:58.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en versiones anteriores a la 1.8.8 de HAProxy. La longitud del frame H2 entrante se comprob\u00f3 con la opci\u00f3n max_frame_size en lugar de con bufsize. max_frame_size solo aplica al tr\u00e1fico saliente y no al entrante, por lo que si un tama\u00f1o de frame lo suficientemente grande se anuncia en el frame SETTINGS, un frame ajustado se desfragmentar\u00e1 en un b\u00fafer asignado temporalmente en el que el segundo fragmento podr\u00eda desbordar la memoria din\u00e1mica (heap) hasta los 16 kB. Es muy improbable que esto pueda ser explotado para ejecutar c\u00f3digo, teniendo en cuenta la corta duraci\u00f3n de los b\u00fafers y que sus direcciones no son predecibles de forma realista en producci\u00f3n, pero la posibilidad de un cierre inesperado inmediato es totalmente certera.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.8\",\"matchCriteriaId\":\"65C3E88A-F1D5-4E0F-AA23-58FCDA5FE3D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B99A2411-7F6A-457F-A7BF-EB13C630F902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041F9200-4C01-4187-AE34-240E8277B54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB48767-F095-444F-9E05-D9AC345AB803\"}]}]}],\"references\":[{\"url\":\"http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1372\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1372\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-v27h-hh5q-3p4q
Vulnerability from github
Published
2022-05-14 03:17
Modified
2022-05-14 03:17
Severity ?
Details
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
{
"affected": [],
"aliases": [
"CVE-2018-10184"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-09T07:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"id": "GHSA-v27h-hh5q-3p4q",
"modified": "2022-05-14T03:17:41Z",
"published": "2022-05-14T03:17:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"type": "WEB",
"url": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"type": "WEB",
"url": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
cve-2018-10184
Vulnerability from fkie_nvd
Published
2018-05-09 07:29
Modified
2024-11-21 03:40
Severity ?
Summary
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haproxy | haproxy | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.3 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C3E88A-F1D5-4E0F-AA23-58FCDA5FE3D5",
"versionEndExcluding": "1.8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99A2411-7F6A-457F-A7BF-EB13C630F902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 1.8.8 de HAProxy. La longitud del frame H2 entrante se comprob\u00f3 con la opci\u00f3n max_frame_size en lugar de con bufsize. max_frame_size solo aplica al tr\u00e1fico saliente y no al entrante, por lo que si un tama\u00f1o de frame lo suficientemente grande se anuncia en el frame SETTINGS, un frame ajustado se desfragmentar\u00e1 en un b\u00fafer asignado temporalmente en el que el segundo fragmento podr\u00eda desbordar la memoria din\u00e1mica (heap) hasta los 16 kB. Es muy improbable que esto pueda ser explotado para ejecutar c\u00f3digo, teniendo en cuenta la corta duraci\u00f3n de los b\u00fafers y que sus direcciones no son predecibles de forma realista en producci\u00f3n, pero la posibilidad de un cierre inesperado inmediato es totalmente certera."
}
],
"id": "CVE-2018-10184",
"lastModified": "2024-11-21T03:40:58.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-09T07:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"source": "cve@mitre.org",
"url": "http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2018:1372
Vulnerability from csaf_redhat
Published
2018-05-14 09:12
Modified
2024-11-14 23:42
Summary
Red Hat Security Advisory: rh-haproxy18-haproxy security update
Notes
Topic
An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Security Fix(es):
* haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service (CVE-2018-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.\n\nSecurity Fix(es):\n\n* haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service (CVE-2018-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1372",
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1372.json"
}
],
"title": "Red Hat Security Advisory: rh-haproxy18-haproxy security update",
"tracking": {
"current_release_date": "2024-11-14T23:42:47+00:00",
"generator": {
"date": "2024-11-14T23:42:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1372",
"initial_release_date": "2018-05-14T09:12:54+00:00",
"revision_history": [
{
"date": "2018-05-14T09:12:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-14T09:12:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:42:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy-syspaths@1.8.4-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy@1.8.4-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy-debuginfo@1.8.4-2.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product_id": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy@1.8.4-2.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1569297"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10184"
},
{
"category": "external",
"summary": "RHBZ#1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
}
],
"release_date": "2018-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-14T09:12:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service"
}
]
}
RHBA-2018:1566
Vulnerability from csaf_redhat
Published
2018-05-17 06:43
Modified
2024-11-14 23:33
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update
Notes
Topic
Red Hat OpenShift Container Platform release 3.9.27 is now available with updates to packages and images that fix several bugs and add enhancements.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.27. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1567
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.27 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.27. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1567\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:1566",
"url": "https://access.redhat.com/errata/RHBA-2018:1566"
},
{
"category": "external",
"summary": "1455680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455680"
},
{
"category": "external",
"summary": "1502028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502028"
},
{
"category": "external",
"summary": "1508828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508828"
},
{
"category": "external",
"summary": "1519522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519522"
},
{
"category": "external",
"summary": "1529496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529496"
},
{
"category": "external",
"summary": "1542135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542135"
},
{
"category": "external",
"summary": "1542867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542867"
},
{
"category": "external",
"summary": "1543647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543647"
},
{
"category": "external",
"summary": "1547226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547226"
},
{
"category": "external",
"summary": "1550018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550018"
},
{
"category": "external",
"summary": "1550372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550372"
},
{
"category": "external",
"summary": "1550797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550797"
},
{
"category": "external",
"summary": "1551499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551499"
},
{
"category": "external",
"summary": "1551904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551904"
},
{
"category": "external",
"summary": "1553034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553034"
},
{
"category": "external",
"summary": "1553186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553186"
},
{
"category": "external",
"summary": "1553260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553260"
},
{
"category": "external",
"summary": "1553576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553576"
},
{
"category": "external",
"summary": "1554379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554379"
},
{
"category": "external",
"summary": "1554878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554878"
},
{
"category": "external",
"summary": "1554885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554885"
},
{
"category": "external",
"summary": "1555220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555220"
},
{
"category": "external",
"summary": "1555426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555426"
},
{
"category": "external",
"summary": "1556739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556739"
},
{
"category": "external",
"summary": "1556757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556757"
},
{
"category": "external",
"summary": "1557036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557036"
},
{
"category": "external",
"summary": "1557909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557909"
},
{
"category": "external",
"summary": "1558155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558155"
},
{
"category": "external",
"summary": "1558422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558422"
},
{
"category": "external",
"summary": "1558472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558472"
},
{
"category": "external",
"summary": "1558564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558564"
},
{
"category": "external",
"summary": "1558863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558863"
},
{
"category": "external",
"summary": "1558900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558900"
},
{
"category": "external",
"summary": "1559404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559404"
},
{
"category": "external",
"summary": "1559675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559675"
},
{
"category": "external",
"summary": "1560659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560659"
},
{
"category": "external",
"summary": "1560916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560916"
},
{
"category": "external",
"summary": "1561196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561196"
},
{
"category": "external",
"summary": "1561247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561247"
},
{
"category": "external",
"summary": "1563230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563230"
},
{
"category": "external",
"summary": "1564076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564076"
},
{
"category": "external",
"summary": "1564179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564179"
},
{
"category": "external",
"summary": "1564944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564944"
},
{
"category": "external",
"summary": "1564949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564949"
},
{
"category": "external",
"summary": "1564978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564978"
},
{
"category": "external",
"summary": "1565909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565909"
},
{
"category": "external",
"summary": "1566559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566559"
},
{
"category": "external",
"summary": "1567028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567028"
},
{
"category": "external",
"summary": "1567827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567827"
},
{
"category": "external",
"summary": "1570394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570394"
},
{
"category": "external",
"summary": "1570398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570398"
},
{
"category": "external",
"summary": "1570859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570859"
},
{
"category": "external",
"summary": "1571093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571093"
},
{
"category": "external",
"summary": "1571430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571430"
},
{
"category": "external",
"summary": "1572419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572419"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_1566.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:33:02+00:00",
"generator": {
"date": "2024-11-14T23:33:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2018:1566",
"initial_release_date": "2018-05-17T06:43:09+00:00",
"revision_history": [
{
"date": "2018-05-17T06:43:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-17T06:43:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:33:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product": {
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product_id": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker@1.1.17-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.9.11-1.gitbc3d2f7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_id": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.9.11-1.gitbc3d2f7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product": {
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product_id": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@2.2.1-1.gitbc6058c.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.27-1.git.349.fbf9721.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.27-1.git.242.0fcf673.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product": {
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product_id": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node_exporter@3.9.27-1.git.887.8969372.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy18-0:1.8.8-1.el7.x86_64",
"product": {
"name": "haproxy18-0:1.8.8-1.el7.x86_64",
"product_id": "haproxy18-0:1.8.8-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy18@1.8.8-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product": {
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product_id": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.8-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_id": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.0.0-3.git8e6013a.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_id": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-3.git8e6013a.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-0:1.1.17-1.el7.src",
"product": {
"name": "ansible-service-broker-0:1.1.17-1.el7.src",
"product_id": "ansible-service-broker-0:1.1.17-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker@1.1.17-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product_id": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.9.11-1.gitbc3d2f7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product": {
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product_id": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-1.gitbc6058c.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.1.16-1.el7.src",
"product": {
"name": "apb-0:1.1.16-1.el7.src",
"product_id": "apb-0:1.1.16-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.1.16-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product_id": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-elasticsearch-plugin@2.4.4.22__redhat_1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.27-1.git.242.0fcf673.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product_id": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.27-1.git.0.964617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.27-1.git.887.8969372.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product_id": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.27-1.git.0.52e35b5.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.15.2-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "haproxy-0:1.8.8-1.el7.src",
"product": {
"name": "haproxy-0:1.8.8-1.el7.src",
"product_id": "haproxy-0:1.8.8-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy@1.8.8-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product_id": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.0.0-3.git8e6013a.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product": {
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product_id": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.17-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product": {
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product_id": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.17-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product": {
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product_id": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb-container-scripts@1.1.16-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.1.16-1.el7.noarch",
"product": {
"name": "apb-0:1.1.16-1.el7.noarch",
"product_id": "apb-0:1.1.16-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.1.16-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product_id": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-elasticsearch-plugin@2.4.4.22__redhat_1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.27-1.git.0.964617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.27-1.git.0.964617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch-doc@1.15.2-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.15.2-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-0:1.1.17-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src"
},
"product_reference": "ansible-service-broker-0:1.1.17-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64"
},
"product_reference": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch"
},
"product_reference": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch"
},
"product_reference": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.1.16-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch"
},
"product_reference": "apb-0:1.1.16-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.1.16-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src"
},
"product_reference": "apb-0:1.1.16-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch"
},
"product_reference": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src"
},
"product_reference": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64"
},
"product_reference": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src"
},
"product_reference": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64"
},
"product_reference": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src"
},
"product_reference": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-0:1.8.8-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src"
},
"product_reference": "haproxy-0:1.8.8-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64"
},
"product_reference": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy18-0:1.8.8-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
},
"product_reference": "haproxy18-0:1.8.8-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch"
},
"product_reference": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src"
},
"product_reference": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64"
},
"product_reference": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64"
},
"product_reference": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-04-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src",
"7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1569297"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src",
"7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10184"
},
{
"category": "external",
"summary": "RHBZ#1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
}
],
"release_date": "2018-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-17T06:43:09+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.27, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:1566"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service"
}
]
}
rhsa-2018:1372
Vulnerability from csaf_redhat
Published
2018-05-14 09:12
Modified
2024-11-14 23:42
Summary
Red Hat Security Advisory: rh-haproxy18-haproxy security update
Notes
Topic
An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Security Fix(es):
* haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service (CVE-2018-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.\n\nSecurity Fix(es):\n\n* haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service (CVE-2018-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1372",
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1372.json"
}
],
"title": "Red Hat Security Advisory: rh-haproxy18-haproxy security update",
"tracking": {
"current_release_date": "2024-11-14T23:42:47+00:00",
"generator": {
"date": "2024-11-14T23:42:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1372",
"initial_release_date": "2018-05-14T09:12:54+00:00",
"revision_history": [
{
"date": "2018-05-14T09:12:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-14T09:12:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:42:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy-syspaths@1.8.4-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy@1.8.4-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy-debuginfo@1.8.4-2.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product_id": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy@1.8.4-2.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1569297"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10184"
},
{
"category": "external",
"summary": "RHBZ#1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
}
],
"release_date": "2018-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-14T09:12:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service"
}
]
}
rhsa-2018_1372
Vulnerability from csaf_redhat
Published
2018-05-14 09:12
Modified
2024-11-14 23:42
Summary
Red Hat Security Advisory: rh-haproxy18-haproxy security update
Notes
Topic
An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Security Fix(es):
* haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service (CVE-2018-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.\n\nSecurity Fix(es):\n\n* haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service (CVE-2018-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1372",
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1372.json"
}
],
"title": "Red Hat Security Advisory: rh-haproxy18-haproxy security update",
"tracking": {
"current_release_date": "2024-11-14T23:42:47+00:00",
"generator": {
"date": "2024-11-14T23:42:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1372",
"initial_release_date": "2018-05-14T09:12:54+00:00",
"revision_history": [
{
"date": "2018-05-14T09:12:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-14T09:12:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:42:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy-syspaths@1.8.4-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy@1.8.4-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product_id": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy-debuginfo@1.8.4-2.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product_id": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-haproxy18-haproxy@1.8.4-2.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
},
"product_reference": "rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1569297"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10184"
},
{
"category": "external",
"summary": "RHBZ#1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
}
],
"release_date": "2018-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-14T09:12:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.3.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Server-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.src",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-debuginfo-0:1.8.4-2.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-haproxy18-haproxy-syspaths-0:1.8.4-2.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service"
}
]
}
rhba-2018:1566
Vulnerability from csaf_redhat
Published
2018-05-17 06:43
Modified
2024-11-14 23:33
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update
Notes
Topic
Red Hat OpenShift Container Platform release 3.9.27 is now available with updates to packages and images that fix several bugs and add enhancements.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.27. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1567
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.27 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.27. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1567\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:1566",
"url": "https://access.redhat.com/errata/RHBA-2018:1566"
},
{
"category": "external",
"summary": "1455680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455680"
},
{
"category": "external",
"summary": "1502028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502028"
},
{
"category": "external",
"summary": "1508828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508828"
},
{
"category": "external",
"summary": "1519522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519522"
},
{
"category": "external",
"summary": "1529496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529496"
},
{
"category": "external",
"summary": "1542135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542135"
},
{
"category": "external",
"summary": "1542867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542867"
},
{
"category": "external",
"summary": "1543647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543647"
},
{
"category": "external",
"summary": "1547226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547226"
},
{
"category": "external",
"summary": "1550018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550018"
},
{
"category": "external",
"summary": "1550372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550372"
},
{
"category": "external",
"summary": "1550797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550797"
},
{
"category": "external",
"summary": "1551499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551499"
},
{
"category": "external",
"summary": "1551904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551904"
},
{
"category": "external",
"summary": "1553034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553034"
},
{
"category": "external",
"summary": "1553186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553186"
},
{
"category": "external",
"summary": "1553260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553260"
},
{
"category": "external",
"summary": "1553576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553576"
},
{
"category": "external",
"summary": "1554379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554379"
},
{
"category": "external",
"summary": "1554878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554878"
},
{
"category": "external",
"summary": "1554885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554885"
},
{
"category": "external",
"summary": "1555220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555220"
},
{
"category": "external",
"summary": "1555426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555426"
},
{
"category": "external",
"summary": "1556739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556739"
},
{
"category": "external",
"summary": "1556757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556757"
},
{
"category": "external",
"summary": "1557036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557036"
},
{
"category": "external",
"summary": "1557909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557909"
},
{
"category": "external",
"summary": "1558155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558155"
},
{
"category": "external",
"summary": "1558422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558422"
},
{
"category": "external",
"summary": "1558472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558472"
},
{
"category": "external",
"summary": "1558564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558564"
},
{
"category": "external",
"summary": "1558863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558863"
},
{
"category": "external",
"summary": "1558900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558900"
},
{
"category": "external",
"summary": "1559404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559404"
},
{
"category": "external",
"summary": "1559675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559675"
},
{
"category": "external",
"summary": "1560659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560659"
},
{
"category": "external",
"summary": "1560916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560916"
},
{
"category": "external",
"summary": "1561196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561196"
},
{
"category": "external",
"summary": "1561247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561247"
},
{
"category": "external",
"summary": "1563230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563230"
},
{
"category": "external",
"summary": "1564076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564076"
},
{
"category": "external",
"summary": "1564179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564179"
},
{
"category": "external",
"summary": "1564944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564944"
},
{
"category": "external",
"summary": "1564949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564949"
},
{
"category": "external",
"summary": "1564978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564978"
},
{
"category": "external",
"summary": "1565909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565909"
},
{
"category": "external",
"summary": "1566559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566559"
},
{
"category": "external",
"summary": "1567028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567028"
},
{
"category": "external",
"summary": "1567827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567827"
},
{
"category": "external",
"summary": "1570394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570394"
},
{
"category": "external",
"summary": "1570398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570398"
},
{
"category": "external",
"summary": "1570859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570859"
},
{
"category": "external",
"summary": "1571093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571093"
},
{
"category": "external",
"summary": "1571430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571430"
},
{
"category": "external",
"summary": "1572419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572419"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_1566.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:33:02+00:00",
"generator": {
"date": "2024-11-14T23:33:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2018:1566",
"initial_release_date": "2018-05-17T06:43:09+00:00",
"revision_history": [
{
"date": "2018-05-17T06:43:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-17T06:43:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:33:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product": {
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product_id": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker@1.1.17-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.9.11-1.gitbc3d2f7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_id": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.9.11-1.gitbc3d2f7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product": {
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product_id": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@2.2.1-1.gitbc6058c.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.27-1.git.349.fbf9721.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.27-1.git.242.0fcf673.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product": {
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product_id": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node_exporter@3.9.27-1.git.887.8969372.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy18-0:1.8.8-1.el7.x86_64",
"product": {
"name": "haproxy18-0:1.8.8-1.el7.x86_64",
"product_id": "haproxy18-0:1.8.8-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy18@1.8.8-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product": {
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product_id": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.8-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_id": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.0.0-3.git8e6013a.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_id": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-3.git8e6013a.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-0:1.1.17-1.el7.src",
"product": {
"name": "ansible-service-broker-0:1.1.17-1.el7.src",
"product_id": "ansible-service-broker-0:1.1.17-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker@1.1.17-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product_id": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.9.11-1.gitbc3d2f7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product": {
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product_id": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-1.gitbc6058c.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.1.16-1.el7.src",
"product": {
"name": "apb-0:1.1.16-1.el7.src",
"product_id": "apb-0:1.1.16-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.1.16-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product_id": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-elasticsearch-plugin@2.4.4.22__redhat_1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.27-1.git.242.0fcf673.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product_id": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.27-1.git.0.964617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.27-1.git.887.8969372.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product_id": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.27-1.git.0.52e35b5.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.15.2-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "haproxy-0:1.8.8-1.el7.src",
"product": {
"name": "haproxy-0:1.8.8-1.el7.src",
"product_id": "haproxy-0:1.8.8-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy@1.8.8-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product_id": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.0.0-3.git8e6013a.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product": {
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product_id": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.17-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product": {
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product_id": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.17-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product": {
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product_id": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb-container-scripts@1.1.16-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.1.16-1.el7.noarch",
"product": {
"name": "apb-0:1.1.16-1.el7.noarch",
"product_id": "apb-0:1.1.16-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.1.16-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product_id": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-elasticsearch-plugin@2.4.4.22__redhat_1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.27-1.git.0.964617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.27-1.git.0.964617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch-doc@1.15.2-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.15.2-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-0:1.1.17-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src"
},
"product_reference": "ansible-service-broker-0:1.1.17-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64"
},
"product_reference": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch"
},
"product_reference": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch"
},
"product_reference": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.1.16-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch"
},
"product_reference": "apb-0:1.1.16-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.1.16-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src"
},
"product_reference": "apb-0:1.1.16-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch"
},
"product_reference": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src"
},
"product_reference": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64"
},
"product_reference": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src"
},
"product_reference": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64"
},
"product_reference": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src"
},
"product_reference": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-0:1.8.8-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src"
},
"product_reference": "haproxy-0:1.8.8-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64"
},
"product_reference": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy18-0:1.8.8-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
},
"product_reference": "haproxy18-0:1.8.8-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch"
},
"product_reference": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src"
},
"product_reference": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64"
},
"product_reference": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64"
},
"product_reference": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-04-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src",
"7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1569297"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src",
"7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10184"
},
{
"category": "external",
"summary": "RHBZ#1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
}
],
"release_date": "2018-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-17T06:43:09+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.27, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:1566"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service"
}
]
}
rhba-2018_1566
Vulnerability from csaf_redhat
Published
2018-05-17 06:43
Modified
2024-11-14 23:33
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update
Notes
Topic
Red Hat OpenShift Container Platform release 3.9.27 is now available with updates to packages and images that fix several bugs and add enhancements.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.27. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1567
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.27 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.27. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1567\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:1566",
"url": "https://access.redhat.com/errata/RHBA-2018:1566"
},
{
"category": "external",
"summary": "1455680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455680"
},
{
"category": "external",
"summary": "1502028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502028"
},
{
"category": "external",
"summary": "1508828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508828"
},
{
"category": "external",
"summary": "1519522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519522"
},
{
"category": "external",
"summary": "1529496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529496"
},
{
"category": "external",
"summary": "1542135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542135"
},
{
"category": "external",
"summary": "1542867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542867"
},
{
"category": "external",
"summary": "1543647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543647"
},
{
"category": "external",
"summary": "1547226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547226"
},
{
"category": "external",
"summary": "1550018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550018"
},
{
"category": "external",
"summary": "1550372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550372"
},
{
"category": "external",
"summary": "1550797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550797"
},
{
"category": "external",
"summary": "1551499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551499"
},
{
"category": "external",
"summary": "1551904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551904"
},
{
"category": "external",
"summary": "1553034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553034"
},
{
"category": "external",
"summary": "1553186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553186"
},
{
"category": "external",
"summary": "1553260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553260"
},
{
"category": "external",
"summary": "1553576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553576"
},
{
"category": "external",
"summary": "1554379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554379"
},
{
"category": "external",
"summary": "1554878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554878"
},
{
"category": "external",
"summary": "1554885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554885"
},
{
"category": "external",
"summary": "1555220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555220"
},
{
"category": "external",
"summary": "1555426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555426"
},
{
"category": "external",
"summary": "1556739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556739"
},
{
"category": "external",
"summary": "1556757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556757"
},
{
"category": "external",
"summary": "1557036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557036"
},
{
"category": "external",
"summary": "1557909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557909"
},
{
"category": "external",
"summary": "1558155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558155"
},
{
"category": "external",
"summary": "1558422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558422"
},
{
"category": "external",
"summary": "1558472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558472"
},
{
"category": "external",
"summary": "1558564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558564"
},
{
"category": "external",
"summary": "1558863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558863"
},
{
"category": "external",
"summary": "1558900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558900"
},
{
"category": "external",
"summary": "1559404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559404"
},
{
"category": "external",
"summary": "1559675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559675"
},
{
"category": "external",
"summary": "1560659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560659"
},
{
"category": "external",
"summary": "1560916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560916"
},
{
"category": "external",
"summary": "1561196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561196"
},
{
"category": "external",
"summary": "1561247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561247"
},
{
"category": "external",
"summary": "1563230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563230"
},
{
"category": "external",
"summary": "1564076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564076"
},
{
"category": "external",
"summary": "1564179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564179"
},
{
"category": "external",
"summary": "1564944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564944"
},
{
"category": "external",
"summary": "1564949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564949"
},
{
"category": "external",
"summary": "1564978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564978"
},
{
"category": "external",
"summary": "1565909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565909"
},
{
"category": "external",
"summary": "1566559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566559"
},
{
"category": "external",
"summary": "1567028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567028"
},
{
"category": "external",
"summary": "1567827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567827"
},
{
"category": "external",
"summary": "1570394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570394"
},
{
"category": "external",
"summary": "1570398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570398"
},
{
"category": "external",
"summary": "1570859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570859"
},
{
"category": "external",
"summary": "1571093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571093"
},
{
"category": "external",
"summary": "1571430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571430"
},
{
"category": "external",
"summary": "1572419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572419"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_1566.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:33:02+00:00",
"generator": {
"date": "2024-11-14T23:33:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2018:1566",
"initial_release_date": "2018-05-17T06:43:09+00:00",
"revision_history": [
{
"date": "2018-05-17T06:43:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-17T06:43:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:33:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product": {
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product_id": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker@1.1.17-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.9.11-1.gitbc3d2f7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_id": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.9.11-1.gitbc3d2f7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product": {
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product_id": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@2.2.1-1.gitbc6058c.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.27-1.git.349.fbf9721.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.27-1.git.242.0fcf673.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.27-1.git.0.964617d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product": {
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product_id": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node_exporter@3.9.27-1.git.887.8969372.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy18-0:1.8.8-1.el7.x86_64",
"product": {
"name": "haproxy18-0:1.8.8-1.el7.x86_64",
"product_id": "haproxy18-0:1.8.8-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy18@1.8.8-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product": {
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product_id": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.8-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_id": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.0.0-3.git8e6013a.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_id": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-3.git8e6013a.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-0:1.1.17-1.el7.src",
"product": {
"name": "ansible-service-broker-0:1.1.17-1.el7.src",
"product_id": "ansible-service-broker-0:1.1.17-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker@1.1.17-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product_id": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.9.11-1.gitbc3d2f7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product": {
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product_id": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-1.gitbc6058c.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.1.16-1.el7.src",
"product": {
"name": "apb-0:1.1.16-1.el7.src",
"product_id": "apb-0:1.1.16-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.1.16-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product_id": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-elasticsearch-plugin@2.4.4.22__redhat_1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.27-1.git.242.0fcf673.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product_id": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.27-1.git.0.964617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.27-1.git.887.8969372.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product_id": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.27-1.git.0.52e35b5.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.15.2-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "haproxy-0:1.8.8-1.el7.src",
"product": {
"name": "haproxy-0:1.8.8-1.el7.src",
"product_id": "haproxy-0:1.8.8-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy@1.8.8-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product_id": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.0.0-3.git8e6013a.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product": {
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product_id": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.17-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product": {
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product_id": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.17-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product": {
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product_id": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb-container-scripts@1.1.16-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.1.16-1.el7.noarch",
"product": {
"name": "apb-0:1.1.16-1.el7.noarch",
"product_id": "apb-0:1.1.16-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.1.16-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product_id": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-elasticsearch-plugin@2.4.4.22__redhat_1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.27-1.git.0.964617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.27-1.git.0.964617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.27-1.git.0.52e35b5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch-doc@1.15.2-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.15.2-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-0:1.1.17-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src"
},
"product_reference": "ansible-service-broker-0:1.1.17-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-0:1.1.17-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64"
},
"product_reference": "ansible-service-broker-0:1.1.17-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch"
},
"product_reference": "ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch"
},
"product_reference": "ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.1.16-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch"
},
"product_reference": "apb-0:1.1.16-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.1.16-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src"
},
"product_reference": "apb-0:1.1.16-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-container-scripts-0:1.1.16-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch"
},
"product_reference": "apb-container-scripts-0:1.1.16-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src"
},
"product_reference": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64"
},
"product_reference": "cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src"
},
"product_reference": "cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64"
},
"product_reference": "cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src"
},
"product_reference": "golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-0:1.8.8-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src"
},
"product_reference": "haproxy-0:1.8.8-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64"
},
"product_reference": "haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy18-0:1.8.8-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
},
"product_reference": "haproxy18-0:1.8.8-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch"
},
"product_reference": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src"
},
"product_reference": "openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64"
},
"product_reference": "prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64"
},
"product_reference": "prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-04-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src",
"7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1569297"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.src",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.17-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.17-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:apb-0:1.1.16-1.el7.src",
"7Server-RH7-RHOSE-3.9:apb-container-scripts-0:1.1.16-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.27-1.git.349.fbf9721.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.27-1.git.0.964617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.27-1.git.0.964617d.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.27-1.git.242.0fcf673.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.src",
"7Server-RH7-RHOSE-3.9:cri-o-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.11-1.gitbc3d2f7.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.src",
"7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-3.git8e6013a.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.src",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-1.gitbc6058c.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.27-1.git.0.52e35b5.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.27-1.git.0.52e35b5.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.22__redhat_1-1.el7.src",
"7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-1.gitbc6058c.el7.x86_64",
"7Server-RH7-RHOSE-3.9:prometheus-node_exporter-0:3.9.27-1.git.887.8969372.el7.x86_64",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.15.2-1.el7.src",
"7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-doc-0:1.15.2-1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10184"
},
{
"category": "external",
"summary": "RHBZ#1569297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10184"
}
],
"release_date": "2018-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-17T06:43:09+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.27, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:1566"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:haproxy-0:1.8.8-1.el7.src",
"7Server-RH7-RHOSE-3.9:haproxy-debuginfo-0:1.8.8-1.el7.x86_64",
"7Server-RH7-RHOSE-3.9:haproxy18-0:1.8.8-1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service"
}
]
}
gsd-2018-10184
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10184",
"description": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"id": "GSD-2018-10184",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10184.html",
"https://access.redhat.com/errata/RHBA-2018:1566",
"https://access.redhat.com/errata/RHSA-2018:1372"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10184"
],
"details": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",
"id": "GSD-2018-10184",
"modified": "2023-12-13T01:22:40.913166Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28",
"refsource": "CONFIRM",
"url": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"name": "RHSA-2018:1372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
},
{
"name": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588",
"refsource": "CONFIRM",
"url": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10184"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
},
{
"name": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
},
{
"name": "RHSA-2018:1372",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-06-18T17:18Z",
"publishedDate": "2018-05-09T07:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.