Action not permitted
Modal body text goes here.
cve-2020-8945
Vulnerability from cvelistv5
Published
2020-02-12 17:20
Modified
2024-08-04 10:12
Severity
Summary
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/proglottis/gpgme/pull/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
},
{
"name": "FEDORA-2020-f317e13ecf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/"
},
{
"name": "FEDORA-2020-2a0aac3502",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/"
},
{
"name": "FEDORA-2020-ccc3e64ea5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/"
},
{
"name": "RHSA-2020:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"name": "RHSA-2020:0689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"name": "RHSA-2020:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-24T02:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/proglottis/gpgme/pull/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
},
{
"name": "FEDORA-2020-f317e13ecf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/"
},
{
"name": "FEDORA-2020-2a0aac3502",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/"
},
{
"name": "FEDORA-2020-ccc3e64ea5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/"
},
{
"name": "RHSA-2020:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"name": "RHSA-2020:0689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"name": "RHSA-2020:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/proglottis/gpgme/pull/23",
"refsource": "MISC",
"url": "https://github.com/proglottis/gpgme/pull/23"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"name": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1",
"refsource": "MISC",
"url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
},
{
"name": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1",
"refsource": "MISC",
"url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
},
{
"name": "FEDORA-2020-f317e13ecf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/"
},
{
"name": "FEDORA-2020-2a0aac3502",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/"
},
{
"name": "FEDORA-2020-ccc3e64ea5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/"
},
{
"name": "RHSA-2020:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"name": "RHSA-2020:0689",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"name": "RHSA-2020:0697",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8945",
"datePublished": "2020-02-12T17:20:43",
"dateReserved": "2020-02-12T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-8945\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-02-12T18:15:10.470\",\"lastModified\":\"2023-11-07T03:26:47.827\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.\"},{\"lang\":\"es\",\"value\":\"El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de im\u00e1genes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ejecuci\u00f3n de c\u00f3digo durante una comprobaci\u00f3n de la firma GPG.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.1},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gpgme_project:gpgme:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.1.1\",\"matchCriteriaId\":\"D6AF4CA3-6FB7-4184-B62B-5CC4389C7B01\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C85A84D-A70F-4B02-9E5D-CD9660ABF048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E57E25E-342F-411A-8840-6AF01078D09F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44C5E433-229C-4BB9-8481-8A74AFA8DB8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D432C063-0805-4151-A819-508FE8954101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D9E8067-7EEF-4D59-B55D-6C2B33405963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F02265-FA70-4FE1-8EE1-F30C61E11F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AD34820-B5A7-470F-B290-E4C7C8BFAF80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D0C69D6-E171-4750-8676-5F16DB88A197\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"566507B6-AC95-47F7-A3FB-C6F414E45F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0689\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0697\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1795838\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proglottis/gpgme/pull/23\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/\",\"source\":\"cve@mitre.org\"}]}}"
}
}
wid-sec-w-2022-1089
Vulnerability from csaf_certbund
Published
2020-03-10 23:00
Modified
2024-01-01 23:00
Summary
Red Hat OpenShift Container Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Red Hat OpenShift Container Platform bietet Unternehmen die Möglichkeit der Steuerung ihrer Kubernetes Umgebungen.
Angriff
Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Container Platform ausnutzen, um seine Privilegien zu erhöhen, Code zur Ausführung zu bringen oder Dateien zu manipulieren
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Red Hat OpenShift Container Platform bietet Unternehmen die M\u00f6glichkeit der Steuerung ihrer Kubernetes Umgebungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Container Platform ausnutzen, um seine Privilegien zu erh\u00f6hen, Code zur Ausf\u00fchrung zu bringen oder Dateien zu manipulieren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1089 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1089.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1089 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1089"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2020-03-10",
"url": "https://access.redhat.com/errata/RHSA-2020:0688"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2020-03-10",
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2020-03-10",
"url": "https://access.redhat.com/errata/RHSA-2020:0680"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2020-03-10",
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0697 vom 2020-03-12",
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0695 vom 2020-03-12",
"url": "https://access.redhat.com/errata/RHSA-2020:0695"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0942 vom 2020-03-23",
"url": "https://access.redhat.com/errata/RHSA-2020:0942"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0863 vom 2020-03-24",
"url": "https://access.redhat.com/errata/RHSA-2020:0863"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0928 vom 2020-03-24",
"url": "https://access.redhat.com/errata/RHSA-2020:0928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1230 vom 2020-04-01",
"url": "https://access.redhat.com/errata/RHSA-2020:1230"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1234 vom 2020-04-01",
"url": "https://access.redhat.com/errata/RHSA-2020:1234"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1231 vom 2020-04-01",
"url": "https://access.redhat.com/errata/RHSA-2020:1231"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0934 vom 2020-04-01",
"url": "https://access.redhat.com/errata/RHSA-2020:0934"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0944-1 vom 2020-04-08",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200944-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1402 vom 2020-04-14",
"url": "https://access.redhat.com/errata/RHSA-2020:1402"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1485 vom 2020-04-20",
"url": "https://access.redhat.com/errata/RHSA-2020:1485"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1650 vom 2020-04-28",
"url": "https://access.redhat.com/errata/RHSA-2020:1650"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1940 vom 2020-05-04",
"url": "https://access.redhat.com/errata/RHSA-2020:1940"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1937 vom 2020-05-04",
"url": "https://access.redhat.com/errata/RHSA-2020:1937"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2117 vom 2020-05-12",
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-1932 vom 2020-05-13",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-May/009917.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2027 vom 2020-05-13",
"url": "https://access.redhat.com/errata/RHSA-2020:2027"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2413 vom 2020-07-13",
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2020-AEEA04CD13 vom 2020-07-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-aeea04cd13"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2927 vom 2020-07-21",
"url": "https://access.redhat.com/errata/RHSA-2020:2927"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2992 vom 2020-07-27",
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3167 vom 2020-07-28",
"url": "https://access.redhat.com/errata/RHSA-2020:3167"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1458-1 vom 2021-04-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008717.html"
},
{
"category": "external",
"summary": "Amazon Linux 2 Security Advisory",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-009.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6119 vom 2022-08-22",
"url": "https://access.redhat.com/errata/RHSA-2022:6119"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2003-1 vom 2023-04-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014583.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4093 vom 2023-07-20",
"url": "https://access.redhat.com/errata/RHSA-2023:4093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5006 vom 2023-12-30",
"url": "https://access.redhat.com/errata/RHSA-2023:5006"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Container Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-01T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T16:55:52.880+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-1089",
"initial_release_date": "2020-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-15T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: GLSA/202003-21"
},
{
"date": "2020-03-23T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-24T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-31T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-07T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-04-14T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-20T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-03T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-12T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-13T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2020-07-13T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-15T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2020-07-20T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-27T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-05-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-12-08T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-08-22T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-25T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-07-20T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-01T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "24"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform \u003c 4.14.0",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c 4.14.0",
"product_id": "T031839",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.0"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform \u003c 4.3.5",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c 4.3.5",
"product_id": "T016069",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_platform:4.3.5"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform \u003c 4.2.22",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c 4.2.22",
"product_id": "T016070",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_platform:4.2.22"
}
}
}
],
"category": "product_name",
"name": "openshift_container_platform"
}
],
"category": "vendor",
"name": "redhat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19921",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift Container Platform aufgrund einer fehlerhaften Zugriffskontrolle in runc. Ein Angreifer der in der Lage ist zwei Container mit benutzerdefinierten Volume-Mount-Konfigurationen zu erzeugen und benutzerdefinierte Images auszuf\u00fchren kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914",
"T031839"
]
},
"release_date": "2020-03-10T23:00:00Z",
"title": "CVE-2019-19921"
},
{
"cve": "CVE-2020-1726",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift Container Platform. Podman erlaubt unter bestimmten Umst\u00e4nden Containern wenn sie erstellt werden das \u00dcberschreiben vorhandener Volumes, auch wenn diese als \"read only\" gemountet sind. Ein Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914",
"T031839"
]
},
"release_date": "2020-03-10T23:00:00Z",
"title": "CVE-2020-1726"
},
{
"cve": "CVE-2020-8945",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift Container Platform. In der Go GPGME wrapper Bibliothek, github.com/proglottis/gpgme, besteht ein \"Use-after-Free\" Fehler w\u00e4hrend der GPG Signatur Pr\u00fcfung. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausf\u00fchrung zu bringen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914",
"T031839"
]
},
"release_date": "2020-03-10T23:00:00Z",
"title": "CVE-2020-8945"
}
]
}
rhsa-2020_0679
Vulnerability from csaf_redhat
Published
2020-03-10 23:33
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.3.5 skopeo security update
Notes
Topic
An update for skopeo is now available for Red Hat OpenShift Container Platform 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free vulnerability was found in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat OpenShift Container Platform 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free vulnerability was found in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0679",
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0679.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.3.5 skopeo security update",
"tracking": {
"current_release_date": "2024-09-13T22:39:45+00:00",
"generator": {
"date": "2024-09-13T22:39:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:0679",
"initial_release_date": "2020-03-10T23:33:45+00:00",
"revision_history": [
{
"date": "2020-03-10T23:33:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-10T23:33:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"product": {
"name": "containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"product_id": "containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.40-4.rhaos.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"product": {
"name": "skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"product_id": "skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.40-4.rhaos.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64",
"product": {
"name": "skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64",
"product_id": "skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@0.1.40-4.rhaos.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"product": {
"name": "skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"product_id": "skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@0.1.40-4.rhaos.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"product": {
"name": "skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"product_id": "skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.40-4.rhaos.el8?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1:0.1.40-4.rhaos.el8.src",
"product": {
"name": "skopeo-1:0.1.40-4.rhaos.el8.src",
"product_id": "skopeo-1:0.1.40-4.rhaos.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.40-4.rhaos.el8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-4.rhaos.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:containers-common-1:0.1.40-4.rhaos.el8.x86_64"
},
"product_reference": "containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-4.rhaos.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.src"
},
"product_reference": "skopeo-1:0.1.40-4.rhaos.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-4.rhaos.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.x86_64"
},
"product_reference": "skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64"
},
"product_reference": "skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64"
},
"product_reference": "skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.3:containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.src",
"8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.5, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.3:containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.src",
"8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.3:containers-common-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.src",
"8Base-RHOSE-4.3:skopeo-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-debuginfo-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-debugsource-1:0.1.40-4.rhaos.el8.x86_64",
"8Base-RHOSE-4.3:skopeo-tests-1:0.1.40-4.rhaos.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_2027
Vulnerability from csaf_redhat
Published
2020-05-13 11:15
Modified
2024-09-13 22:40
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.2.33 openshift-clients security update
Notes
Topic
An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2027",
"url": "https://access.redhat.com/errata/RHSA-2020:2027"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_2027.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.2.33 openshift-clients security update",
"tracking": {
"current_release_date": "2024-09-13T22:40:27+00:00",
"generator": {
"date": "2024-09-13T22:40:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:2027",
"initial_release_date": "2020-05-13T11:15:23+00:00",
"revision_history": [
{
"date": "2020-05-13T11:15:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-13T11:15:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:40:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"product": {
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"product_id": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.2.32-202005020632.git.1.1b0fab9.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"product_id": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.2.32-202005020632.git.1.1b0fab9.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.2.32-202005020632.git.1.1b0fab9.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"product": {
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"product_id": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.2.32-202005020632.git.1.1b0fab9.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x"
},
"product_reference": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src"
},
"product_reference": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"8Base-RHOSE-4.2:openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.2 see the following documentation, which\nwill be updated shortly for release 4.2.33, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.2/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"8Base-RHOSE-4.2:openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.s390x",
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.src",
"8Base-RHOSE-4.2:openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64",
"8Base-RHOSE-4.2:openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_2992
Vulnerability from csaf_redhat
Published
2020-07-27 18:50
Modified
2024-09-16 04:36
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.11 security update
Notes
Topic
An update for atomic-openshift, atomic-openshift-web-console, and cri-o is now available for Red Hat OpenShift Container Platform 3.11.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* cri-o: A flaw was found in cri-o that can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. (CVE-2019-14891)
* nodejs-minimist: Prototype pollution allows adding or modifying properties of Object.prototype using a `constructor` or `__proto__` payload. (CVE-2020-7598)
* kubernetes: Use of unbounded 'client' label in apiserver_request_total allows repeated, crafted HTTP requests to exhaust available memory and cause a crash. (CVE-2020-8552)
* kubernetes: A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports and gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication. (CVE-2020-8558)
* proglottis/gpgme: A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. (CVE-2020-8945)
* openshift/console: A flaw allowed text injection on error pages with a crafted URL. (CVE-2020-10715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for atomic-openshift, atomic-openshift-web-console, and cri-o is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* cri-o: A flaw was found in cri-o that can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. (CVE-2019-14891)\n\n* nodejs-minimist: Prototype pollution allows adding or modifying properties of Object.prototype using a `constructor` or `__proto__` payload. (CVE-2020-7598)\n\n* kubernetes: Use of unbounded \u0027client\u0027 label in apiserver_request_total allows repeated, crafted HTTP requests to exhaust available memory and cause a crash. (CVE-2020-8552)\n\n* kubernetes: A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports and gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication. (CVE-2020-8558)\n\n* proglottis/gpgme: A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. (CVE-2020-8945)\n\n* openshift/console: A flaw allowed text injection on error pages with a crafted URL. (CVE-2020-10715)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2992",
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1767665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767665"
},
{
"category": "external",
"summary": "1772280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772280"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1797909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797909"
},
{
"category": "external",
"summary": "1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_2992.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.11 security update",
"tracking": {
"current_release_date": "2024-09-16T04:36:15+00:00",
"generator": {
"date": "2024-09-16T04:36:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:2992",
"initial_release_date": "2020-07-27T18:50:56+00:00",
"revision_history": [
{
"date": "2020-07-27T18:50:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-27T18:50:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T04:36:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.11",
"product": {
"name": "Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.11::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product": {
"name": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_id": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.248-1.git.0.92ee8ac.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"product": {
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"product_id": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.11.16-0.10.dev.rhaos3.11.git1eee681.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"product_id": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.11.16-0.10.dev.rhaos3.11.git1eee681.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"product": {
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"product_id": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.248-1.git.1.cc96c2d.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.248-1.git.0.92ee8ac.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"product": {
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"product_id": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.11.16-0.10.dev.rhaos3.11.git1eee681.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.11.16-0.10.dev.rhaos3.11.git1eee681.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.248-1.git.1.cc96c2d.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"product": {
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"product_id": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.248-1.git.0.92ee8ac.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"product": {
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"product_id": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.11.16-0.10.dev.rhaos3.11.git1eee681.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"product_id": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.248-1.git.1.cc96c2d.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.248-1.git.0.92ee8ac.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.248-1.git.0.92ee8ac.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src"
},
"product_reference": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le"
},
"product_reference": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le"
},
"product_reference": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le"
},
"product_reference": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src"
},
"product_reference": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
},
"product_reference": "cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Nick Freeman"
],
"organization": "Capsule8"
}
],
"cve": "CVE-2019-14891",
"cwe": {
"id": "CWE-460",
"name": "Improper Cleanup on Thrown Exception"
},
"discovery_date": "2019-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772280"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cri-o: infra container reparented to systemd following OOM Killer killing it\u0027s conmon",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14891"
},
{
"category": "external",
"summary": "RHBZ#1772280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14891",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14891"
},
{
"category": "external",
"summary": "https://capsule8.com/blog/oomypod-nothin-to-cri-o-bout/",
"url": "https://capsule8.com/blog/oomypod-nothin-to-cri-o-bout/"
}
],
"release_date": "2019-11-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
},
{
"category": "workaround",
"details": "As of cri-o v1.15 you can set conmon_cgroup = \"system.slice\" in the crio.runtime section of /etc/crio/crio.conf. On OpenShift Container Platform 4.x that can be done by following the documentation here:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.2/html/architecture/architecture-rhcos\n\nFor OpenShift Container Platform 3.x you can edit /etc/crio/crio.conf directly on the worker node if using cri-o on that version. Cri-o is not the default container engine on that version, Docker is.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cri-o: infra container reparented to systemd following OOM Killer killing it\u0027s conmon"
},
{
"cve": "CVE-2020-7598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1813344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a \"constructor\" or \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay only includes minimist as a dependency of the test suites, and it not include it in the product. We may fix this issue in a future Red Hat Quay release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "RHBZ#1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
}
],
"release_date": "2020-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload"
},
{
"acknowledgments": [
{
"names": [
"Kubernetes Product Security Committee"
]
},
{
"names": [
"Gus Lees"
],
"organization": "Amazon",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8552",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-02-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1797909"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Use of unbounded \u0027client\u0027 label in apiserver_request_total allows for memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8552"
},
{
"category": "external",
"summary": "RHBZ#1797909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8552"
},
{
"category": "external",
"summary": "https://github.com/kubernetes/kubernetes/issues/89378",
"url": "https://github.com/kubernetes/kubernetes/issues/89378"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"
}
],
"release_date": "2020-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
},
{
"category": "workaround",
"details": "Prevent unauthenticated or unauthorized access to all APIs",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Use of unbounded \u0027client\u0027 label in apiserver_request_total allows for memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Yuval Avrahami",
"Ariel Zelivansky"
],
"organization": "Palo Alto Networks",
"summary": "Acknowledged by upstream."
},
{
"names": [
"J\u00e1nos K\u00f6v\u00e9r"
],
"organization": "Ericsson",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Rory McCune"
],
"organization": "NCC Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8558",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"discovery_date": "2020-05-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: node localhost services reachable via martian packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform does not expose the API server on a localhost port without authentication. The only service exposed on a localhost port not protected by authentication is Metrics, which exposes some cluster metadata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8558"
},
{
"category": "external",
"summary": "RHBZ#1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE"
}
],
"release_date": "2020-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: node localhost services reachable via martian packets"
},
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
},
{
"cve": "CVE-2020-10715",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1767665"
}
],
"notes": [
{
"category": "description",
"text": "A content spoofing vulnerability was found in the openshift/console. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift/console: text injection on error page via crafted url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.src",
"7Server-RH7-RHOSE-3.11:cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10715"
},
{
"category": "external",
"summary": "RHBZ#1767665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767665"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10715",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10715"
}
],
"release_date": "2020-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2992"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openshift/console: text injection on error page via crafted url"
}
]
}
rhsa-2020_1231
Vulnerability from csaf_redhat
Published
2020-04-01 00:26
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: buildah security and bug fix update
Notes
Topic
An update for buildah is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to:
* Create a working container, either from scratch or using an image as a starting point.
* Create an image, either from a working container or using the instructions in a Dockerfile.
* Build both Docker and OCI images.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* rootless buildah does not work with UID in /etc/subuid (BZ#1765469)
* Extras RHEL-7.8 update - buildah (BZ#1791286)
* buildah should be linked against gpgme-pthread (BZ#1793074)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to:\n* Create a working container, either from scratch or using an image as a starting point.\n* Create an image, either from a working container or using the instructions in a Dockerfile.\n* Build both Docker and OCI images.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rootless buildah does not work with UID in /etc/subuid (BZ#1765469)\n\n* Extras RHEL-7.8 update - buildah (BZ#1791286)\n\n* buildah should be linked against gpgme-pthread (BZ#1793074)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1231",
"url": "https://access.redhat.com/errata/RHSA-2020:1231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1765469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765469"
},
{
"category": "external",
"summary": "1791286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791286"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1231.json"
}
],
"title": "Red Hat Security Advisory: buildah security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T22:39:11+00:00",
"generator": {
"date": "2024-09-13T22:39:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1231",
"initial_release_date": "2020-04-01T00:26:19+00:00",
"revision_history": [
{
"date": "2020-04-01T00:26:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-01T00:26:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-0:1.11.6-8.el7_8.x86_64",
"product": {
"name": "buildah-0:1.11.6-8.el7_8.x86_64",
"product_id": "buildah-0:1.11.6-8.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.11.6-8.el7_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"product": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"product_id": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.11.6-8.el7_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-0:1.11.6-8.el7_8.src",
"product": {
"name": "buildah-0:1.11.6-8.el7_8.src",
"product_id": "buildah-0:1.11.6-8.el7_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.11.6-8.el7_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-0:1.11.6-8.el7_8.ppc64le",
"product": {
"name": "buildah-0:1.11.6-8.el7_8.ppc64le",
"product_id": "buildah-0:1.11.6-8.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.11.6-8.el7_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"product": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"product_id": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.11.6-8.el7_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-0:1.11.6-8.el7_8.s390x",
"product": {
"name": "buildah-0:1.11.6-8.el7_8.s390x",
"product_id": "buildah-0:1.11.6-8.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.11.6-8.el7_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"product": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"product_id": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.11.6-8.el7_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.src",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le"
},
"product_reference": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x"
},
"product_reference": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64"
},
"product_reference": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.src",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-0:1.11.6-8.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64"
},
"product_reference": "buildah-0:1.11.6-8.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le"
},
"product_reference": "buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x"
},
"product_reference": "buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64"
},
"product_reference": "buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src",
"7Server-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"7Server-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.s390x",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.src",
"7Workstation-EXTRAS-7.8:buildah-0:1.11.6-8.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.s390x",
"7Workstation-EXTRAS-7.8:buildah-debuginfo-0:1.11.6-8.el7_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_0934
Vulnerability from csaf_redhat
Published
2020-04-01 18:50
Modified
2020-04-01 18:50
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.3.9 ose-openshift-controller-manager-container security update
Notes
Topic
An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0934",
"url": "https://access.redhat.com/errata/RHSA-2020:0934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0934.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.3.9 ose-openshift-controller-manager-container security update",
"tracking": {
"current_release_date": "2020-04-01T18:50:00Z",
"generator": {
"date": "2023-07-01T02:18:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2020:0934",
"initial_release_date": "2020-04-01T18:50:00Z",
"revision_history": [
{
"date": "2020-04-01T18:50:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Red Hat OpenShift Enterprise",
"product": {
"name": "Red Hat OpenShift Enterprise",
"product_id": "Red Hat OpenShift Enterprise"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Enterprise"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
},
{
"category": "external",
"summary": "CVE-2020-8945",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "bz#1795838: CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
}
],
"release_date": "2020-01-16T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.9, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"Red Hat OpenShift Enterprise"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Enterprise"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-22T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_1940
Vulnerability from csaf_redhat
Published
2020-05-04 10:51
Modified
2024-09-13 22:40
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.4.3 ose-cluster-policy-controller-container security update
Notes
Topic
An update for ose-cluster-policy-controller-container is now available for Red Hat OpenShift Container Platform 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ose-cluster-policy-controller-container is now available for Red Hat OpenShift Container Platform 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1940",
"url": "https://access.redhat.com/errata/RHSA-2020:1940"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1940.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.4.3 ose-cluster-policy-controller-container security update",
"tracking": {
"current_release_date": "2024-09-13T22:40:12+00:00",
"generator": {
"date": "2024-09-13T22:40:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1940",
"initial_release_date": "2020-05-04T10:51:26+00:00",
"revision_history": [
{
"date": "2020-05-04T10:51:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-04T10:51:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:40:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64",
"product": {
"name": "openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64",
"product_id": "openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-policy-controller-rhel7\u0026tag=v4.4.0-202004261927"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64"
},
"product_reference": "openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.4:openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.3, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.4:openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1940"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.4:openshift4/ose-cluster-policy-controller-rhel7@sha256:278bd31ebef2498df26f75de59e5c7e5b63c6a1f0fb18704af64498f2483c837_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_2413
Vulnerability from csaf_redhat
Published
2020-07-13 16:46
Modified
2024-09-18 04:13
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.5 package security update
Notes
Topic
An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 4.5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)
* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 4.5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2413",
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1819486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819486"
},
{
"category": "external",
"summary": "1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_2413.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.5 package security update",
"tracking": {
"current_release_date": "2024-09-18T04:13:44+00:00",
"generator": {
"date": "2024-09-18T04:13:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:2413",
"initial_release_date": "2020-07-13T16:46:28+00:00",
"revision_history": [
{
"date": "2020-07-13T16:46:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-13T16:46:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T04:13:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.5",
"product": {
"name": "Red Hat OpenShift Container Platform 4.5",
"product_id": "8Base-RHOSE-4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.5::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.5",
"product": {
"name": "Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"product": {
"name": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"product_id": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"product": {
"name": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"product_id": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202007012112.p0.git.2527.d12c3da.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"product": {
"name": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"product_id": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202007012112.p0.git.0.582d7fc.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64",
"product": {
"name": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64",
"product_id": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202007012112.p0.git.2527.d12c3da.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202007012112.p0.git.0.582d7fc.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src"
},
"product_reference": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src"
},
"product_reference": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
},
"product_reference": "machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src"
},
"product_reference": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11252",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2020-07-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860158"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) included the upstream patch for this flaw in the release of version 4.5. Prior versions are affected as OCP 4 supports AzureFile volumes and OCP 3 supports both AzureFile and CephFS volumes. OCP clusters not using these volume types are not vulnerable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11252"
},
{
"category": "external",
"summary": "RHBZ#1860158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11252",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11252"
}
],
"release_date": "2020-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes"
},
{
"cve": "CVE-2019-11254",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819486"
}
],
"notes": [
{
"category": "description",
"text": "The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Denial of service in API server via crafted YAML payloads by authorized users",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The upstream Kubernetes fix for this vulnerability is to update the version of the Go dependency, gopkg.in/yaml.v2. This issue affects OpenShift Container Platform components that use versions before 2.2.8 of gopkg.in/yaml.v2 and accept YAML payloads.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11254"
},
{
"category": "external",
"summary": "RHBZ#1819486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11254"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc"
}
],
"release_date": "2020-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
},
{
"category": "workaround",
"details": "Prevent unauthenticated or unauthorized access to the API server",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Denial of service in API server via crafted YAML payloads by authorized users"
},
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Yuval Avrahami",
"Ariel Zelivansky"
],
"organization": "Palo Alto Networks",
"summary": "Acknowledged by upstream."
},
{
"names": [
"J\u00e1nos K\u00f6v\u00e9r"
],
"organization": "Ericsson",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Rory McCune"
],
"organization": "NCC Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8558",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"discovery_date": "2020-05-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: node localhost services reachable via martian packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform does not expose the API server on a localhost port without authentication. The only service exposed on a localhost port not protected by authentication is Metrics, which exposes some cluster metadata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8558"
},
{
"category": "external",
"summary": "RHBZ#1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE"
}
],
"release_date": "2020-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: node localhost services reachable via martian packets"
},
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
},
{
"cve": "CVE-2020-9283",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1804533"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.src",
"8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9283"
},
{
"category": "external",
"summary": "RHBZ#1804533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
"url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
}
],
"release_date": "2020-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2413"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.src",
"7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7.x86_64",
"8Base-RHOSE-4.5:openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.src",
"8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic"
}
]
}
rhsa-2020_1396
Vulnerability from csaf_redhat
Published
2020-04-14 15:38
Modified
2024-09-16 03:52
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.3.12 podman security update
Notes
Topic
An update for podman is now available for Red Hat OpenShift Container Platform 4.3.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The podman tool manages Pods, container images, and containers. It is part of the libpod library, which is for applications that use container Pods. Container Pods is a concept in Kubernetes.
Security Fix(es):
* buildah: a crafted input tar file could overwrite local files during the image build process (CVE-2020-10696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat OpenShift Container Platform 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages Pods, container images, and containers. It is part of the libpod library, which is for applications that use container Pods. Container Pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* buildah: a crafted input tar file could overwrite local files during the image build process (CVE-2020-10696)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1396",
"url": "https://access.redhat.com/errata/RHSA-2020:1396"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1817651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817651"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1396.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.3.12 podman security update",
"tracking": {
"current_release_date": "2024-09-16T03:52:35+00:00",
"generator": {
"date": "2024-09-16T03:52:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1396",
"initial_release_date": "2020-04-14T15:38:54+00:00",
"revision_history": [
{
"date": "2020-04-14T15:38:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-14T15:38:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T03:52:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product": {
"name": "podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_id": "podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-10.rhaos4.3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product": {
"name": "podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_id": "podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@1.6.4-10.rhaos4.3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product": {
"name": "podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_id": "podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@1.6.4-10.rhaos4.3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product": {
"name": "podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_id": "podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@1.6.4-10.rhaos4.3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product": {
"name": "podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_id": "podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-10.rhaos4.3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product": {
"name": "podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_id": "podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@1.6.4-10.rhaos4.3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-10.rhaos4.3.el8.src",
"product": {
"name": "podman-0:1.6.4-10.rhaos4.3.el8.src",
"product_id": "podman-0:1.6.4-10.rhaos4.3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-10.rhaos4.3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"product": {
"name": "podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"product_id": "podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@1.6.4-10.rhaos4.3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"product": {
"name": "podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"product_id": "podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-manpages@1.6.4-10.rhaos4.3.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-10.rhaos4.3.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src"
},
"product_reference": "podman-0:1.6.4-10.rhaos4.3.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-10.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64"
},
"product_reference": "podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64"
},
"product_reference": "podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64"
},
"product_reference": "podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch"
},
"product_reference": "podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch"
},
"product_reference": "podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64"
},
"product_reference": "podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64"
},
"product_reference": "podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
},
"product_reference": "podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.12, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1396"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
},
{
"acknowledgments": [
{
"names": [
"Erik Sj\u00f6lund"
]
}
],
"cve": "CVE-2020-10696",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1817651"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "buildah: Crafted input tar file may lead to local file overwrite during image build process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform does include the vulnerable buildah code, it doesn\u0027t make use of the vulnerable function. Podman is also included in OpenShift Container Platform, but it isn\u0027t used to perform a build, so it has been given a low impact rating.\n\nOpenShift Container Platform 3.11 now used podman from the RHEL Extra repository, and not the podman package shipped in the OpenShift 3.11 RPM repository. This issue is fixed in podman in RHEL Extras so we won\u0027t fix the podman package shipped in the OpenShift 3.11 RPM repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "RHBZ#1817651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817651"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696"
}
],
"release_date": "2020-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.12, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1396"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:podman-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-debugsource-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-docker-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-manpages-0:1.6.4-10.rhaos4.3.el8.noarch",
"8Base-RHOSE-4.3:podman-remote-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:podman-tests-0:1.6.4-10.rhaos4.3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "buildah: Crafted input tar file may lead to local file overwrite during image build process"
}
]
}
rhsa-2020_1234
Vulnerability from csaf_redhat
Published
2020-04-01 00:26
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: docker security and bug fix update
Notes
Topic
An update for docker is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
Security Fix(es):
* runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884)
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Whitelist statx(2) in docker (BZ#1784228)
* Upgrading docker resulting into increase Systemd logs (BZ#1791870)
* docker should be linked against gpgme-pthread (BZ#1792243)
* docker cannot be updated to 108 on rhos13 as a container fails to start with "pivot_root invalid argument" error. (BZ#1795376)
* OVS pods are unable to stop when running under docker version 1.13.1-108 (BZ#1796451)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for docker is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. \n\nSecurity Fix(es):\n\n* runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884)\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\n* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Whitelist statx(2) in docker (BZ#1784228)\n\n* Upgrading docker resulting into increase Systemd logs (BZ#1791870)\n\n* docker should be linked against gpgme-pthread (BZ#1792243)\n\n* docker cannot be updated to 108 on rhos13 as a container fails to start with \"pivot_root invalid argument\" error. (BZ#1795376)\n\n* OVS pods are unable to stop when running under docker version 1.13.1-108 (BZ#1796451)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1234",
"url": "https://access.redhat.com/errata/RHSA-2020:1234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1757214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757214"
},
{
"category": "external",
"summary": "1784228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1784228"
},
{
"category": "external",
"summary": "1792796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792796"
},
{
"category": "external",
"summary": "1795376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795376"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1796451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796451"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1234.json"
}
],
"title": "Red Hat Security Advisory: docker security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T22:39:18+00:00",
"generator": {
"date": "2024-09-13T22:39:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1234",
"initial_release_date": "2020-04-01T00:26:32+00:00",
"revision_history": [
{
"date": "2020-04-01T00:26:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-01T00:26:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-client@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-common@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-logrotate@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-lvm-plugin@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-novolume-plugin@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-rhel-push-plugin@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-v1.10-migrator@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product": {
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_id": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-debuginfo@1.13.1-161.git64e9980.el7_8?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-client@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-common@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-logrotate@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-lvm-plugin@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-novolume-plugin@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-rhel-push-plugin@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-v1.10-migrator@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"product": {
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_id": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-debuginfo@1.13.1-161.git64e9980.el7_8?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-client@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-common@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-logrotate@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-lvm-plugin@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-novolume-plugin@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-rhel-push-plugin@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-v1.10-migrator@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product": {
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_id": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-debuginfo@1.13.1-161.git64e9980.el7_8?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-2:1.13.1-161.git64e9980.el7_8.src",
"product": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.src",
"product_id": "docker-2:1.13.1-161.git64e9980.el7_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker@1.13.1-161.git64e9980.el7_8?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src"
},
"product_reference": "docker-2:1.13.1-161.git64e9980.el7_8.src",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le"
},
"product_reference": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x"
},
"product_reference": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
},
"product_reference": "docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16884",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2019-09-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1757214"
}
],
"notes": [
{
"category": "description",
"text": "runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The AppArmor security module is not supported by Red Hat, on the other hand the flaw also affects SELinux based distributions like Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16884"
},
{
"category": "external",
"summary": "RHBZ#1757214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16884"
}
],
"release_date": "2019-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc"
},
{
"acknowledgments": [
{
"names": [
"Oleg Bulatov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1702",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1792796"
}
],
"notes": [
{
"category": "description",
"text": "A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containers/image: Container images read entire image manifest into memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1702"
},
{
"category": "external",
"summary": "RHBZ#1792796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792796"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1702"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "containers/image: Container images read entire image manifest into memory"
},
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.src",
"7Server-EXTRAS-7.8:docker-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-client-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-common-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-debuginfo-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-logrotate-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8.x86_64",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.ppc64le",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.s390x",
"7Server-EXTRAS-7.8:docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_0697
Vulnerability from csaf_redhat
Published
2020-03-12 22:02
Modified
2024-09-13 22:40
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.1.38 skopeo security update
Notes
Topic
An update for skopeo is now available for Red Hat OpenShift Container Platform 4.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0697",
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0697.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.1.38 skopeo security update",
"tracking": {
"current_release_date": "2024-09-13T22:40:00+00:00",
"generator": {
"date": "2024-09-13T22:40:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:0697",
"initial_release_date": "2020-03-12T22:02:34+00:00",
"revision_history": [
{
"date": "2020-03-12T22:02:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-12T22:02:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:40:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.1",
"product": {
"name": "Red Hat OpenShift Container Platform 4.1",
"product_id": "8Base-RHOSE-4.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product": {
"name": "containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_id": "containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.32-6.git1715c90.el8_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product": {
"name": "skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_id": "skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.32-6.git1715c90.el8_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product": {
"name": "skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_id": "skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@0.1.32-6.git1715c90.el8_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product": {
"name": "skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_id": "skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.32-6.git1715c90.el8_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"product": {
"name": "skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"product_id": "skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.32-6.git1715c90.el8_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64 as a component of Red Hat OpenShift Container Platform 4.1",
"product_id": "8Base-RHOSE-4.1:containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64"
},
"product_reference": "containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.32-6.git1715c90.el8_0.src as a component of Red Hat OpenShift Container Platform 4.1",
"product_id": "8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.src"
},
"product_reference": "skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"relates_to_product_reference": "8Base-RHOSE-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64 as a component of Red Hat OpenShift Container Platform 4.1",
"product_id": "8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64"
},
"product_reference": "skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64 as a component of Red Hat OpenShift Container Platform 4.1",
"product_id": "8Base-RHOSE-4.1:skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64"
},
"product_reference": "skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64 as a component of Red Hat OpenShift Container Platform 4.1",
"product_id": "8Base-RHOSE-4.1:skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64"
},
"product_reference": "skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.1:containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.38, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.1/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.1:containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.1:containers-common-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.src",
"8Base-RHOSE-4.1:skopeo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0.x86_64",
"8Base-RHOSE-4.1:skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_2117
Vulnerability from csaf_redhat
Published
2020-05-12 19:52
Modified
2024-09-16 03:53
Summary
Red Hat Security Advisory: podman security update
Notes
Topic
An update for podman is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2117",
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1817651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817651"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_2117.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2024-09-16T03:53:20+00:00",
"generator": {
"date": "2024-09-16T03:53:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:2117",
"initial_release_date": "2020-05-12T19:52:10+00:00",
"revision_history": [
{
"date": "2020-05-12T19:52:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-12T19:52:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T03:53:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.x86_64",
"product": {
"name": "podman-0:1.6.4-18.el7_8.x86_64",
"product_id": "podman-0:1.6.4-18.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"product": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"product_id": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-18.el7_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.src",
"product": {
"name": "podman-0:1.6.4-18.el7_8.src",
"product_id": "podman-0:1.6.4-18.el7_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-0:1.6.4-18.el7_8.noarch",
"product": {
"name": "podman-docker-0:1.6.4-18.el7_8.noarch",
"product_id": "podman-docker-0:1.6.4-18.el7_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@1.6.4-18.el7_8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.ppc64le",
"product": {
"name": "podman-0:1.6.4-18.el7_8.ppc64le",
"product_id": "podman-0:1.6.4-18.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"product": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"product_id": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-18.el7_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.s390x",
"product": {
"name": "podman-0:1.6.4-18.el7_8.s390x",
"product_id": "podman-0:1.6.4-18.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"product": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"product_id": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-18.el7_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src"
},
"product_reference": "podman-0:1.6.4-18.el7_8.src",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-0:1.6.4-18.el7_8.noarch as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
},
"product_reference": "podman-docker-0:1.6.4-18.el7_8.noarch",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src"
},
"product_reference": "podman-0:1.6.4-18.el7_8.src",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-0:1.6.4-18.el7_8.noarch as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
},
"product_reference": "podman-docker-0:1.6.4-18.el7_8.noarch",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
},
{
"acknowledgments": [
{
"names": [
"Erik Sj\u00f6lund"
]
}
],
"cve": "CVE-2020-10696",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1817651"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "buildah: Crafted input tar file may lead to local file overwrite during image build process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform does include the vulnerable buildah code, it doesn\u0027t make use of the vulnerable function. Podman is also included in OpenShift Container Platform, but it isn\u0027t used to perform a build, so it has been given a low impact rating.\n\nOpenShift Container Platform 3.11 now used podman from the RHEL Extra repository, and not the podman package shipped in the OpenShift 3.11 RPM repository. This issue is fixed in podman in RHEL Extras so we won\u0027t fix the podman package shipped in the OpenShift 3.11 RPM repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "RHBZ#1817651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817651"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696"
}
],
"release_date": "2020-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "buildah: Crafted input tar file may lead to local file overwrite during image build process"
}
]
}
rhsa-2020_3167
Vulnerability from csaf_redhat
Published
2020-07-28 03:44
Modified
2020-07-28 03:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.2.z ose-openshift-controller-manager-container security update
Notes
Topic
An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3167",
"url": "https://access.redhat.com/errata/RHSA-2020:3167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_3167.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.2.z ose-openshift-controller-manager-container security update",
"tracking": {
"current_release_date": "2020-07-28T03:44:00Z",
"generator": {
"date": "2023-07-01T03:44:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2020:3167",
"initial_release_date": "2020-07-28T03:44:00Z",
"revision_history": [
{
"date": "2020-07-28T03:44:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.2",
"product_id": "7Server-RH7-RHOSE-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115",
"product": {
"name": "openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115",
"product_id": "openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "7Server-RH7-RHOSE-4.2:openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115"
},
"product_reference": "openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.2:openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
},
{
"category": "external",
"summary": "CVE-2020-8945",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "bz#1795838: CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
}
],
"release_date": "2020-01-16T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.2 see the following documentation, which\nwill be updated shortly for release 4.2.z, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.2/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.2:openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115"
],
"url": "https://access.redhat.com/errata/RHSA-2020:3167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.2:openshift4/ose-openshift-controller-manager-rhel7:v4.2.34-202005252115"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-22T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_1230
Vulnerability from csaf_redhat
Published
2020-04-01 00:26
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: skopeo security and bug fix update
Notes
Topic
An update for skopeo is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Skopeo doesn't handle HTTP 429 errors properly (BZ#1752775)
* skopeo does not show manifest manifest.list.v2 for special cases (BZ#1754905)
* skopeo inspect results in panic: runtime error: invalid memory address or nil pointer dereference (BZ#1769575)
* skopeo should be linked against gpgme-pthread (BZ#1793080)
* docker won't start because registries service won't start (BZ#1812505)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Skopeo doesn\u0027t handle HTTP 429 errors properly (BZ#1752775)\n\n* skopeo does not show manifest manifest.list.v2 for special cases (BZ#1754905)\n\n* skopeo inspect results in panic: runtime error: invalid memory address or nil pointer dereference (BZ#1769575)\n\n* skopeo should be linked against gpgme-pthread (BZ#1793080)\n\n* docker won\u0027t start because registries service won\u0027t start (BZ#1812505)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1230",
"url": "https://access.redhat.com/errata/RHSA-2020:1230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1752775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752775"
},
{
"category": "external",
"summary": "1754905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1754905"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1812505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812505"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1230.json"
}
],
"title": "Red Hat Security Advisory: skopeo security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T22:39:03+00:00",
"generator": {
"date": "2024-09-13T22:39:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1230",
"initial_release_date": "2020-04-01T00:26:07+00:00",
"revision_history": [
{
"date": "2020-04-01T00:26:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-01T00:26:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.40-7.el7_8.x86_64",
"product": {
"name": "containers-common-1:0.1.40-7.el7_8.x86_64",
"product_id": "containers-common-1:0.1.40-7.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.40-7.el7_8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.40-7.el7_8.x86_64",
"product": {
"name": "skopeo-1:0.1.40-7.el7_8.x86_64",
"product_id": "skopeo-1:0.1.40-7.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.40-7.el7_8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"product": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"product_id": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.40-7.el7_8?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1:0.1.40-7.el7_8.src",
"product": {
"name": "skopeo-1:0.1.40-7.el7_8.src",
"product_id": "skopeo-1:0.1.40-7.el7_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.40-7.el7_8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.40-7.el7_8.ppc64le",
"product": {
"name": "containers-common-1:0.1.40-7.el7_8.ppc64le",
"product_id": "containers-common-1:0.1.40-7.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.40-7.el7_8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.40-7.el7_8.ppc64le",
"product": {
"name": "skopeo-1:0.1.40-7.el7_8.ppc64le",
"product_id": "skopeo-1:0.1.40-7.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.40-7.el7_8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"product": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"product_id": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.40-7.el7_8?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.40-7.el7_8.s390x",
"product": {
"name": "containers-common-1:0.1.40-7.el7_8.s390x",
"product_id": "containers-common-1:0.1.40-7.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.40-7.el7_8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.40-7.el7_8.s390x",
"product": {
"name": "skopeo-1:0.1.40-7.el7_8.s390x",
"product_id": "skopeo-1:0.1.40-7.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.40-7.el7_8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"product": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"product_id": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.40-7.el7_8?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-7.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le"
},
"product_reference": "containers-common-1:0.1.40-7.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-7.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x"
},
"product_reference": "containers-common-1:0.1.40-7.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-7.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64"
},
"product_reference": "containers-common-1:0.1.40-7.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.src",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-7.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le"
},
"product_reference": "containers-common-1:0.1.40-7.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-7.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x"
},
"product_reference": "containers-common-1:0.1.40-7.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.40-7.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64"
},
"product_reference": "containers-common-1:0.1.40-7.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.src",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.40-7.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64"
},
"product_reference": "skopeo-1:0.1.40-7.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64"
},
"product_reference": "skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1230"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src",
"7Server-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"7Server-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:containers-common-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.src",
"7Workstation-EXTRAS-7.8:skopeo-1:0.1.40-7.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.s390x",
"7Workstation-EXTRAS-7.8:skopeo-debuginfo-1:0.1.40-7.el7_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_2927
Vulnerability from csaf_redhat
Published
2020-07-21 09:57
Modified
2024-09-16 04:20
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.4.13 machine-config-daemon and openshift security update
Notes
Topic
An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: node localhost services are reachable via martian packets (CVE-2020-8558)
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: node localhost services are reachable via martian packets (CVE-2020-8558)\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2927",
"url": "https://access.redhat.com/errata/RHSA-2020:2927"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_2927.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.4.13 machine-config-daemon and openshift security update",
"tracking": {
"current_release_date": "2024-09-16T04:20:12+00:00",
"generator": {
"date": "2024-09-16T04:20:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:2927",
"initial_release_date": "2020-07-21T09:57:17+00:00",
"revision_history": [
{
"date": "2020-07-21T09:57:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-21T09:57:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T04:20:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"product": {
"name": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"product_id": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.4.0-202007090832.p0.git.0.bc32fb1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"product": {
"name": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"product_id": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/machine-config-daemon@4.4.0-202007092124.p0.git.2349.08d34d1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"product": {
"name": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"product_id": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.4.0-202007090832.p0.git.0.bc32fb1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.4.0-202007090832.p0.git.0.bc32fb1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64",
"product": {
"name": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64",
"product_id": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/machine-config-daemon@4.4.0-202007092124.p0.git.2349.08d34d1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.4.0-202007090832.p0.git.0.bc32fb1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"product_id": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.4.0-202007090832.p0.git.0.bc32fb1.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"product": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"product_id": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.4.0-202007090832.p0.git.0.bc32fb1.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src"
},
"product_reference": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x"
},
"product_reference": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src"
},
"product_reference": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64"
},
"product_reference": "machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src"
},
"product_reference": "openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Yuval Avrahami",
"Ariel Zelivansky"
],
"organization": "Palo Alto Networks",
"summary": "Acknowledged by upstream."
},
{
"names": [
"J\u00e1nos K\u00f6v\u00e9r"
],
"organization": "Ericsson",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Rory McCune"
],
"organization": "NCC Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8558",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"discovery_date": "2020-05-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: node localhost services reachable via martian packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform does not expose the API server on a localhost port without authentication. The only service exposed on a localhost port not protected by authentication is Metrics, which exposes some cluster metadata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"8Base-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"8Base-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8558"
},
{
"category": "external",
"summary": "RHBZ#1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE"
}
],
"release_date": "2020-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.13, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"8Base-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"8Base-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2927"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"8Base-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"8Base-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: node localhost services reachable via martian packets"
},
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"8Base-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"8Base-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.src",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.ppc64le",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.s390x",
"7Server-RH7-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7.x86_64",
"8Base-RHOSE-4.4:openshift-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.src",
"8Base-RHOSE-4.4:openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.13, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2927"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.src",
"8Base-RHOSE-4.4:machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhba-2020_1255
Vulnerability from csaf_redhat
Published
2020-04-07 13:06
Modified
2024-09-13 22:40
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 4.3.10 packages update
Notes
Topic
Red Hat OpenShift Container Platform release 4.3.10 is now available with
updates to packages and images that fix several bugs.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.3.10. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2020:1262
All OpenShift Container Platform 4.3 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.3.10 is now available with\nupdates to packages and images that fix several bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.3.10. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2020:1262\n\nAll OpenShift Container Platform 4.3 users are advised to upgrade to these\nupdated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:1255",
"url": "https://access.redhat.com/errata/RHBA-2020:1255"
},
{
"category": "external",
"summary": "1816992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816992"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhba-2020_1255.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.3.10 packages update",
"tracking": {
"current_release_date": "2024-09-13T22:40:07+00:00",
"generator": {
"date": "2024-09-13T22:40:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHBA-2020:1255",
"initial_release_date": "2020-04-07T13:06:05+00:00",
"revision_history": [
{
"date": "2020-04-07T13:06:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-07T13:06:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:40:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product_id": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.16.4-1.dev.rhaos4.3.git9238eee.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.16.4-1.dev.rhaos4.3.git9238eee.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.16.4-1.dev.rhaos4.3.git9238eee.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"product_id": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.10-202003300001.git.0.e43c148.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.3.10-202003300001.git.0.e43c148.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64",
"product": {
"name": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64",
"product_id": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/machine-config-daemon@4.3.10-202003300415.git.0.56d6ae0.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.3.10-202003300855.git.0.da48c1d.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.9-3.rhaos4.3.el8.x86_64",
"product": {
"name": "conmon-2:2.0.9-3.rhaos4.3.el8.x86_64",
"product_id": "conmon-2:2.0.9-3.rhaos4.3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.9-3.rhaos4.3.el8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"product": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"product_id": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.16.4-1.dev.rhaos4.3.git9238eee.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.16.4-1.dev.rhaos4.3.git9238eee.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"product": {
"name": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"product_id": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@4.3.10-202003300415.git.0.68d5fb7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"product": {
"name": "atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"product_id": "atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@4.3.10-202003300415.git.0.68d5fb7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"product_id": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.10-202003300415.git.0.3576c99.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.3.10-202003300415.git.0.3576c99.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64",
"product_id": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.3.10-202003300415.git.13.ac05c4a.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.3.10-202003300855.git.0.da48c1d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.8-3.rhaos4.3.el7.x86_64",
"product": {
"name": "conmon-2:2.0.8-3.rhaos4.3.el7.x86_64",
"product_id": "conmon-2:2.0.8-3.rhaos4.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.8-3.rhaos4.3.el7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"product": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"product_id": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.16.4-1.dev.rhaos4.3.git9238eee.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src",
"product": {
"name": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src",
"product_id": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.10-202003300001.git.0.e43c148.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src",
"product": {
"name": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src",
"product_id": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/machine-config-daemon@4.3.10-202003300415.git.0.56d6ae0.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src",
"product": {
"name": "openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src",
"product_id": "openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.3.10-202003300855.git.0.07e6ba6.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src",
"product": {
"name": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src",
"product_id": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.3.10-202003300855.git.0.da48c1d.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.9-3.rhaos4.3.el8.src",
"product": {
"name": "conmon-2:2.0.9-3.rhaos4.3.el8.src",
"product_id": "conmon-2:2.0.9-3.rhaos4.3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.9-3.rhaos4.3.el8?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"product": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"product_id": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.16.4-1.dev.rhaos4.3.git9238eee.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src",
"product": {
"name": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src",
"product_id": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@4.3.10-202003300415.git.0.68d5fb7.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src",
"product": {
"name": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src",
"product_id": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.10-202003300415.git.0.3576c99.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src",
"product": {
"name": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src",
"product_id": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.3.10-202003300415.git.13.ac05c4a.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src",
"product": {
"name": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src",
"product_id": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.3.10-202003300415.git.0.6fe3ef9.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src",
"product": {
"name": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src",
"product_id": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.3.10-202003300855.git.0.da48c1d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.8-3.rhaos4.3.el7.src",
"product": {
"name": "conmon-2:2.0.8-3.rhaos4.3.el7.src",
"product_id": "conmon-2:2.0.8-3.rhaos4.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.8-3.rhaos4.3.el7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.3.10-202003300855.git.0.07e6ba6.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.3.10-202003300855.git.0.07e6ba6.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.3.10-202003300855.git.0.07e6ba6.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.3.10-202003300855.git.0.07e6ba6.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"product_id": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.3.10-202003300415.git.0.6fe3ef9.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"product_id": "openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.3.10-202003300415.git.0.6fe3ef9.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src"
},
"product_reference": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64"
},
"product_reference": "atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64"
},
"product_reference": "atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src"
},
"product_reference": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.8-3.rhaos4.3.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:conmon-2:2.0.8-3.rhaos4.3.el7.src"
},
"product_reference": "conmon-2:2.0.8-3.rhaos4.3.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.8-3.rhaos4.3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:conmon-2:2.0.8-3.rhaos4.3.el7.x86_64"
},
"product_reference": "conmon-2:2.0.8-3.rhaos4.3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src"
},
"product_reference": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64"
},
"product_reference": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src"
},
"product_reference": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src"
},
"product_reference": "openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src"
},
"product_reference": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.9-3.rhaos4.3.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:conmon-2:2.0.9-3.rhaos4.3.el8.src"
},
"product_reference": "conmon-2:2.0.9-3.rhaos4.3.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.9-3.rhaos4.3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:conmon-2:2.0.9-3.rhaos4.3.el8.x86_64"
},
"product_reference": "conmon-2:2.0.9-3.rhaos4.3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src"
},
"product_reference": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64"
},
"product_reference": "cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src"
},
"product_reference": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64"
},
"product_reference": "machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src"
},
"product_reference": "openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src"
},
"product_reference": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src"
},
"product_reference": "openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src",
"7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"7Server-RH7-RHOSE-4.3:atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src",
"7Server-RH7-RHOSE-4.3:atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64",
"7Server-RH7-RHOSE-4.3:conmon-2:2.0.8-3.rhaos4.3.el7.src",
"7Server-RH7-RHOSE-4.3:conmon-2:2.0.8-3.rhaos4.3.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"7Server-RH7-RHOSE-4.3:openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64",
"8Base-RHOSE-4.3:conmon-2:2.0.9-3.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:conmon-2:2.0.9-3.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src",
"8Base-RHOSE-4.3:machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64",
"8Base-RHOSE-4.3:openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"8Base-RHOSE-4.3:openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64",
"8Base-RHOSE-4.3:openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src",
"8Base-RHOSE-4.3:openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"8Base-RHOSE-4.3:openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"8Base-RHOSE-4.3:openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"8Base-RHOSE-4.3:python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"7Server-RH7-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"8Base-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"8Base-RHOSE-4.3:cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.src",
"7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"7Server-RH7-RHOSE-4.3:atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7.x86_64",
"7Server-RH7-RHOSE-4.3:atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.src",
"7Server-RH7-RHOSE-4.3:atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7.x86_64",
"7Server-RH7-RHOSE-4.3:conmon-2:2.0.8-3.rhaos4.3.el7.src",
"7Server-RH7-RHOSE-4.3:conmon-2:2.0.8-3.rhaos4.3.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-0:4.3.10-202003300855.git.0.da48c1d.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"7Server-RH7-RHOSE-4.3:openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7.noarch",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7.x86_64",
"8Base-RHOSE-4.3:conmon-2:2.0.9-3.rhaos4.3.el8.src",
"8Base-RHOSE-4.3:conmon-2:2.0.9-3.rhaos4.3.el8.x86_64",
"8Base-RHOSE-4.3:machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.src",
"8Base-RHOSE-4.3:machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8.x86_64",
"8Base-RHOSE-4.3:openshift-0:4.3.10-202003300855.git.0.da48c1d.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8.x86_64",
"8Base-RHOSE-4.3:openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8.x86_64",
"8Base-RHOSE-4.3:openshift-kuryr-0:4.3.10-202003300855.git.0.07e6ba6.el8.src",
"8Base-RHOSE-4.3:openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"8Base-RHOSE-4.3:openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"8Base-RHOSE-4.3:openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch",
"8Base-RHOSE-4.3:python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.10, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"7Server-RH7-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"8Base-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"8Base-RHOSE-4.3:cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.src",
"7Server-RH7-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"7Server-RH7-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7.x86_64",
"8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.src",
"8Base-RHOSE-4.3:cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"8Base-RHOSE-4.3:cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64",
"8Base-RHOSE-4.3:cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_0863
Vulnerability from csaf_redhat
Published
2020-03-24 14:14
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.3.8 proglottis/gpgme security update
Notes
Topic
An update for openshift-enterprise-builder-container, openshift-enterprise-cli-container, and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Platform 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-enterprise-builder-container, openshift-enterprise-cli-container, and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Platform 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0863",
"url": "https://access.redhat.com/errata/RHSA-2020:0863"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0863.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.3.8 proglottis/gpgme security update",
"tracking": {
"current_release_date": "2024-09-13T22:39:48+00:00",
"generator": {
"date": "2024-09-13T22:39:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:0863",
"initial_release_date": "2020-03-24T14:14:52+00:00",
"revision_history": [
{
"date": "2020-03-24T14:14:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-24T14:14:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64",
"product": {
"name": "openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64",
"product_id": "openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-docker-builder\u0026tag=v4.3.7"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"product": {
"name": "openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"product_id": "openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cli\u0026tag=v4.3.7"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"product": {
"name": "openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"product_id": "openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cli-artifacts\u0026tag=v4.3.7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64"
},
"product_reference": "openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64"
},
"product_reference": "openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64"
},
"product_reference": "openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.3:openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"7Server-RH7-RHOSE-4.3:openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"7Server-RH7-RHOSE-4.3:openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.8, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.3:openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"7Server-RH7-RHOSE-4.3:openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"7Server-RH7-RHOSE-4.3:openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0863"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.3:openshift4/ose-cli-artifacts@sha256:2ac80d23f07510b5015d8e3ee3a2b9158e3e85c3935bbaa84a1da4af557f350a_amd64",
"7Server-RH7-RHOSE-4.3:openshift4/ose-cli@sha256:c3e2a1586b1f7d2b917e05dbe2c9ced4f8d38e3d5a954bb4da8949ce583fd585_amd64",
"7Server-RH7-RHOSE-4.3:openshift4/ose-docker-builder@sha256:bd8351605aa225bb7affe8f0bd6c6bfc183f36991c22e87bc6b9ca888f54949d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_1937
Vulnerability from csaf_redhat
Published
2020-05-04 10:18
Modified
2024-09-13 22:40
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.4.3 cri-o security update
Notes
Topic
An update for cri-o is now available for Red Hat OpenShift Container Platform 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cri-o is now available for Red Hat OpenShift Container Platform 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\n* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1937",
"url": "https://access.redhat.com/errata/RHSA-2020:1937"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1792796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792796"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1937.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.4.3 cri-o security update",
"tracking": {
"current_release_date": "2024-09-13T22:40:04+00:00",
"generator": {
"date": "2024-09-13T22:40:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1937",
"initial_release_date": "2020-05-04T10:18:35+00:00",
"revision_history": [
{
"date": "2020-05-04T10:18:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-04T10:18:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:40:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product_id": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"product": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"product_id": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"product": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"product_id": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"product": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"product_id": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src"
},
"product_reference": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64"
},
"product_reference": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src"
},
"product_reference": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
},
"product_reference": "cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.4",
"product_id": "8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oleg Bulatov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1702",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1792796"
}
],
"notes": [
{
"category": "description",
"text": "A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containers/image: Container images read entire image manifest into memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1702"
},
{
"category": "external",
"summary": "RHBZ#1792796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792796"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1702"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.3, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1937"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "containers/image: Container images read entire image manifest into memory"
},
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.3, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1937"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.src",
"7Server-RH7-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"7Server-RH7-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7.x86_64",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.src",
"8Base-RHOSE-4.4:cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64",
"8Base-RHOSE-4.4:cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_0928
Vulnerability from csaf_redhat
Published
2020-03-24 13:36
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.3.8 openshift-clients security update
Notes
Topic
An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0928",
"url": "https://access.redhat.com/errata/RHSA-2020:0928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0928.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.3.8 openshift-clients security update",
"tracking": {
"current_release_date": "2024-09-13T22:39:55+00:00",
"generator": {
"date": "2024-09-13T22:39:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:0928",
"initial_release_date": "2020-03-24T13:36:55+00:00",
"revision_history": [
{
"date": "2020-03-24T13:36:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-24T13:36:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.3",
"product": {
"name": "Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"product_id": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.7-202003130552.git.0.6027a27.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.3.7-202003130552.git.0.6027a27.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"product_id": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.7-202003130552.git.0.6027a27.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.3.7-202003130552.git.0.6027a27.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"product": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"product_id": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.7-202003130552.git.0.6027a27.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"product": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"product_id": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.3.7-202003130552.git.0.6027a27.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src"
},
"product_reference": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src"
},
"product_reference": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.3",
"product_id": "8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.8, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.src",
"7Server-RH7-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"7Server-RH7-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7.x86_64",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.src",
"8Base-RHOSE-4.3:openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64",
"8Base-RHOSE-4.3:openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_0689
Vulnerability from csaf_redhat
Published
2020-03-10 12:23
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.2.22 skopeo security update
Notes
Topic
An update for skopeo is now available for Red Hat OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free vulnerability was found in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat OpenShift Container Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free vulnerability was found in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0689",
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0689.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.2.22 skopeo security update",
"tracking": {
"current_release_date": "2024-09-13T22:39:38+00:00",
"generator": {
"date": "2024-09-13T22:39:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:0689",
"initial_release_date": "2020-03-10T12:23:24+00:00",
"revision_history": [
{
"date": "2020-03-10T12:23:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-10T12:23:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product": {
"name": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_id": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.32-7.git1715c90.rhaos4.2.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product": {
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_id": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.32-7.git1715c90.rhaos4.2.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product": {
"name": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_id": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@0.1.32-7.git1715c90.rhaos4.2.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product": {
"name": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_id": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.32-7.git1715c90.rhaos4.2.el8?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product": {
"name": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_id": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containers-common@0.1.32-7.git1715c90.rhaos4.2.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product": {
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_id": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.32-7.git1715c90.rhaos4.2.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product": {
"name": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_id": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@0.1.32-7.git1715c90.rhaos4.2.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product": {
"name": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_id": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@0.1.32-7.git1715c90.rhaos4.2.el8?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"product": {
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"product_id": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@0.1.32-7.git1715c90.rhaos4.2.el8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x"
},
"product_reference": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
},
"product_reference": "containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x"
},
"product_reference": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src"
},
"product_reference": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
},
"product_reference": "skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x"
},
"product_reference": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
},
"product_reference": "skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x"
},
"product_reference": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
},
"product_reference": "skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.2 see the following documentation, which\nwill be updated shortly for release 4.2.22, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.2/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.src",
"8Base-RHOSE-4.2:skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64",
"8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.s390x",
"8Base-RHOSE-4.2:skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
rhsa-2020_1402
Vulnerability from csaf_redhat
Published
2020-04-14 12:46
Modified
2024-09-13 22:39
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.2.28 openshift-enterprise-builder-container security update
Notes
Topic
An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1402",
"url": "https://access.redhat.com/errata/RHSA-2020:1402"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1402.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.2.28 openshift-enterprise-builder-container security update",
"tracking": {
"current_release_date": "2024-09-13T22:39:23+00:00",
"generator": {
"date": "2024-09-13T22:39:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:1402",
"initial_release_date": "2020-04-14T12:46:41+00:00",
"revision_history": [
{
"date": "2020-04-14T12:46:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-14T12:46:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:39:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.2",
"product_id": "7Server-RH7-RHOSE-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"product": {
"name": "openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"product_id": "openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-docker-builder\u0026tag=v4.2.28-202004061218"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x",
"product": {
"name": "openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x",
"product_id": "openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-docker-builder\u0026tag=v4.2.28-202004061218"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64 as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64"
},
"product_reference": "openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x as a component of Red Hat OpenShift Container Platform 4.2",
"product_id": "7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x"
},
"product_reference": "openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.2 see the following documentation, which\nwill be updated shortly for release 4.2.28, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.2/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1402"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:1ab05850bc7900dc7f276671319f5b384e356750d50aad3300b0b9cf9194a6e0_amd64",
"7Server-RH7-RHOSE-4.2:openshift4/ose-docker-builder@sha256:6723ae0a3d83d8104d0fe388a0d9a3bb2cc8344cc16bdfcc1ff121df4657c9be_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
}
]
}
ghsa-m6wg-2mwg-4rfq
Vulnerability from github
Published
2021-05-18 15:29
Modified
2023-02-14 00:12
Severity
Summary
GPGME Go wrapper contains Use After Free
Details
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/proglottis/gpgme"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8945"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:00:21Z",
"nvd_published_at": "2020-02-12T18:15:00Z",
"severity": "HIGH"
},
"details": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.",
"id": "GHSA-m6wg-2mwg-4rfq",
"modified": "2023-02-14T00:12:15Z",
"published": "2021-05-18T15:29:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
},
{
"type": "WEB",
"url": "https://github.com/proglottis/gpgme/pull/23"
},
{
"type": "WEB",
"url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
},
{
"type": "WEB",
"url": "https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"type": "PACKAGE",
"url": "https://github.com/proglottis/gpgme"
},
{
"type": "WEB",
"url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0096"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "GPGME Go wrapper contains Use After Free"
}
gsd-2020-8945
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8945",
"description": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.",
"id": "GSD-2020-8945",
"references": [
"https://access.redhat.com/errata/RHSA-2020:3167",
"https://access.redhat.com/errata/RHSA-2020:2992",
"https://access.redhat.com/errata/RHSA-2020:2927",
"https://access.redhat.com/errata/RHSA-2020:2413",
"https://access.redhat.com/errata/RHSA-2020:2117",
"https://access.redhat.com/errata/RHSA-2020:2027",
"https://access.redhat.com/errata/RHSA-2020:1940",
"https://access.redhat.com/errata/RHSA-2020:1937",
"https://access.redhat.com/errata/RHSA-2020:1402",
"https://access.redhat.com/errata/RHSA-2020:1396",
"https://access.redhat.com/errata/RHBA-2020:1255",
"https://access.redhat.com/errata/RHSA-2020:1234",
"https://access.redhat.com/errata/RHSA-2020:1231",
"https://access.redhat.com/errata/RHSA-2020:1230",
"https://access.redhat.com/errata/RHSA-2020:0934",
"https://access.redhat.com/errata/RHSA-2020:0928",
"https://access.redhat.com/errata/RHSA-2020:0863",
"https://access.redhat.com/errata/RHSA-2020:0697",
"https://access.redhat.com/errata/RHSA-2020:0689",
"https://access.redhat.com/errata/RHSA-2020:0679",
"https://linux.oracle.com/cve/CVE-2020-8945.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8945"
],
"details": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.",
"id": "GSD-2020-8945",
"modified": "2023-12-13T01:21:54.064059Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/proglottis/gpgme/pull/23",
"refsource": "MISC",
"url": "https://github.com/proglottis/gpgme/pull/23"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"name": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1",
"refsource": "MISC",
"url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
},
{
"name": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1",
"refsource": "MISC",
"url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
},
{
"name": "FEDORA-2020-f317e13ecf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/"
},
{
"name": "FEDORA-2020-2a0aac3502",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/"
},
{
"name": "FEDORA-2020-ccc3e64ea5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/"
},
{
"name": "RHSA-2020:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"name": "RHSA-2020:0689",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"name": "RHSA-2020:0697",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.1.1",
"affected_versions": "All versions before 0.1.1",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-416",
"CWE-78",
"CWE-937"
],
"date": "2021-05-18",
"description": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.",
"fixed_versions": [
"0.1.1"
],
"identifier": "CVE-2020-8945",
"identifiers": [
"GHSA-m6wg-2mwg-4rfq",
"CVE-2020-8945"
],
"not_impacted": "All versions starting from 0.1.1",
"package_slug": "go/github.com/proglottis/gpgme",
"pubdate": "2021-05-18",
"solution": "Upgrade to version 0.1.1 or above.",
"title": "Use After Free",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"https://github.com/proglottis/gpgme/pull/23",
"https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1",
"https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733",
"https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1",
"https://github.com/advisories/GHSA-m6wg-2mwg-4rfq"
],
"uuid": "fb5d513d-27e8-4c29-91f9-ceebb2277c31"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gpgme_project:gpgme:*:*:*:*:*:go:*:*",
"cpe_name": [],
"versionEndExcluding": "0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8945"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/proglottis/gpgme/pull/23",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/proglottis/gpgme/pull/23"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"name": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
},
{
"name": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
},
{
"name": "FEDORA-2020-f317e13ecf",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/"
},
{
"name": "FEDORA-2020-2a0aac3502",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/"
},
{
"name": "FEDORA-2020-ccc3e64ea5",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/"
},
{
"name": "RHSA-2020:0679",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0679"
},
{
"name": "RHSA-2020:0689",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0689"
},
{
"name": "RHSA-2020:0697",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0697"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-10-18T17:59Z",
"publishedDate": "2020-02-12T18:15Z"
}
}
}
Loading...