RedHat: RHSA-2019-0548:01 Moderate: OpenShift Container Platform 3.10

    Date14 Mar 2019
    CategoryRed Hat
    237
    Posted ByLinuxSecurity Advisories
    An update for haproxy is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: OpenShift Container Platform 3.10 haproxy security update
    Advisory ID:       RHSA-2019:0548-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0548
    Issue date:        2019-03-14
    CVE Names:         CVE-2018-20615 
    =====================================================================
    
    1. Summary:
    
    An update for haproxy is now available for Red Hat OpenShift Container
    Platform 3.10.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenShift Container Platform 3.10 - ppc64le, x86_64
    
    3. Description:
    
    The haproxy packages provide a reliable, high-performance network load
    balancer for TCP and HTTP-based applications.
    
    Security fix(es):
    
    * haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2
    decoder allows for crash (CVE-2018-20615)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgements, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    Before applying this update, ensure all previously released errata relevant
    to your system have been applied.
    
    See the following documentation for important instructions on how to
    upgrade your cluster and fully apply this asynchronous errata
    update
    
    https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r
    elease_notes.html
    
    This update is available via the Red Hat Network. Details on how to use the
    Red Hat Network to apply this update are available at
    https://access.redhat.com/articles/11258.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1663060 - CVE-2018-20615 haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
    
    6. Package List:
    
    Red Hat OpenShift Container Platform 3.10:
    
    Source:
    haproxy-1.8.17-3.el7.src.rpm
    
    ppc64le:
    haproxy-debuginfo-1.8.17-3.el7.ppc64le.rpm
    haproxy18-1.8.17-3.el7.ppc64le.rpm
    
    x86_64:
    haproxy-debuginfo-1.8.17-3.el7.x86_64.rpm
    haproxy18-1.8.17-3.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-20615
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXIoJkNzjgjWX9erEAQhjwA//eYIHSbujIl7HsET/1pjeh0Lo1iF6gZ0P
    P4LCLTsUIMaPYg0UNTHUrnYU/9WOuhAtS/X9FxGOV7A4kxxrUmyF2PuLeKIjGW1v
    9wHAY1CUkPuq2jN62MCJgCDirqRvRcEo6jD3dcq1kfo3ir2hTpO9qvOImT81Or3H
    X09062u/z67fgZuCgnzaNvZqAEvHvbyp5RsINDXrOQUQGzR64IGlMKEUvXWiet9x
    B4kyKJ6L8zq1VjiulswskKmaTlTL0y03e4N8HDZNdNhnLtSrmzTDFVLNi9q9MCPq
    btbUy7WrteVOIlI/b5bFeaPmIjAqbq1UlWZrYwTL8lKCnvWN2S4TAOLjBugiTy/S
    trBOZxELi5LfniI4ukrAP2GyelqsbWDgteJVPXTlaIzgp5Vrqgc+VA5mc/0nDZcr
    ZR2VRYQFPlRAl0PLmrLiCmMuXI1RuuPYAmG+26sjCdRAnDUeVUqAsEctpNNEF2ng
    7LO2ULC58vISMxYERuDWwYiSmNBrFt8z8zZUuRYN6VDlxUIx81/Q23wC3S2rIrof
    MzTB9fFmBrW9bk9NxjnW/4fmgPwI3lVqY2D3VfITe6CSqMoYvw4e4AOBcQo7YD62
    yTyS2DFNg9QEqvJ1dYuCRtICy35UevbVAbxfPLq6kly86asRdv6Gdf4+8iv995m5
    5MIz9fMPjT0=
    =104B
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.