Malware Devil

Loading...

Wednesday, October 28, 2020

ESB-2020.3700 – [RedHat] OpenShift Container Platform 4.6.1: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3700
         OpenShift Container Platform 4.6.1 image security update
                              28 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenShift Container Platform 4.6.1
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Increased Privileges            -- Existing Account            
                   Delete Arbitrary Files          -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15719 CVE-2020-15366 CVE-2020-14336
                   CVE-2020-14040 CVE-2020-13822 CVE-2020-12245
                   CVE-2020-12052 CVE-2020-12049 CVE-2020-11110
                   CVE-2020-11023 CVE-2020-11022 CVE-2020-11008
                   CVE-2020-10743 CVE-2020-10715 CVE-2020-10531
                   CVE-2020-9283 CVE-2020-8203 CVE-2020-7662
                   CVE-2020-7598 CVE-2020-7013 CVE-2020-1712
                   CVE-2019-1010204 CVE-2019-1010180 CVE-2019-19959
                   CVE-2019-19925 CVE-2019-19924 CVE-2019-19923
                   CVE-2019-19126 CVE-2019-18408 CVE-2019-17451
                   CVE-2019-16769 CVE-2019-16056 CVE-2019-15847
                   CVE-2019-15718 CVE-2019-14973 CVE-2019-14822
                   CVE-2019-13753 CVE-2019-13752 CVE-2019-13636
                   CVE-2019-13232 CVE-2019-12795 CVE-2019-12450
                   CVE-2019-12449 CVE-2019-12448 CVE-2019-12447
                   CVE-2019-11459 CVE-2019-11358 CVE-2019-11324
                   CVE-2019-11236 CVE-2019-11070 CVE-2019-8768
                   CVE-2019-8735 CVE-2019-8726 CVE-2019-8696
                   CVE-2019-8690 CVE-2019-8689 CVE-2019-8687
                   CVE-2019-8686 CVE-2019-8681 CVE-2019-8679
                   CVE-2019-8677 CVE-2019-8676 CVE-2019-8675
                   CVE-2019-8673 CVE-2019-8672 CVE-2019-8671
                   CVE-2019-8666 CVE-2019-8623 CVE-2019-8622
                   CVE-2019-8619 CVE-2019-8615 CVE-2019-8611
                   CVE-2019-8610 CVE-2019-8609 CVE-2019-8608
                   CVE-2019-8607 CVE-2019-8601 CVE-2019-8597
                   CVE-2019-8596 CVE-2019-8595 CVE-2019-8594
                   CVE-2019-8587 CVE-2019-8586 CVE-2019-8584
                   CVE-2019-8583 CVE-2019-8571 CVE-2019-8563
                   CVE-2019-8559 CVE-2019-8558 CVE-2019-8544
                   CVE-2019-8536 CVE-2019-8535 CVE-2019-8524
                   CVE-2019-8523 CVE-2019-8518 CVE-2019-8506
                   CVE-2019-8457 CVE-2019-7665 CVE-2019-7664
                   CVE-2019-7150 CVE-2019-7149 CVE-2019-7146
                   CVE-2019-6706 CVE-2019-6454 CVE-2019-6251
                   CVE-2019-6237 CVE-2019-5953 CVE-2019-5482
                   CVE-2019-5481 CVE-2019-5436 CVE-2019-5094
                   CVE-2019-3844 CVE-2019-3843 CVE-2019-3825
                   CVE-2019-3823 CVE-2019-3822 CVE-2019-1563
                   CVE-2019-1549 CVE-2019-1547 CVE-2018-20852
                   CVE-2018-20657 CVE-2018-20483 CVE-2018-20337
                   CVE-2018-20060 CVE-2018-19519 CVE-2018-18751
                   CVE-2018-18624 CVE-2018-18074 CVE-2018-16890
                   CVE-2018-14498 CVE-2018-14404 CVE-2018-9251
                   CVE-2016-10739 CVE-2013-0169 

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4298

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.6.1 image security update
Advisory ID:       RHSA-2020:4298-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4298
Issue date:        2020-10-27
CVE Names:         CVE-2013-0169 CVE-2016-10739 CVE-2018-9251 
                   CVE-2018-14404 CVE-2018-14498 CVE-2018-16890 
                   CVE-2018-18074 CVE-2018-18624 CVE-2018-18751 
                   CVE-2018-19519 CVE-2018-20060 CVE-2018-20337 
                   CVE-2018-20483 CVE-2018-20657 CVE-2018-20852 
                   CVE-2019-1547 CVE-2019-1549 CVE-2019-1563 
                   CVE-2019-3822 CVE-2019-3823 CVE-2019-3825 
                   CVE-2019-3843 CVE-2019-3844 CVE-2019-5094 
                   CVE-2019-5436 CVE-2019-5481 CVE-2019-5482 
                   CVE-2019-5953 CVE-2019-6237 CVE-2019-6251 
                   CVE-2019-6454 CVE-2019-6706 CVE-2019-7146 
                   CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 
                   CVE-2019-7665 CVE-2019-8457 CVE-2019-8506 
                   CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 
                   CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 
                   CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 
                   CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 
                   CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 
                   CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 
                   CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 
                   CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 
                   CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 
                   CVE-2019-8623 CVE-2019-8666 CVE-2019-8671 
                   CVE-2019-8672 CVE-2019-8673 CVE-2019-8675 
                   CVE-2019-8676 CVE-2019-8677 CVE-2019-8679 
                   CVE-2019-8681 CVE-2019-8686 CVE-2019-8687 
                   CVE-2019-8689 CVE-2019-8690 CVE-2019-8696 
                   CVE-2019-8726 CVE-2019-8735 CVE-2019-8768 
                   CVE-2019-11070 CVE-2019-11236 CVE-2019-11324 
                   CVE-2019-11358 CVE-2019-11459 CVE-2019-12447 
                   CVE-2019-12448 CVE-2019-12449 CVE-2019-12450 
                   CVE-2019-12795 CVE-2019-13232 CVE-2019-13636 
                   CVE-2019-13752 CVE-2019-13753 CVE-2019-14822 
                   CVE-2019-14973 CVE-2019-15718 CVE-2019-15847 
                   CVE-2019-16056 CVE-2019-16769 CVE-2019-17451 
                   CVE-2019-18408 CVE-2019-19126 CVE-2019-19923 
                   CVE-2019-19924 CVE-2019-19925 CVE-2019-19959 
                   CVE-2019-1010180 CVE-2019-1010204 CVE-2020-1712 
                   CVE-2020-7013 CVE-2020-7598 CVE-2020-7662 
                   CVE-2020-8203 CVE-2020-9283 CVE-2020-10531 
                   CVE-2020-10715 CVE-2020-10743 CVE-2020-11008 
                   CVE-2020-11022 CVE-2020-11023 CVE-2020-11110 
                   CVE-2020-12049 CVE-2020-12052 CVE-2020-12245 
                   CVE-2020-13822 CVE-2020-14040 CVE-2020-14336 
                   CVE-2020-15366 CVE-2020-15719 
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)

* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)

* grafana: XSS vulnerability via a column style on the "Dashboard > Table
Panel" screen (CVE-2018-18624)

* js-jquery: prototype pollution in object's prototype leading to denial of
service or remote code execution or property injection (CVE-2019-11358)

* npm-serialize-javascript: XSS via unsafe characters in serialized regular
expressions (CVE-2019-16769)

* kibana: Prototype pollution in TSVB could result in arbitrary code
execution (ESA-2020-06) (CVE-2020-7013)

* nodejs-minimist: prototype pollution allows adding or modifying
properties of Object.prototype using a constructor or __proto__ payload
(CVE-2020-7598)

* npmjs-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7662)

* nodejs-lodash: prototype pollution in zipObjectDeep function
(CVE-2020-8203)

* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)

* jQuery: passing HTML containing  elements to manipulation methods
could result in untrusted code execution (CVE-2020-11023)

* grafana: stored XSS (CVE-2020-11110)

* grafana: XSS annotation popup vulnerability (CVE-2020-12052)

* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)

* nodejs-elliptic: improper encoding checks allows a certain degree of
signature malleability in ECDSA signatures (CVE-2020-13822)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate
function (CVE-2020-15366)

* openshift/console: text injection on error page via crafted url
(CVE-2020-10715)

* kibana: X-Frame-Option not set by default might lead to clickjacking
(CVE-2020-10743)

* openshift: restricted SCC allows pods to craft custom network packets
(CVE-2020-14336)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
ease-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
- - -cli.html.

4. Bugs fixed (https://bugzilla.redhat.com/):

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking
1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability
1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions
1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip
1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures
1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)
1850004 - CVE-2020-11023 jquery: Passing HTML containing  elements to manipulation methods could result in untrusted code execution
1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function
1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets
1861044 - CVE-2020-11110 grafana: stored XSS
1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]

5. References:

https://access.redhat.com/security/cve/CVE-2013-0169
https://access.redhat.com/security/cve/CVE-2016-10739
https://access.redhat.com/security/cve/CVE-2018-9251
https://access.redhat.com/security/cve/CVE-2018-14404
https://access.redhat.com/security/cve/CVE-2018-14498
https://access.redhat.com/security/cve/CVE-2018-16890
https://access.redhat.com/security/cve/CVE-2018-18074
https://access.redhat.com/security/cve/CVE-2018-18624
https://access.redhat.com/security/cve/CVE-2018-18751
https://access.redhat.com/security/cve/CVE-2018-19519
https://access.redhat.com/security/cve/CVE-2018-20060
https://access.redhat.com/security/cve/CVE-2018-20337
https://access.redhat.com/security/cve/CVE-2018-20483
https://access.redhat.com/security/cve/CVE-2018-20657
https://access.redhat.com/security/cve/CVE-2018-20852
https://access.redhat.com/security/cve/CVE-2019-1547
https://access.redhat.com/security/cve/CVE-2019-1549
https://access.redhat.com/security/cve/CVE-2019-1563
https://access.redhat.com/security/cve/CVE-2019-3822
https://access.redhat.com/security/cve/CVE-2019-3823
https://access.redhat.com/security/cve/CVE-2019-3825
https://access.redhat.com/security/cve/CVE-2019-3843
https://access.redhat.com/security/cve/CVE-2019-3844
https://access.redhat.com/security/cve/CVE-2019-5094
https://access.redhat.com/security/cve/CVE-2019-5436
https://access.redhat.com/security/cve/CVE-2019-5481
https://access.redhat.com/security/cve/CVE-2019-5482
https://access.redhat.com/security/cve/CVE-2019-5953
https://access.redhat.com/security/cve/CVE-2019-6237
https://access.redhat.com/security/cve/CVE-2019-6251
https://access.redhat.com/security/cve/CVE-2019-6454
https://access.redhat.com/security/cve/CVE-2019-6706
https://access.redhat.com/security/cve/CVE-2019-7146
https://access.redhat.com/security/cve/CVE-2019-7149
https://access.redhat.com/security/cve/CVE-2019-7150
https://access.redhat.com/security/cve/CVE-2019-7664
https://access.redhat.com/security/cve/CVE-2019-7665
https://access.redhat.com/security/cve/CVE-2019-8457
https://access.redhat.com/security/cve/CVE-2019-8506
https://access.redhat.com/security/cve/CVE-2019-8518
https://access.redhat.com/security/cve/CVE-2019-8523
https://access.redhat.com/security/cve/CVE-2019-8524
https://access.redhat.com/security/cve/CVE-2019-8535
https://access.redhat.com/security/cve/CVE-2019-8536
https://access.redhat.com/security/cve/CVE-2019-8544
https://access.redhat.com/security/cve/CVE-2019-8558
https://access.redhat.com/security/cve/CVE-2019-8559
https://access.redhat.com/security/cve/CVE-2019-8563
https://access.redhat.com/security/cve/CVE-2019-8571
https://access.redhat.com/security/cve/CVE-2019-8583
https://access.redhat.com/security/cve/CVE-2019-8584
https://access.redhat.com/security/cve/CVE-2019-8586
https://access.redhat.com/security/cve/CVE-2019-8587
https://access.redhat.com/security/cve/CVE-2019-8594
https://access.redhat.com/security/cve/CVE-2019-8595
https://access.redhat.com/security/cve/CVE-2019-8596
https://access.redhat.com/security/cve/CVE-2019-8597
https://access.redhat.com/security/cve/CVE-2019-8601
https://access.redhat.com/security/cve/CVE-2019-8607
https://access.redhat.com/security/cve/CVE-2019-8608
https://access.redhat.com/security/cve/CVE-2019-8609
https://access.redhat.com/security/cve/CVE-2019-8610
https://access.redhat.com/security/cve/CVE-2019-8611
https://access.redhat.com/security/cve/CVE-2019-8615
https://access.redhat.com/security/cve/CVE-2019-8619
https://access.redhat.com/security/cve/CVE-2019-8622
https://access.redhat.com/security/cve/CVE-2019-8623
https://access.redhat.com/security/cve/CVE-2019-8666
https://access.redhat.com/security/cve/CVE-2019-8671
https://access.redhat.com/security/cve/CVE-2019-8672
https://access.redhat.com/security/cve/CVE-2019-8673
https://access.redhat.com/security/cve/CVE-2019-8675
https://access.redhat.com/security/cve/CVE-2019-8676
https://access.redhat.com/security/cve/CVE-2019-8677
https://access.redhat.com/security/cve/CVE-2019-8679
https://access.redhat.com/security/cve/CVE-2019-8681
https://access.redhat.com/security/cve/CVE-2019-8686
https://access.redhat.com/security/cve/CVE-2019-8687
https://access.redhat.com/security/cve/CVE-2019-8689
https://access.redhat.com/security/cve/CVE-2019-8690
https://access.redhat.com/security/cve/CVE-2019-8696
https://access.redhat.com/security/cve/CVE-2019-8726
https://access.redhat.com/security/cve/CVE-2019-8735
https://access.redhat.com/security/cve/CVE-2019-8768
https://access.redhat.com/security/cve/CVE-2019-11070
https://access.redhat.com/security/cve/CVE-2019-11236
https://access.redhat.com/security/cve/CVE-2019-11324
https://access.redhat.com/security/cve/CVE-2019-11358
https://access.redhat.com/security/cve/CVE-2019-11459
https://access.redhat.com/security/cve/CVE-2019-12447
https://access.redhat.com/security/cve/CVE-2019-12448
https://access.redhat.com/security/cve/CVE-2019-12449
https://access.redhat.com/security/cve/CVE-2019-12450
https://access.redhat.com/security/cve/CVE-2019-12795
https://access.redhat.com/security/cve/CVE-2019-13232
https://access.redhat.com/security/cve/CVE-2019-13636
https://access.redhat.com/security/cve/CVE-2019-13752
https://access.redhat.com/security/cve/CVE-2019-13753
https://access.redhat.com/security/cve/CVE-2019-14822
https://access.redhat.com/security/cve/CVE-2019-14973
https://access.redhat.com/security/cve/CVE-2019-15718
https://access.redhat.com/security/cve/CVE-2019-15847
https://access.redhat.com/security/cve/CVE-2019-16056
https://access.redhat.com/security/cve/CVE-2019-16769
https://access.redhat.com/security/cve/CVE-2019-17451
https://access.redhat.com/security/cve/CVE-2019-18408
https://access.redhat.com/security/cve/CVE-2019-19126
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19924
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19959
https://access.redhat.com/security/cve/CVE-2019-1010180
https://access.redhat.com/security/cve/CVE-2019-1010204
https://access.redhat.com/security/cve/CVE-2020-1712
https://access.redhat.com/security/cve/CVE-2020-7013
https://access.redhat.com/security/cve/CVE-2020-7598
https://access.redhat.com/security/cve/CVE-2020-7662
https://access.redhat.com/security/cve/CVE-2020-8203
https://access.redhat.com/security/cve/CVE-2020-9283
https://access.redhat.com/security/cve/CVE-2020-10531
https://access.redhat.com/security/cve/CVE-2020-10715
https://access.redhat.com/security/cve/CVE-2020-10743
https://access.redhat.com/security/cve/CVE-2020-11008
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/cve/CVE-2020-11110
https://access.redhat.com/security/cve/CVE-2020-12049
https://access.redhat.com/security/cve/CVE-2020-12052
https://access.redhat.com/security/cve/CVE-2020-12245
https://access.redhat.com/security/cve/CVE-2020-13822
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14336
https://access.redhat.com/security/cve/CVE-2020-15366
https://access.redhat.com/security/cve/CVE-2020-15719
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX5hNRdzjgjWX9erEAQjWHw//Vb+pq3h/VBFJSPE25X1FEd1tnEGewpXd
1l3ZHxzr40FNlnC/k7dlJr4Fo6QOTY4FqS7Ln3xzjHKWsCj/eV+3MjHI0jBmrMyq
ppRDgNiExWqpfF2/docyjHOkQYDnoeAAzl8m6cAOIsmy12O3AlwH2eLQYUHLsbqg
fvewGC0Xn1w8FfrAdrcLq5eTzBST/v/tLXetKNxO5l3YD2sBQyiYe6ECrkZaVaWZ
OStJb6QOZ4vraibjXvHGx/JJr8F9h+7lYEA1QXU5sWOISGnF0VKEa0sH1/GzQ1HI
7Zau1Pajm1wNmLS8kkIgcmufij63YO22DscW5pndUJEnGIc6ZkbS/Ck9gKZCDEVn
3xqa69DivlpUeIdCmnxgBMNX1RL2jKWKT8JgpmTH8eu8ZE1ALY/sEbk4irueRzox
MHowSLTHr4vqk+5aDL+obkTw/ZonokKqbkVjuzcZcN6cLSBHRo5LoQ3Sohy/RKhC
CU2nBfbCQjaCKhN/zW5m7jJLAlD4gLXeBB98m4CTg270ZSt9Oew0Y/a7itjSJUv+
69uv2J88uMrnF4gwNolVn4Ekes/XxxlPzGm7Crw33n7mIneOISmIvOJ3DVuuoFwf
lOgL4ZaIquTxcVdTCsZl5CaOqDKrCmBJc+e12ZUol8V0jkrUaR6ChSXK6W4sEuYa
zXRPCSPuxw0=
=vK2F
- -----END PGP SIGNATURE-----

- --
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5jKeeNLKJtyKPYoAQiILBAAsy2KsKJLd+MyUGeSswNG2e/n09o28Zu9
5ZRD7rINiwXCskBUWh386AwTSriM7miWKs7OpvjzNQS7crZfhZSM8goPqZ2Uo56i
X8drhpklovafING/6T645k5Ke64Mj1k5bLuoQzUdOdSH3QJ85Dsc32znp7uGVYYB
gnCvCDih40yxaRw8D5DP2oCK5SG9X/JVgeQyP+1+YXh3qa3aw7gRo/73JWjP0hYG
c1L561D6x7U4PE2fCOq38JYL9pD0eKAxmR6ivVLoVlAXDEj3X+pr8hk37mh4BzS8
DjKFwE0DS9PmdnTPlecP124i+uHoo7wkKnFSADeU092cdXvAyFkcUHfFlBfRrndQ
L89DM/KczrKJAZvoJWaOdAjpnXnCoBqKSVCZP7m2hGW06X/PMumfzrFfakgSt0Io
KIkMvI1NUXd0ZK5bYO+0qry0tF+7Lhqz4tZGStglunCdqqvGNwhxWOv+KYGZw5iu
q4f4XytQv6tBgjndNDmJ64sYKb6Uo8y/g2Eu0FwKoffNm6y+1CiUf/pjTWIxoToS
nqLX5IkyYTHJ4LNgXlAwMsFLhmEJnCLoT86rxFxt0thQpEv3SfNhyhk9bH9mBAWK
ZgDn+IVdKmVyk7AL0WpFPtXq3QH3J0bObUJwEiv5SJi9hz/HUDUKlgiVTn/COkOI
mh8iVeQ0fxE=
=rd9z
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3700 – [RedHat] OpenShift Container Platform 4.6.1: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/28/esb-2020-3700-redhat-openshift-container-platform-4-6-1-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3700-redhat-openshift-container-platform-4-6-1-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...