RHSA-2020:2479: Moderate: OpenShift Container Platform 3.11 atomic-openshift security update
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. <br>Security Fix(es):<br><li> libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions (CVE-2017-18367)</li> <li> kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)</li> <li> kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information (CVE-2020-8555)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:2479?
The severity of RHSA-2020:2479 is important, indicating a significant security vulnerability in OpenShift Enterprise.
How do I fix RHSA-2020:2479?
To fix RHSA-2020:2479, you should update your OpenShift Enterprise packages to version 3.11.232-1.git.0.a5bc32f.el7.
Which packages are affected by RHSA-2020:2479?
RHSA-2020:2479 affects multiple packages including atomic-openshift, atomic-openshift-clients, and atomic-openshift-master.
What is the nature of the vulnerability in RHSA-2020:2479?
The vulnerability in RHSA-2020:2479 involves the mishandling of multiple argument rules leading to a bypass of intended access.
When should I apply the patch for RHSA-2020:2479?
You should apply the patch for RHSA-2020:2479 as soon as possible to mitigate the security risk associated with the vulnerability.