Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0079
HistoryJan 20, 2021 - 4:38 p.m.

(RHSA-2021:0079) Moderate: OpenShift Container Platform 3.11.374 bug fix and security update

2021-01-2016:38:11
access.redhat.com
114

0.007 Low

EPSS

Percentile

80.9%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.374. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:0080

Security Fix(es):

  • golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter (CVE-2019-11840)

  • kubernetes: MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)

  • python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64atomic-enterprise-service-catalog< 3.11.374-1.git.1675.738abcc.el7atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-tests< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-tests-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
RedHat7ppc64leatomic-openshift-service-idler< 3.11.374-1.git.15.523a1f7.el7atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.ppc64le.rpm
RedHat7x86_64atomic-openshift-pod< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-pod-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
RedHat7x86_64golang-github-openshift-oauth-proxy< 3.11.374-1.git.439.966c536.el7golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.x86_64.rpm
RedHat7ppc64leopenshift-enterprise-autoheal< 3.11.374-1.git.218.9cf7939.el7openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.ppc64le.rpm
RedHat7x86_64atomic-openshift-web-console< 3.11.374-1.git.647.9e78d83.el7atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.x86_64.rpm
RedHat7ppc64leatomic-openshift-metrics-server< 3.11.374-1.git.53.9df25a9.el7atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.ppc64le.rpm
RedHat7ppc64leatomic-enterprise-service-catalog-svcat< 3.11.374-1.git.1675.738abcc.el7atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7.ppc64le.rpm
RedHat7ppc64leatomic-openshift-cluster-autoscaler< 3.11.374-1.git.0.2996f62.el7atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.ppc64le.rpm
Rows per page:
1-10 of 621

Related

nessus 51
openvas 20
osv 20
debiancve 3
debian 8
cve 3
cgr 1
cvelist 3
redhatcve 3
gitlab 5
veracode 3
github 3
ubuntucve 3
wolfi 1
amazon 1
ibm 18
suse 4
oraclelinux 5
almalinux 2
redhat 7
cbl_mariner 4
mageia 2
ubuntu 1
rocky 2
githubexploit 5
alpinelinux 2
prion 3
hackerone 1
nvd 3
f5 1
photon 7
centos 1
kitploit 2
rosalinux 1
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11.374 bug fix and (RHSA-2021:0079)
2021-01-20 00:00:00
Debian DLA-2454-1 : rclone security update
2020-11-19 00:00:00
Debian DLA-2442-1 : obfs4proxy security update
2020-11-10 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2442-1)
2020-11-10 00:00:00
Debian: Security Advisory (DLA-1840-1)
2019-07-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3723-1)
2021-06-09 00:00:00
osv
osv
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
2022-05-24 16:45:25
Insufficiently random values in golang.org/x/crypto/salsa20
2022-07-01 20:15:25
golang-go.crypto - security update
2019-06-30 00:00:00
debiancve
debiancve
CVE-2019-11840
2019-05-09 16:29:00
CVE-2020-8554
2021-01-21 17:15:13
CVE-2020-26137
2020-09-30 18:15:26
debian
debian
[SECURITY] [DLA 2454-1] rclone security update
2020-11-18 21:01:58
[SECURITY] [DLA 2442-1] obfs4proxy security update
2020-11-09 21:54:58
[SECURITY] [DLA 2527-1] snapd security update
2021-01-17 21:20:08
cve
cve
CVE-2019-11840
2019-05-09 16:29:00
CVE-2020-8554
2021-01-21 17:15:13
CVE-2020-26137
2020-09-30 18:15:26
cgr
cgr
CVE-2019-11840 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2019-11840
2019-05-09 00:00:00
CVE-2020-8554 Kubernetes man in the middle using LoadBalancer or ExternalIPs
2020-12-07 00:00:00
CVE-2020-26137
2020-09-29 00:00:00
redhatcve
redhatcve
CVE-2019-11840
2020-04-08 05:31:02
CVE-2020-26137
2020-09-29 19:03:30
CVE-2020-8554
2020-12-07 20:21:43
gitlab
gitlab
Use of Insufficiently Random Values
2022-05-24 00:00:00
Incorrect Authorization
2021-01-21 00:00:00
Use of Insufficiently Random Values
2022-05-24 00:00:00
veracode
veracode
Wrong And Predictable Encryption
2019-07-01 07:31:03
Carriage-Return Line-Feed (CRLF) Injection
2020-10-01 01:43:17
Man-in-the-Middle (MitM)
2021-01-22 08:18:49
github
github
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
2022-05-24 16:45:25
Unverified Ownership in Kubernetes
2022-02-08 21:50:34
CRLF injection in urllib3
2021-06-18 18:46:43
ubuntucve
ubuntucve
CVE-2019-11840
2019-05-09 00:00:00
CVE-2020-8554
2021-01-21 00:00:00
CVE-2020-26137
2020-09-30 00:00:00
wolfi
wolfi
CVE-2019-11840 vulnerabilities
2024-07-01 09:08:36
amazon
amazon
Medium: python-urllib3
2021-06-16 20:37:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2020-26137]
2024-02-29 20:30:41
Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)
2020-12-04 06:34:59
Security Bulletin: A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).
2023-08-21 17:54:57
suse
suse
Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)
2021-08-23 00:00:00
Security update for python-urllib3 (moderate)
2020-12-13 00:00:00
Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)
2021-08-27 00:00:00
oraclelinux
oraclelinux
python-urllib3 security update
2021-05-25 00:00:00
olcne security update
2021-02-10 00:00:00
olcne security update
2021-02-10 00:00:00
almalinux
almalinux
Moderate: python-urllib3 security update
2021-05-18 05:42:27
Moderate: python27:2.7 security and bug fix update
2021-05-18 06:02:07
redhat
redhat
(RHSA-2021:1631) Moderate: python-urllib3 security update
2021-05-18 05:42:27
(RHSA-2022:5235) Moderate: python security update
2022-06-28 07:52:39
(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update
2021-05-18 06:02:07
cbl_mariner
cbl_mariner
CVE-2020-26137 affecting package python-urllib3 1.24.2-2
2021-08-11 06:39:25
CVE-2020-8554 affecting package kubernetes 1.22.6-4
2022-01-26 22:57:10
CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-2
2024-03-19 17:21:46
mageia
mageia
Updated python-urllib3 packages fix security vulnerability
2021-01-25 18:25:52
Updated python-pip packages fix security vulnerabilities
2021-01-25 18:25:52
ubuntu
ubuntu
urllib3 vulnerability
2020-10-05 00:00:00
rocky
rocky
python-urllib3 security update
2021-05-18 05:42:27
python27:2.7 security and bug fix update
2021-05-18 06:02:07
githubexploit
githubexploit
Exploit for Incorrect Authorization in Kubernetes
2021-01-21 22:41:50
Exploit for Incorrect Authorization in Kubernetes
2020-12-11 17:40:47
Exploit for Incorrect Authorization in Kubernetes
2021-02-09 21:29:44
alpinelinux
alpinelinux
CVE-2020-8554
2021-01-21 17:15:13
CVE-2020-26137
2020-09-30 18:15:26
prion
prion
Code injection
2021-01-21 17:15:00
Information disclosure
2019-05-09 16:29:00
Crlf injection
2020-09-30 18:15:00
hackerone
hackerone
Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services
2019-12-27 06:05:35
nvd
nvd
CVE-2019-11840
2019-05-09 16:29:00
CVE-2020-8554
2021-01-21 17:15:13
CVE-2020-26137
2020-09-30 18:15:26
f5
f5
K000133547 : Python urllib3 vulnerability CVE-2020-26137
2023-04-18 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0456
2022-03-28 00:00:00
Important Photon OS Security Update - PHSA-2021-0246
2021-06-02 00:00:00
Critical Photon OS Security Update - PHSA-2021-0442
2021-10-13 00:00:00
centos
centos
python, tkinter security update
2022-08-02 19:15:12
kitploit
kitploit
CDK - Zero Dependency Container Penetration Toolkit
2021-01-21 11:30:00
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
2021-06-04 21:30:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2203
2023-08-01 12:58:39

0.007 Low

EPSS

Percentile

80.9%

JSON
Related for RHSA-2021:0079
nessus51openvas20osv20debiancve3debian8cve3cgr1cvelist3redhatcve3gitlab5veracode3github3ubuntucve3wolfi1amazon1ibm18suse4oraclelinux5almalinux2redhat7cbl_mariner4mageia2ubuntu1rocky2githubexploit5alpinelinux2prion3hackerone1nvd3f51photon7centos1kitploit2rosalinux1