-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.6.6 security update Advisory ID: RHSA-2020:5159-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5159 Issue date: 2020-11-30 CVE Names: CVE-2020-16845 ===================================================================== 1. Summary: An update for faq is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.6 - ppc64le, s390x, x86_64 3. Description: TODO: add package description Security Fix(es): * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 6. Package List: Red Hat OpenShift Container Platform 4.6: Source: faq-0.0.6-5.el8.src.rpm ppc64le: faq-0.0.6-5.el8.ppc64le.rpm s390x: faq-0.0.6-5.el8.s390x.rpm x86_64: faq-0.0.6-5.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX8UKLtzjgjWX9erEAQgTIw//Uh7W1tziGuLbHyNrWuDzomylik4A0PXV FlHKkE4Yo34BVDKKJUlF7FrvR/QmgI/AfJYwDemmqT966TWCKeHi9bA4+Q+MKHmF O8xQBL5huWV/BZFz5xB40Ie6LwKjJljgzoHOvgX1ZiksYDKUlzzveO8iZmNrr7mJ AJfz4gRcuxlEdk+W/5hmO4PRm72vNDZ9krMAaK9kMCyp7QQVjioy8IQw3opJBTko 09SdZwDE+RBIE6nKW2/5/4JHCnwBZ05k7FSlyrc93FgmeUsk8P/n3qG/kvnc5uJh Y8T7p+0MGIev0M9WKsxoIIy2i4MFGJOfCpH1nBuV9ELK1yIfTbcTijVaJ0oHexH+ Br2iPvLw8atiFoOKpJmLhc9wPpnU/jHb4wXR+q3/Evg3VMQWqrSzbRSj/C6bzY5r mxf44Yl0A4pZ0VhhvLce8pT6Gz+lluaQ7dZ8D7VBdGkz0T+ykx3vJuMci4UGq3yT yIawLx0TXDSegxnYFbGcV4P8zuUbifOSnRhQhk9O5bcs6KeHabp+uBXHP18Fj65q RRfDfTcj8c3FsACaDruzvEY6iC8ihHqkto3Aep46Gmej199le1v/h1CtZ7DkQGBN 7vBMzhsNmTWyTmWjtVx9JAGG5IiFr4DGVOaWsh5jqqTRj8goX470WJMHh9hqWpgt mXz+v3D7koE= =yc4A -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce