* etcd: no authentication is performed against endpoints provided in the * etcd: gateway can include itself as an endpoint resulting in resourceĮxhaustion and leads to DoS (CVE-2020-15114) * etcd: directories created via os.MkdirAll are not checked for permissions * etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index * SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) Shortly for this release, for details about these changes: See the following Release Notes documentation, which will be updated Space precludes documenting all of the container images in this advisory. See the following advisory for the RPM packages for this This advisory contains the container images for Red Hat OpenShift Container Page(s) listed in the References section. Score, acknowledgments, and other related information, refer to the CVE Kubernetes application platform solution designed for on-premise or privateįor more details about the security issue(s), including the impact, a CVSS Red Hat OpenShift Container Platform is Red Hat's cloud computing
The CVE link(s) in the References section. Gives a detailed severity rating, is available for each vulnerability from A Common Vulnerability Scoring System (CVSS) base score, which
Red Hat Product Security has rated this update as having a security impact This release includes a security update for Red Hat OpenShift Container Updates to packages and images that fix several bugs and add enhancements. Red Hat OpenShift Container Platform release 4.8.2 is now available with RHSA-2021:2438-01: Moderate: OpenShift Container Platform 4.8.2 bug fix and security update An OpenShift Container Platform 4.8.2 bug fix and security update has been released.