Wednesday, February 17, 2021

Red Hat Security Advisory 2021-0436-01

Hash: SHA256

Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
Advisory ID: RHSA-2021:0436-01
Product: Red Hat OpenShift Enterprise
Advisory URL:
Issue date: 2021-02-16
CVE Names: CVE-2018-20843 CVE-2019-1551 CVE-2019-5018
CVE-2019-8625 CVE-2019-8710 CVE-2019-8720
CVE-2019-8743 CVE-2019-8764 CVE-2019-8766
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8823 CVE-2019-8835
CVE-2019-8844 CVE-2019-8846 CVE-2019-11068
CVE-2019-13050 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15903 CVE-2019-16168
CVE-2019-16935 CVE-2019-18197 CVE-2019-19221
CVE-2019-19906 CVE-2019-19956 CVE-2019-20218
CVE-2019-20386 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20807 CVE-2019-20907
CVE-2019-20916 CVE-2020-1730 CVE-2020-1751
CVE-2020-1752 CVE-2020-1971 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-6405 CVE-2020-7595 CVE-2020-8177
CVE-2020-8492 CVE-2020-9327 CVE-2020-9802
CVE-2020-9803 CVE-2020-9805 CVE-2020-9806
CVE-2020-9807 CVE-2020-9843 CVE-2020-9850
CVE-2020-9862 CVE-2020-9893 CVE-2020-9894
CVE-2020-9895 CVE-2020-9915 CVE-2020-9925
CVE-2020-10018 CVE-2020-10029 CVE-2020-11793
CVE-2020-13630 CVE-2020-13631 CVE-2020-13632
CVE-2020-14382 CVE-2020-14391 CVE-2020-14422
CVE-2020-15503 CVE-2020-24659 CVE-2020-28362
1. Summary:

An update for compliance-content-container,
ose-compliance-openscap-container, ose-compliance-operator-container, and
ose-compliance-operator-metadata-container is now available for Red Hat
OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

The compliance-operator image updates are now available for OpenShift
Container Platform 4.6.

This advisory provides the following updates among others:

* Enhances profile parsing time.
* Fixes excessive resource consumption from the Operator.
* Fixes default content image.
* Fixes outdated remediation handling.

Security Fix(es):

* golang: math/big: panic during recursive division of very large numbers

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

Details on how to access this content are available at
- -cli.html.

4. Bugs fixed (

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1918990 - ComplianceSuite scans use quay content image for initContainer
1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present
1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules
1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console.

5. References:

6. Contact:

The Red Hat security contact is <[email protected]>. More contact
details at

Copyright 2021 Red Hat, Inc.
Version: GnuPG v1


RHSA-announce mailing list
[email protected]

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated