RHBA-2020:4229 - Bug Fix Advisory



Published: 2020-11-13
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2020-15586
CVE-2020-16845
CWE ID CWE-362
CWE-835
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
openshift-ansible (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-service-idler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-enterprise-service-catalog (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-clients (Red Hat package)
Operating systems & Components / Operating system package or component

machine-config-daemon (Red Hat package)
Operating systems & Components / Operating system package or component

cri-o (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-kuryr (Red Hat package)
Operating systems & Components / Operating system package or component

openshift (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Advisory

1) Race condition

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-15586

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler. A remote attacker can exploit the race and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

openshift-ansible (Red Hat package): 3.2.42-1.git.0.6b09be9.el7, 3.3.149-1.git.0.3859ddb.el7, 3.4.67-1.git.0.14a0b4d.el7, 3.4.89-1.git.0.ac29ce8.el7, 3.4.168-1.git.0.bb73aad.el7, 3.4.172-1.git.0.33fe526.el7, 3.6.173.0.140-1.git.0.0ccb19b.el7, 3.8.44-1.git.0.2bfde74.el7, 3.11.43-1.git.0.fa69a02.el7, 3.11.146-1.git.0.fcedb45.el7, 3.11.248-1.git.0.fd212c7.el7, 4.1.16-201909090609.git.162.a0800db.el7, 4.1.37-202002280447.git.1.bb180eb.el7, 4.2.0-201910111434.git.190.85c9108.el7, 4.2.4-201911010432.git.190.b4a7b0f.el7, 4.2.20-202002140432.git.187.2308b53.el7, 4.3.1-202001310552.git.174.dcdb91b.el7, 4.3.3-202002142331.git.173.bb0b5a1.el7, 4.3.5-202002280657.git.1.e4f02b3.el7, 4.3.9-202003230116.git.0.6124c7d.el7, 4.3.10-202003300415.git.0.6fe3ef9.el7, 4.3.25-202006060952.git.1.1253fde.el7, 4.4.0-202006061254.git.1.a996454.el7

atomic-openshift-service-idler (Red Hat package): 3.11.43-1.git.14.bbbb450.el7, 3.11.146-1.git.1.723cb8d.el7, 3.11.248-1.git.1.4c42a90.el7, 4.2.0-201910101431.git.1.b99e6ee.el7, 4.2.4-201911041319.git.1.4131c2f.el7, 4.2.20-202002170402.git.1.43218bc.el7, 4.3.1-202002031701.git.1.a23cda8.el7, 4.3.3-202002170501.git.1.4feff9c.el7, 4.3.5-202003020117.git.13.3ac2b0e.el7, 4.3.9-202003230116.git.13.7ac3e5c.el7, 4.3.10-202003300415.git.13.ac05c4a.el7, 4.3.25-202006081518.git.1.79365c5.el7, 4.4.0-202006080017.git.1.7e463c3.el7

atomic-enterprise-service-catalog (Red Hat package): 3.11.43-1.git.1671.04b17f5.el7, 3.11.146-1.git.1.3f0869b.el7, 3.11.248-1.git.1.9aad2ef.el7, 4.1.14-201908290858.git.1.28cc9ff.el7, 4.1.16-201909090609.git.1.cc4acc1.el7, 4.1.37-202003020601.git.0.5784dc4.el7, 4.2.0-201910101431.git.1.03fe87b.el7, 4.2.4-201911041319.git.1.1de4bcd.el7, 4.2.20-202002170402.git.1.159e2f5.el7, 4.3.1-202002031701.git.1.095aaf2.el7, 4.3.3-202002170501.git.1.f30799e.el7, 4.3.5-202003020117.git.0.4eb885c.el7, 4.3.9-202003230116.git.0.57d5c98.el7, 4.3.10-202003300415.git.0.68d5fb7.el7, 4.3.25-202006081518.git.1.52b3a66.el7, 4.4.0-202006080017.git.1.77a5cc9.el7

openshift-clients (Red Hat package): 4.2.32-202005020632.git.1.1b0fab9.el8, 4.3.1-202001310552.git.1.075d46a.el7, 4.3.1-202001310552.git.1.075d46a.el8, 4.3.3-202002140552.git.1.ff73b47.el7, 4.3.3-202002140552.git.1.ff73b47.el8, 4.3.5-202002280657.git.1.55a9334.el7, 4.3.5-202002280657.git.1.55a9334.el8, 4.3.7-202003130552.git.0.6027a27.el7, 4.3.7-202003130552.git.0.6027a27.el8, 4.3.9-202003230116.git.0.3d3933c.el7, 4.3.9-202003230116.git.0.3d3933c.el8, 4.3.10-202003300001.git.0.e43c148.el8, 4.3.10-202003300415.git.0.3576c99.el7, 4.3.25-202006060952.git.1.fd93102.el7, 4.3.25-202006060952.git.1.fd93102.el8, 4.3.31-202007250052.p0.git.3329.59998b9.el7, 4.3.31-202007250052.p0.git.3329.59998b9.el8, 4.4.0-202006061254.git.1.26cb6dc.el7, 4.4.0-202006061254.git.1.26cb6dc.el8

machine-config-daemon (Red Hat package): 4.2.0-201907161330.git.1.bf8077c.el8, 4.2.20-202002170402.git.1.a83336a.el8, 4.3.1-202002031701.git.1.0ad9b3b.el8, 4.3.3-202002170501.git.1.6b1b155.el8, 4.3.5-202003020117.git.0.61e0e48.el8, 4.3.9-202003230116.git.0.26e7ac9.el8, 4.3.10-202003300415.git.0.56d6ae0.el8, 4.3.25-202006081518.git.1.478b31a.el8, 4.3.30-202007230708.p0.git.2188.9f34d7f.el8, 4.4.0-202006080017.git.1.32e0736.el8, 4.4.0-202007092124.p0.git.2349.08d34d1.el8, 4.4.0-202008130707.p0.git.2357.47d462a.el8

cri-o (Red Hat package): 1.0.4-2.git4aceede.el7, 1.9.10-1.git8723732.el7, 1.9.12-1.gitfa11beb.el7, 1.9.16-1.git78b2041.el7, 1.9.16-3.git858756d.el7, 1.9.16-5.git858756d.el7, 1.10.5-1.rhaos3.10.git4c81456.el7, 1.10.6-2.rhaos3.10.git56d7d9a.el7, 1.11.5-2.rhaos3.11.git1c8a4b1.el7, 1.11.8-2.rhaos3.11.git71cc465.el7, 1.11.10-1.rhaos3.11.git42c86f0.el7, 1.11.14-1.rhaos3.11.gitd56660e.el7, 1.11.16-0.2.dev.rhaos3.11.git3f89eba.el7, 1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7, 1.11.16-0.9.dev.rhaos3.11.git6d43aae.el7, 1.13.11-0.4.dev.rhaos4.1.git9cb8f2f.el7, 1.13.11-0.7.dev.rhaos4.1.git9cb8f2f.el8, 1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7, 1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8, 1.13.12-6.dev.rhaos4.1.git8abaaeb.el7, 1.13.12-6.dev.rhaos4.1.git8abaaeb.el8_0, 1.14.11-0.17.dev.rhaos4.2.gitc41de67.el7, 1.14.11-0.23.dev.rhaos4.2.gitc41de67.el8, 1.14.12-10.dev.rhaos4.2.git313d784.el8, 1.14.12-19.dev.rhaos4.2.git313d784.el7, 1.16.2-13.dev.rhaos4.3.gita83f883.el7, 1.16.2-15.dev.rhaos4.3.gita83f883.el8, 1.16.3-20.dev.rhaos4.3.git11c04e3.el7, 1.16.3-22.dev.rhaos4.3.git11c04e3.el8, 1.16.3-26.dev.rhaos4.3.git9aad8e4.el7, 1.16.3-28.dev.rhaos4.3.git9aad8e4.el8, 1.16.4-1.dev.rhaos4.3.git9238eee.el7, 1.16.4-1.dev.rhaos4.3.git9238eee.el8, 1.16.6-15.dev.rhaos4.3.gitebc053b.el7, 1.16.6-15.dev.rhaos4.3.gitebc053b.el8, 1.16.6-18.rhaos4.3.git538d861.el7, 1.16.6-18.rhaos4.3.git538d861.el8, 1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7, 1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8, 1.17.4-14.dev.rhaos4.4.gitb93af5d.el7, 1.17.4-14.dev.rhaos4.4.gitb93af5d.el8, 1.17.4-24.rhaos4.4.git73658e6.el7, 1.17.4-24.rhaos4.4.git73658e6.el8

openshift-kuryr (Red Hat package): 4.3.1-202002031701.git.1.cfa4a05.el8, 4.3.3-202002170501.git.1.3b8b4cc.el8, 4.3.5-202003020117.git.0.237579a.el8, 4.3.9-202003230116.git.0.9f1e22e.el8, 4.3.10-202003300855.git.0.07e6ba6.el8, 4.3.25-202006081518.git.1.240b401.el8, 4.4.0-202006080017.git.1.855ef1d.el8, 4.4.0-202008131757.p0.git.1813.8e0365d.el8

openshift (Red Hat package): 4.5.0-202008130146.p0.git.0.aaf1d57.el7, 4.5.0-202008130146.p0.git.0.aaf1d57.el8

CPE External links

https://access.redhat.com/errata/RHBA-2020:4229

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16845

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in "ReadUvarint" and "ReadVarint" in "encoding/binary". A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

openshift-ansible (Red Hat package): 3.2.42-1.git.0.6b09be9.el7, 3.3.149-1.git.0.3859ddb.el7, 3.4.67-1.git.0.14a0b4d.el7, 3.4.89-1.git.0.ac29ce8.el7, 3.4.168-1.git.0.bb73aad.el7, 3.4.172-1.git.0.33fe526.el7, 3.6.173.0.140-1.git.0.0ccb19b.el7, 3.8.44-1.git.0.2bfde74.el7, 3.11.43-1.git.0.fa69a02.el7, 3.11.146-1.git.0.fcedb45.el7, 3.11.248-1.git.0.fd212c7.el7, 4.1.16-201909090609.git.162.a0800db.el7, 4.1.37-202002280447.git.1.bb180eb.el7, 4.2.0-201910111434.git.190.85c9108.el7, 4.2.4-201911010432.git.190.b4a7b0f.el7, 4.2.20-202002140432.git.187.2308b53.el7, 4.3.1-202001310552.git.174.dcdb91b.el7, 4.3.3-202002142331.git.173.bb0b5a1.el7, 4.3.5-202002280657.git.1.e4f02b3.el7, 4.3.9-202003230116.git.0.6124c7d.el7, 4.3.10-202003300415.git.0.6fe3ef9.el7, 4.3.25-202006060952.git.1.1253fde.el7, 4.4.0-202006061254.git.1.a996454.el7

atomic-openshift-service-idler (Red Hat package): 3.11.43-1.git.14.bbbb450.el7, 3.11.146-1.git.1.723cb8d.el7, 3.11.248-1.git.1.4c42a90.el7, 4.2.0-201910101431.git.1.b99e6ee.el7, 4.2.4-201911041319.git.1.4131c2f.el7, 4.2.20-202002170402.git.1.43218bc.el7, 4.3.1-202002031701.git.1.a23cda8.el7, 4.3.3-202002170501.git.1.4feff9c.el7, 4.3.5-202003020117.git.13.3ac2b0e.el7, 4.3.9-202003230116.git.13.7ac3e5c.el7, 4.3.10-202003300415.git.13.ac05c4a.el7, 4.3.25-202006081518.git.1.79365c5.el7, 4.4.0-202006080017.git.1.7e463c3.el7

atomic-enterprise-service-catalog (Red Hat package): 3.11.43-1.git.1671.04b17f5.el7, 3.11.146-1.git.1.3f0869b.el7, 3.11.248-1.git.1.9aad2ef.el7, 4.1.14-201908290858.git.1.28cc9ff.el7, 4.1.16-201909090609.git.1.cc4acc1.el7, 4.1.37-202003020601.git.0.5784dc4.el7, 4.2.0-201910101431.git.1.03fe87b.el7, 4.2.4-201911041319.git.1.1de4bcd.el7, 4.2.20-202002170402.git.1.159e2f5.el7, 4.3.1-202002031701.git.1.095aaf2.el7, 4.3.3-202002170501.git.1.f30799e.el7, 4.3.5-202003020117.git.0.4eb885c.el7, 4.3.9-202003230116.git.0.57d5c98.el7, 4.3.10-202003300415.git.0.68d5fb7.el7, 4.3.25-202006081518.git.1.52b3a66.el7, 4.4.0-202006080017.git.1.77a5cc9.el7

openshift-clients (Red Hat package): 4.2.32-202005020632.git.1.1b0fab9.el8, 4.3.1-202001310552.git.1.075d46a.el7, 4.3.1-202001310552.git.1.075d46a.el8, 4.3.3-202002140552.git.1.ff73b47.el7, 4.3.3-202002140552.git.1.ff73b47.el8, 4.3.5-202002280657.git.1.55a9334.el7, 4.3.5-202002280657.git.1.55a9334.el8, 4.3.7-202003130552.git.0.6027a27.el7, 4.3.7-202003130552.git.0.6027a27.el8, 4.3.9-202003230116.git.0.3d3933c.el7, 4.3.9-202003230116.git.0.3d3933c.el8, 4.3.10-202003300001.git.0.e43c148.el8, 4.3.10-202003300415.git.0.3576c99.el7, 4.3.25-202006060952.git.1.fd93102.el7, 4.3.25-202006060952.git.1.fd93102.el8, 4.3.31-202007250052.p0.git.3329.59998b9.el7, 4.3.31-202007250052.p0.git.3329.59998b9.el8, 4.4.0-202006061254.git.1.26cb6dc.el7, 4.4.0-202006061254.git.1.26cb6dc.el8

machine-config-daemon (Red Hat package): 4.2.0-201907161330.git.1.bf8077c.el8, 4.2.20-202002170402.git.1.a83336a.el8, 4.3.1-202002031701.git.1.0ad9b3b.el8, 4.3.3-202002170501.git.1.6b1b155.el8, 4.3.5-202003020117.git.0.61e0e48.el8, 4.3.9-202003230116.git.0.26e7ac9.el8, 4.3.10-202003300415.git.0.56d6ae0.el8, 4.3.25-202006081518.git.1.478b31a.el8, 4.3.30-202007230708.p0.git.2188.9f34d7f.el8, 4.4.0-202006080017.git.1.32e0736.el8, 4.4.0-202007092124.p0.git.2349.08d34d1.el8, 4.4.0-202008130707.p0.git.2357.47d462a.el8

cri-o (Red Hat package): 1.0.4-2.git4aceede.el7, 1.9.10-1.git8723732.el7, 1.9.12-1.gitfa11beb.el7, 1.9.16-1.git78b2041.el7, 1.9.16-3.git858756d.el7, 1.9.16-5.git858756d.el7, 1.10.5-1.rhaos3.10.git4c81456.el7, 1.10.6-2.rhaos3.10.git56d7d9a.el7, 1.11.5-2.rhaos3.11.git1c8a4b1.el7, 1.11.8-2.rhaos3.11.git71cc465.el7, 1.11.10-1.rhaos3.11.git42c86f0.el7, 1.11.14-1.rhaos3.11.gitd56660e.el7, 1.11.16-0.2.dev.rhaos3.11.git3f89eba.el7, 1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7, 1.11.16-0.9.dev.rhaos3.11.git6d43aae.el7, 1.13.11-0.4.dev.rhaos4.1.git9cb8f2f.el7, 1.13.11-0.7.dev.rhaos4.1.git9cb8f2f.el8, 1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7, 1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8, 1.13.12-6.dev.rhaos4.1.git8abaaeb.el7, 1.13.12-6.dev.rhaos4.1.git8abaaeb.el8_0, 1.14.11-0.17.dev.rhaos4.2.gitc41de67.el7, 1.14.11-0.23.dev.rhaos4.2.gitc41de67.el8, 1.14.12-10.dev.rhaos4.2.git313d784.el8, 1.14.12-19.dev.rhaos4.2.git313d784.el7, 1.16.2-13.dev.rhaos4.3.gita83f883.el7, 1.16.2-15.dev.rhaos4.3.gita83f883.el8, 1.16.3-20.dev.rhaos4.3.git11c04e3.el7, 1.16.3-22.dev.rhaos4.3.git11c04e3.el8, 1.16.3-26.dev.rhaos4.3.git9aad8e4.el7, 1.16.3-28.dev.rhaos4.3.git9aad8e4.el8, 1.16.4-1.dev.rhaos4.3.git9238eee.el7, 1.16.4-1.dev.rhaos4.3.git9238eee.el8, 1.16.6-15.dev.rhaos4.3.gitebc053b.el7, 1.16.6-15.dev.rhaos4.3.gitebc053b.el8, 1.16.6-18.rhaos4.3.git538d861.el7, 1.16.6-18.rhaos4.3.git538d861.el8, 1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7, 1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8, 1.17.4-14.dev.rhaos4.4.gitb93af5d.el7, 1.17.4-14.dev.rhaos4.4.gitb93af5d.el8, 1.17.4-24.rhaos4.4.git73658e6.el7, 1.17.4-24.rhaos4.4.git73658e6.el8

openshift-kuryr (Red Hat package): 4.3.1-202002031701.git.1.cfa4a05.el8, 4.3.3-202002170501.git.1.3b8b4cc.el8, 4.3.5-202003020117.git.0.237579a.el8, 4.3.9-202003230116.git.0.9f1e22e.el8, 4.3.10-202003300855.git.0.07e6ba6.el8, 4.3.25-202006081518.git.1.240b401.el8, 4.4.0-202006080017.git.1.855ef1d.el8, 4.4.0-202008131757.p0.git.1813.8e0365d.el8

openshift (Red Hat package): 4.5.0-202008130146.p0.git.0.aaf1d57.el7, 4.5.0-202008130146.p0.git.0.aaf1d57.el8

CPE External links

https://access.redhat.com/errata/RHBA-2020:4229

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###