Main Vulnerability Database SB2019092702

SB2019092702 - Red Hat update for OpenShift Container Platform 4.1.18

Published: September 27, 2019

Security Bulletin ID SB2019092702

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2016-2183)

The vulnerability allows a remote attacker to decrypt transmitted data.

The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.

Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2019:2859