SB2020021333 - Multiple vulnerabilities in Red Hat OpenShift Container Platform

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2019-13734)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in SQLite database engine. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds write and execute arbitrary code on the target system.

2) Incorrect default permissions (CVE-ID: CVE-2019-19335)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application during installation of an OpenShift 4 cluster. The `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:0476
• https://access.redhat.com/errata/RHSA-2020:0463