Description:

Red hat has released security updates to address multiple vulnerabilities in the following products:

• openshift-enterprise-ansible-operator-container
  • Red Hat OpenShift Container Platform 4.2 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.2 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.2 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.2 for RHEL 7 s390x
• qemu-kvm
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• penshift-enterprise-hyperkube-container
  • Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
• OpenShift Container Platform
  • Red Hat OpenShift Container Platform 3.11 x86_64
  • Red Hat OpenShift Container Platform for Power 3.11 ppc64le

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• Execute arbitrary code remotely
• Denial of Service (DoS)
• Memory Corruption
• Memory Execution

Best practice and Recommendations:

The CERT team encourages users to apply the necessary updates according to the links below:

• https://access.redhat.com/errata/RHSA-2020:1280
• https://access.redhat.com/errata/RHSA-2020:1403
• https://access.redhat.com/errata/RHSA-2020:1277
• https://access.redhat.com/errata/RHSA-2020:1287