Red Hat Security Advisory 2021-0949-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: Red Hat OpenShift Do openshift/odo-init-image 1.1.3 security update
Advisory ID: RHSA-2021:0949-01
Product: OpenShift Do
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0949
Issue date: 2021-03-22
Keywords: odo, developer, cli, iterative development, containers, openshift, kubernetes
CVE Names: CVE-2018-20843 CVE-2019-5094 CVE-2019-5188
CVE-2019-11719 CVE-2019-11727 CVE-2019-11756
CVE-2019-12749 CVE-2019-14866 CVE-2019-15903
CVE-2019-17006 CVE-2019-17023 CVE-2019-17498
CVE-2019-19956 CVE-2019-20388 CVE-2019-20907
CVE-2020-1971 CVE-2020-6829 CVE-2020-7595
CVE-2020-8177 CVE-2020-12243 CVE-2020-12400
CVE-2020-12401 CVE-2020-12402 CVE-2020-12403
====================================================================
1. Summary:

Updated openshift/odo-init-image container image is now available for Red
Hat Openshift Do 1.0.

2. Description:

Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create,
build, and deploy applications on OpenShift. The odo tool is completely
client-based and requires no server within the OpenShift cluster for
deployment. It detects changes to local code and deploys it to the cluster
automatically, giving instant feedback to validate changes in real-time. It
supports multiple programming languages and frameworks.

Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image
that is used as part of the InitContainer setup that provisions odo
components.

The advisory addresses the following issues:

* Re-release of odo-init-image 1.1.3 for security updates

3. Solution:

Download and install a new CLI binary by following the instructions linked
from the References section.

4. Bugs fixed (https://bugzilla.redhat.com/):

1832983 – Release of 1.1.3 odo-init-image

5. References:

https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-5094
https://access.redhat.com/security/cve/CVE-2019-5188
https://access.redhat.com/security/cve/CVE-2019-11719
https://access.redhat.com/security/cve/CVE-2019-11727
https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2019-12749
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2019-17023
https://access.redhat.com/security/cve/CVE-2019-17498
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-6829
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-12243
https://access.redhat.com/security/cve/CVE-2020-12400
https://access.redhat.com/security/cve/CVE-2020-12401
https://access.redhat.com/security/cve/CVE-2020-12402
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/updates/classification/#low
https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBYFhtvtzjgjWX9erEAQhdHg/7BWivBhQJI+Bs6OfgypsaRpNVq0hp0rXN
DndSw2nut3kk4wvH3pi6sSClKT1exuoKVeQ/6sSnxMgvUgz1nCkHYBY5MuC1bu3X
/I/Ct0RM1aLRE7f/2P2q9sZXKuZO2gKcl6QwW/5k5mJGY0Pj1h+c4EAipA5srbp+
A0KrVFlv95jpqydmyQj2LbxcKguJEcyU/+safTL3BXAT196BwHel35ZJPjnGkb+K
vT9Rr67jmCE474C5MFVDsGrWejqtBqwS38AU4hBlPLEX7wUCYBBzCqxU4TuBLds/
dpGb8OmVFkeARsClPd9+a6g4lCQmwnarndjRT9r2GCaxpn2oGrqGXMOcJglx6CNY
qzoAKQCkz22W037vbmBTMFh5VVELNjhO0Zh0gmL8Dy9gmwRK7oSCIiSfO9944Bwf
YHxnP63IUnznB7ZpeyrSzVhRhZ/PbOoFXJ+gG0vg/T5M024yuNiK2Z3ghPvhcT26
+bXBFWHK+KAHAnoZJajXqsdUGPlSB8PAfwt4bkjReDfG7VNFctOlmjjNkyVkVBG5
ToO3KjH+oU2k5/ww5EbVR74yP1lAEAnafmOa6XfF7UFuCi91maxrLmgmaUjz/ibi
UKbkmtcWNgFhJ3GB4Tp7tohxZZk6Nyu/x9VXg+kPyTc/bISe2GgA3ER82ZE5BxDw
fGiplxCJYtQ=VXNN
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce