RHSA-2020:1287CriticalCVSS 8.8
Red Hat Security Advisory: OpenShift Container Platform 3.11 security update
🔗 CVE IDs covered (3)
📋 Description
CVE-2019-18277 — haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value CVE-2019-19330 — haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks CVE-2020-11100 — haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2020:1287
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1759697
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1777584
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1819111
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1287.json