Issued:: 2019-05-20
Updated:: 2019-05-20

RHSA-2019:1245 - Moderate: Red Hat Quay 3.0.2 security and bug fix update

Synopsis

Moderate: Red Hat Quay 3.0.2 security and bug fix update

Type/Severity

Security Advisory Moderate

Topic

An update is now available for Red Hat Quay 3.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat Quay is a secure, private container registry that builds, analyzes and distributes container images. It provides a high level of automation and customization.

Description

Security Fix(es):

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

Bug Fix(es):

Running Quay in config mode now works in a disconnected option which doesn't require pulling resources from the Internet.
Quay's security scan endpoint is now enabled at startup for viewing results of Clair container image scans.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Product	Version	Arch
Red Hat Quay Enterprise	3	x86_64

Fixes

CVEs

CVE-2016-2183

References

https://access.redhat.com/security/updates/classification/#moderate

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.