RHSA-2016:0070: Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update
First published: Tue Jan 26 2016(Updated: )
OpenShift Enterprise by Red Hat is the company's cloud computing <br>Platform-as-a-Service (PaaS) solution designed for on-premise or <br>private cloud deployments.<br>The following security issues are addressed with this release:<br>An authorization flaw was discovered in Kubernetes; the API server <br>did not properly check user permissions when handling certain <br>requests. An authenticated remote attacker could use this flaw to <br>gain additional access to resources such as RAM and disk space. <br>(CVE-2016-1905)<br>An authorization flaw was discovered in Kubernetes; the API server <br>did not properly check user permissions when handling certain build-<br>configuration strategies. A remote attacker could create build <br>configurations with strategies that violate policy. Although the <br>attacker could not launch the build themselves (launch fails when <br>the policy is violated), if the build configuration files were later <br>launched by other privileged services (such as automated triggers), <br>user privileges could be bypassed allowing attacker escalation. <br>(CVE-2016-1906)<br>An update for Jenkins Continuous Integration Server that addresses a <br>large number of security issues including XSS, CSRF, information <br>disclosure and code execution have been addressed as well. <br>(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662<br>CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667<br>CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807<br>CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813<br>CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319<br>CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323<br>CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537<br>CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)<br>Space precludes documenting all of the bug fixes and enhancements in <br>this advisory. See the OpenShift Enterprise 3.1 Release Notes, which <br>will be updated shortly for release 3.1.1, for details about these <br>changes:<br><a href="https://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html" target="_blank">https://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html</a> All OpenShift Enterprise 3 users are advised to upgrade to these <br>updated packages.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/atomic-openshift | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/heapster | <0.18.2-3.gitaf4752e.el7a | 0.18.2-3.gitaf4752e.el7a |
| redhat/jenkins | <1.625.3-2.el7a | 1.625.3-2.el7a |
| redhat/nodejs-align-text | <0.1.3-2.el7a | 0.1.3-2.el7a |
| redhat/nodejs-ansi-green | <0.1.1-1.el7a | 0.1.1-1.el7a |
| redhat/nodejs-ansi-wrap | <0.1.0-1.el7a | 0.1.0-1.el7a |
| redhat/nodejs-anymatch | <1.3.0-1.el7a | 1.3.0-1.el7a |
| redhat/nodejs-arr-diff | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-arr-flatten | <1.0.1-1.el7a | 1.0.1-1.el7a |
| redhat/nodejs-array-unique | <0.2.1-1.el7a | 0.2.1-1.el7a |
| redhat/nodejs-arrify | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-async-each | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-binary-extensions | <1.3.1-1.el7a | 1.3.1-1.el7a |
| redhat/nodejs-braces | <1.8.2-2.el7a | 1.8.2-2.el7a |
| redhat/nodejs-capture-stack-trace | <1.0.0-2.el7a | 1.0.0-2.el7a |
| redhat/nodejs-chokidar | <1.4.1-2.el7a | 1.4.1-2.el7a |
| redhat/nodejs-configstore | <1.4.0-1.el7a | 1.4.0-1.el7a |
| redhat/nodejs-create-error-class | <2.0.1-2.el7a | 2.0.1-2.el7a |
| redhat/nodejs-deep-extend | <0.3.2-2.el7a | 0.3.2-2.el7a |
| redhat/nodejs-duplexer | <0.1.1-2.el7a | 0.1.1-2.el7a |
| redhat/nodejs-duplexify | <3.4.2-1.el7a | 3.4.2-1.el7a |
| redhat/nodejs-end-of-stream | <1.1.0-2.el7a | 1.1.0-2.el7a |
| redhat/nodejs-error-ex | <1.2.0-1.el7a | 1.2.0-1.el7a |
| redhat/nodejs-es6-promise | <3.0.2-2.el7a | 3.0.2-2.el7a |
| redhat/nodejs-event-stream | <3.3.2-1.el7a | 3.3.2-1.el7a |
| redhat/nodejs-expand-brackets | <0.1.4-1.el7a | 0.1.4-1.el7a |
| redhat/nodejs-expand-range | <1.8.1-1.el7a | 1.8.1-1.el7a |
| redhat/nodejs-extglob | <0.3.1-1.el7a | 0.3.1-1.el7a |
| redhat/nodejs-filename-regex | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-fill-range | <2.2.3-1.el7a | 2.2.3-1.el7a |
| redhat/nodejs-for-in | <0.1.4-1.el7a | 0.1.4-1.el7a |
| redhat/nodejs-for-own | <0.1.3-1.el7a | 0.1.3-1.el7a |
| redhat/nodejs-from | <0.1.3-2.el7a | 0.1.3-2.el7a |
| redhat/nodejs-glob-base | <0.3.0-1.el7a | 0.3.0-1.el7a |
| redhat/nodejs-glob-parent | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-got | <5.2.1-1.el7a | 5.2.1-1.el7a |
| redhat/nodejs-graceful-fs | <4.1.2-1.el7a | 4.1.2-1.el7a |
| redhat/nodejs-ini | <1.1.0-6.el7a | 1.1.0-6.el7a |
| redhat/nodejs-is-binary-path | <1.0.1-1.el7a | 1.0.1-1.el7a |
| redhat/nodejs-is-dotfile | <1.0.2-1.el7a | 1.0.2-1.el7a |
| redhat/nodejs-is-equal-shallow | <0.1.3-1.el7a | 0.1.3-1.el7a |
| redhat/nodejs-is-extendable | <0.1.1-1.el7a | 0.1.1-1.el7a |
| redhat/nodejs-is-extglob | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-is-glob | <2.0.1-1.el7a | 2.0.1-1.el7a |
| redhat/nodejs-is-npm | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-is-number | <2.1.0-1.el7a | 2.1.0-1.el7a |
| redhat/nodejs-is-plain-obj | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-is-primitive | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-is-redirect | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-is-stream | <1.0.1-2.el7a | 1.0.1-2.el7a |
| redhat/nodejs-isobject | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-kind-of | <3.0.2-1.el7a | 3.0.2-1.el7a |
| redhat/nodejs-latest-version | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-lazy-cache | <1.0.2-1.el7a | 1.0.2-1.el7a |
| redhat/nodejs-lodash.assign | <3.2.0-1.el7a | 3.2.0-1.el7a |
| redhat/nodejs-lodash.baseassign | <3.2.0-1.el7a | 3.2.0-1.el7a |
| redhat/nodejs-lodash.basecopy | <3.0.1-1.el7a | 3.0.1-1.el7a |
| redhat/nodejs-lodash.bindcallback | <3.0.1-1.el7a | 3.0.1-1.el7a |
| redhat/nodejs-lodash.createassigner | <3.1.1-1.el7a | 3.1.1-1.el7a |
| redhat/nodejs-lodash.defaults | <3.1.2-1.el7a | 3.1.2-1.el7a |
| redhat/nodejs-lodash.getnative | <3.9.1-1.el7a | 3.9.1-1.el7a |
| redhat/nodejs-lodash.isarguments | <3.0.4-1.el7a | 3.0.4-1.el7a |
| redhat/nodejs-lodash.isarray | <3.0.4-1.el7a | 3.0.4-1.el7a |
| redhat/nodejs-lodash.isiterateecall | <3.0.9-1.el7a | 3.0.9-1.el7a |
| redhat/nodejs-lodash.keys | <3.1.2-1.el7a | 3.1.2-1.el7a |
| redhat/nodejs-lodash.restparam | <3.6.1-1.el7a | 3.6.1-1.el7a |
| redhat/nodejs-lowercase-keys | <1.0.0-2.el7a | 1.0.0-2.el7a |
| redhat/nodejs-map-stream | <0.1.0-2.el7a | 0.1.0-2.el7a |
| redhat/nodejs-micromatch | <2.3.5-2.el7a | 2.3.5-2.el7a |
| redhat/nodejs-mkdirp | <0.5.0-2.el7a | 0.5.0-2.el7a |
| redhat/nodejs-node-status-codes | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-nodemon | <1.8.1-2.el7a | 1.8.1-2.el7a |
| redhat/nodejs-normalize-path | <2.0.1-1.el7a | 2.0.1-1.el7a |
| redhat/nodejs-object-assign | <4.0.1-1.el7a | 4.0.1-1.el7a |
| redhat/nodejs-object.omit | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-optimist | <0.4.0-5.el7a | 0.4.0-5.el7a |
| redhat/nodejs-os-homedir | <1.0.1-1.el7a | 1.0.1-1.el7a |
| redhat/nodejs-os-tmpdir | <1.0.1-1.el7a | 1.0.1-1.el7a |
| redhat/nodejs-osenv | <0.1.0-2.el7a | 0.1.0-2.el7a |
| redhat/nodejs-package-json | <2.3.0-1.el7a | 2.3.0-1.el7a |
| redhat/nodejs-parse-glob | <3.0.4-1.el7a | 3.0.4-1.el7a |
| redhat/nodejs-parse-json | <2.2.0-2.el7a | 2.2.0-2.el7a |
| redhat/nodejs-pause-stream | <0.0.11-2.el7a | 0.0.11-2.el7a |
| redhat/nodejs-pinkie | <2.0.1-1.el7a | 2.0.1-1.el7a |
| redhat/nodejs-pinkie-promise | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/nodejs-prepend-http | <1.0.1-2.el7a | 1.0.1-2.el7a |
| redhat/nodejs-preserve | <0.2.0-1.el7a | 0.2.0-1.el7a |
| redhat/nodejs-ps-tree | <1.0.1-1.el7a | 1.0.1-1.el7a |
| redhat/nodejs-randomatic | <1.1.5-1.el7a | 1.1.5-1.el7a |
| redhat/nodejs-rc | <1.1.2-1.el7a | 1.1.2-1.el7a |
| redhat/nodejs-read-all-stream | <3.0.1-3.el7a | 3.0.1-3.el7a |
| redhat/nodejs-readdirp | <2.0.0-2.el7a | 2.0.0-2.el7a |
| redhat/nodejs-regex-cache | <0.4.2-1.el7a | 0.4.2-1.el7a |
| redhat/nodejs-registry-url | <3.0.3-1.el7a | 3.0.3-1.el7a |
| redhat/nodejs-repeat-element | <1.1.2-1.el7a | 1.1.2-1.el7a |
| redhat/nodejs-semver | <5.1.0-1.el7a | 5.1.0-1.el7a |
| redhat/nodejs-semver-diff | <2.1.0-1.el7a | 2.1.0-1.el7a |
| redhat/nodejs-slide | <1.1.5-3.el7a | 1.1.5-3.el7a |
| redhat/nodejs-split | <0.3.3-2.el7a | 0.3.3-2.el7a |
| redhat/nodejs-stream-combiner | <0.2.1-2.el7a | 0.2.1-2.el7a |
| redhat/nodejs-string-length | <1.0.1-1.el7a | 1.0.1-1.el7a |
| redhat/nodejs-strip-json-comments | <1.0.2-2.el7a | 1.0.2-2.el7a |
| redhat/nodejs-success-symbol | <0.1.0-1.el7a | 0.1.0-1.el7a |
| redhat/nodejs-through | <2.3.4-4.el7a | 2.3.4-4.el7a |
| redhat/nodejs-timed-out | <2.0.0-3.el7a | 2.0.0-3.el7a |
| redhat/nodejs-touch | <1.0.0-2.el7a | 1.0.0-2.el7a |
| redhat/nodejs-undefsafe | <0.0.3-1.el7a | 0.0.3-1.el7a |
| redhat/nodejs-unzip-response | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-update-notifier | <0.6.0-1.el7a | 0.6.0-1.el7a |
| redhat/nodejs-url-parse-lax | <1.0.0-1.el7a | 1.0.0-1.el7a |
| redhat/nodejs-uuid | <2.0.1-1.el7a | 2.0.1-1.el7a |
| redhat/nodejs-write-file-atomic | <1.1.2-2.el7a | 1.1.2-2.el7a |
| redhat/nodejs-xdg-basedir | <2.0.0-1.el7a | 2.0.0-1.el7a |
| redhat/openshift-ansible | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openvswitch | <2.4.0-1.el7 | 2.4.0-1.el7 |
| redhat/origin-kibana | <0.5.0-1.el7a | 0.5.0-1.el7a |
| redhat/atomic-openshift-clients | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-clients-redistributable | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-dockerregistry | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-master | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-node | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-pod | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-recycle | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-sdn-ovs | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
| redhat/atomic-openshift-utils | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openshift-ansible-docs | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openshift-ansible-filter-plugins | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openshift-ansible-lookup-plugins | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openshift-ansible-playbooks | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openshift-ansible-roles | <3.0.35-1.git.0.6a386dd.el7a | 3.0.35-1.git.0.6a386dd.el7a |
| redhat/openvswitch | <2.4.0-1.el7 | 2.4.0-1.el7 |
| redhat/openvswitch-debuginfo | <2.4.0-1.el7 | 2.4.0-1.el7 |
| redhat/openvswitch-devel | <2.4.0-1.el7 | 2.4.0-1.el7 |
| redhat/openvswitch-test | <2.4.0-1.el7 | 2.4.0-1.el7 |
| redhat/python-openvswitch | <2.4.0-1.el7 | 2.4.0-1.el7 |
| redhat/tuned-profiles-atomic-openshift-node | <3.1.1.6-1.git.0.b57e8bd.el7a | 3.1.1.6-1.git.0.b57e8bd.el7a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=974814
- https://bugzilla.redhat.com/show_bug.cgi?id=1063099
- https://bugzilla.redhat.com/show_bug.cgi?id=1147758
- https://bugzilla.redhat.com/show_bug.cgi?id=1147759
- https://bugzilla.redhat.com/show_bug.cgi?id=1147764
- https://bugzilla.redhat.com/show_bug.cgi?id=1147765
- https://bugzilla.redhat.com/show_bug.cgi?id=1147766
- https://bugzilla.redhat.com/show_bug.cgi?id=1147769
- https://bugzilla.redhat.com/show_bug.cgi?id=1147770
- https://bugzilla.redhat.com/show_bug.cgi?id=1148645
- https://bugzilla.redhat.com/show_bug.cgi?id=1205615
- https://bugzilla.redhat.com/show_bug.cgi?id=1205616
- https://bugzilla.redhat.com/show_bug.cgi?id=1205620
- https://bugzilla.redhat.com/show_bug.cgi?id=1205622
- https://bugzilla.redhat.com/show_bug.cgi?id=1205623
- https://bugzilla.redhat.com/show_bug.cgi?id=1205627
- https://bugzilla.redhat.com/show_bug.cgi?id=1243514
- https://bugzilla.redhat.com/show_bug.cgi?id=1247523
- https://bugzilla.redhat.com/show_bug.cgi?id=1254880
- https://bugzilla.redhat.com/show_bug.cgi?id=1256869
- https://bugzilla.redhat.com/show_bug.cgi?id=1268478
- https://bugzilla.redhat.com/show_bug.cgi?id=1273739
- https://bugzilla.redhat.com/show_bug.cgi?id=1277329
- https://bugzilla.redhat.com/show_bug.cgi?id=1277383
- https://bugzilla.redhat.com/show_bug.cgi?id=1277608
- https://bugzilla.redhat.com/show_bug.cgi?id=1278232
- https://bugzilla.redhat.com/show_bug.cgi?id=1278630
- https://bugzilla.redhat.com/show_bug.cgi?id=1279404
- https://bugzilla.redhat.com/show_bug.cgi?id=1279744
- https://bugzilla.redhat.com/show_bug.cgi?id=1279925
- https://bugzilla.redhat.com/show_bug.cgi?id=1280216
- https://bugzilla.redhat.com/show_bug.cgi?id=1280497
- https://bugzilla.redhat.com/show_bug.cgi?id=1282359
- https://bugzilla.redhat.com/show_bug.cgi?id=1282361
- https://bugzilla.redhat.com/show_bug.cgi?id=1282362
- https://bugzilla.redhat.com/show_bug.cgi?id=1282363
- https://bugzilla.redhat.com/show_bug.cgi?id=1282364
- https://bugzilla.redhat.com/show_bug.cgi?id=1282365
- https://bugzilla.redhat.com/show_bug.cgi?id=1282366
- https://bugzilla.redhat.com/show_bug.cgi?id=1282367
- https://bugzilla.redhat.com/show_bug.cgi?id=1282368
- https://bugzilla.redhat.com/show_bug.cgi?id=1282369
- https://bugzilla.redhat.com/show_bug.cgi?id=1282371
- https://bugzilla.redhat.com/show_bug.cgi?id=1282426
- https://bugzilla.redhat.com/show_bug.cgi?id=1282738
- https://bugzilla.redhat.com/show_bug.cgi?id=1283952
- https://bugzilla.redhat.com/show_bug.cgi?id=1284506
- https://bugzilla.redhat.com/show_bug.cgi?id=1287414
- https://bugzilla.redhat.com/show_bug.cgi?id=1287943
- https://bugzilla.redhat.com/show_bug.cgi?id=1288014
- https://bugzilla.redhat.com/show_bug.cgi?id=1289603
- https://bugzilla.redhat.com/show_bug.cgi?id=1289965
- https://bugzilla.redhat.com/show_bug.cgi?id=1290643
- https://bugzilla.redhat.com/show_bug.cgi?id=1290967
- https://bugzilla.redhat.com/show_bug.cgi?id=1291795
- https://bugzilla.redhat.com/show_bug.cgi?id=1291797
- https://bugzilla.redhat.com/show_bug.cgi?id=1291798
- https://bugzilla.redhat.com/show_bug.cgi?id=1292621
- https://bugzilla.redhat.com/show_bug.cgi?id=1293251
- https://bugzilla.redhat.com/show_bug.cgi?id=1293252
- https://bugzilla.redhat.com/show_bug.cgi?id=1293829
- https://bugzilla.redhat.com/show_bug.cgi?id=1293877
- https://bugzilla.redhat.com/show_bug.cgi?id=1294115
- https://bugzilla.redhat.com/show_bug.cgi?id=1294798
- https://bugzilla.redhat.com/show_bug.cgi?id=1296457
- https://bugzilla.redhat.com/show_bug.cgi?id=1297910
- https://bugzilla.redhat.com/show_bug.cgi?id=1297916
- http://www.redhat.com/security/updates/classification/#normal
- https://access.redhat.com/errata/RHSA-2016:0070 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2016:0070
- agent/software-canonical-lookup
- package-manager/redhat