What is the severity of RHSA-2016:0351?

The severity of RHSA-2016:0351 is classified as moderate due to the potential for unauthorized access.

How do I fix RHSA-2016:0351?

To fix RHSA-2016:0351, upgrade your affected OpenShift packages to version 3.0.2.0-0.git.45.423f434.el7.

What systems are affected by RHSA-2016:0351?

RHSA-2016:0351 affects multiple OpenShift packages including openshift, openshift-clients, openshift-master, openshift-node, and others.

What type of vulnerability is addressed in RHSA-2016:0351?

RHSA-2016:0351 addresses an authorization flaw in Kubernetes that impacts API server user permissions.

Is there a workaround for RHSA-2016:0351?

While the primary solution is to upgrade to the specified version, implementing strict access controls can help mitigate risks from RHSA-2016:0351.

Vulnerability/
RHSA-2016:0351

3/3/2016

RHSA-2016:0351: Moderate: kubernetes security update

First published: Thu Mar 03 2016(Updated: )

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905) An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation. (CVE-2016-1906) All OpenShift Enterprise 3.0 users are advised to upgrade to these updated packages.

Affected Software	Affected Version	How to fix
redhat/openshift	<3.0.2.0-0.git.45.423f434.el7	3.0.2.0-0.git.45.423f434.el7
redhat/openshift-clients	<3.0.2.0-0.git.45.423f434.el7	3.0.2.0-0.git.45.423f434.el7
redhat/openshift-master	<3.0.2.0-0.git.45.423f434.el7	3.0.2.0-0.git.45.423f434.el7
redhat/openshift-node	<3.0.2.0-0.git.45.423f434.el7	3.0.2.0-0.git.45.423f434.el7
redhat/openshift-sdn-ovs	<3.0.2.0-0.git.45.423f434.el7	3.0.2.0-0.git.45.423f434.el7
redhat/tuned-profiles-openshift-node	<3.0.2.0-0.git.45.423f434.el7	3.0.2.0-0.git.45.423f434.el7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2016:0351?
The severity of RHSA-2016:0351 is classified as moderate due to the potential for unauthorized access.
How do I fix RHSA-2016:0351?
To fix RHSA-2016:0351, upgrade your affected OpenShift packages to version 3.0.2.0-0.git.45.423f434.el7.
What systems are affected by RHSA-2016:0351?
RHSA-2016:0351 affects multiple OpenShift packages including openshift, openshift-clients, openshift-master, openshift-node, and others.
What type of vulnerability is addressed in RHSA-2016:0351?
RHSA-2016:0351 addresses an authorization flaw in Kubernetes that impacts API server user permissions.
Is there a workaround for RHSA-2016:0351?
While the primary solution is to upgrade to the specified version, implementing strict access controls can help mitigate risks from RHSA-2016:0351.

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2016:0351
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat