- Issued:
- 2014-10-14
- Updated:
- 2014-10-14
RHBA-2014:1630 - Bug Fix Advisory
Synopsis
Red Hat OpenShift Enterprise 2.1 jenkins-plugin-openshift bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated jenkins-plugin-openshift and openshift-origin-cartridge-jenkins packages
that fix a bug are now available for Red Hat OpenShift Enterprise 2.1.
Description
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.
This update fixes the following bug:
- Changes to the httpd and mod_ssl packages in Red Hat Enterprise Linux 6.6
caused certain ciphers' key sizes offered during TLS/SSL handshaking to be
larger than the same ciphers' key sizes in previous versions. These larger key
sizes are not supported by the current release of openjdk-1.7.0 and cause an
exception during TLS/SSL handshaking. On OpenShift Enterprise deployments which
had been updated to Red Hat Enterprise Linux 6.6, Jenkins builds failed because
the Jenkins plug-in could not negotiate an SSL connection with the broker REST
API endpoint.
If an updated OpenJDK package newer than java-1.7.0-openjdk-1.7.0.65-2.5.1.2 is
available, then the openjdk-1.7.0 package must be updated. On systems where the
update is either unavailable or otherwise cannot be installed, this bug fix
provides the updated Jenkins cartridge and dependencies to allow the problematic
cipher to be disabled. Users can take advantage of this by checking out the
Jenkins gear repository and adding the "disable_bad_ciphers_yes" marker file. As
a result, Jenkins builds work as before. It is important to note that disabling
the problematic cipher degrades the security of the REST API connections from
the Jenkins gear, and as soon as possible the OpenJDK package must be updated
and the marker file removed from all active Jenkins gears. (BZ#1127667)
All OpenShift Enterprise users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
See the OpenShift Enterprise 2.1 Release Notes, which will be updated shortly
for this advisory, for important instructions on how to fully apply this
asynchronous errata update:
This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258.
Affected Products
- Red Hat OpenShift Enterprise Application Node 2.1 x86_64
Fixes
- BZ - 1127667 - Can not trigger jenkins build on RHEL6.6
CVEs
(none)
References
(none)
Red Hat OpenShift Enterprise Application Node 2.1
| SRPM | |
|---|---|
| jenkins-1.565.3-1.el6op.src.rpm | SHA-256: 01353ef4f415748144d351adbb7e46eac0e7afb8279c93c0b709e8cfae376da5 |
| jenkins-plugin-openshift-0.6.40.1-0.el6op.src.rpm | SHA-256: c9a3a0efab767c61c8e385e6dd751184d49ec0ccc7b9fa26a0f99ff55d5ed572 |
| openshift-origin-cartridge-jenkins-1.20.3.5-1.el6op.src.rpm | SHA-256: dc8bf04df573468b6874b757aa8b7425804269f4e4aac9023b404f3bff9377f3 |
| x86_64 | |
| jenkins-1.565.3-1.el6op.noarch.rpm | SHA-256: 257f05ecc0b9ae80fc227a4bd862658da51fefc9c46ee4de7558868fb3e6370b |
| jenkins-plugin-openshift-0.6.40.1-0.el6op.x86_64.rpm | SHA-256: 8135b88e101fdc333c5561286842d73383cd11863e30c05fb066edaa9ba57139 |
| openshift-origin-cartridge-jenkins-1.20.3.5-1.el6op.noarch.rpm | SHA-256: 492ff20e97f000aaae2a97e30f082f9ae68fd3ae83276c7315d459d6c4083135 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.