Red Hat Product Errata RHBA-2014:1630 - Bug Fix Advisory
Issued:
2014-10-14
Updated:
2014-10-14

RHBA-2014:1630 - Bug Fix Advisory

Synopsis

Red Hat OpenShift Enterprise 2.1 jenkins-plugin-openshift bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated jenkins-plugin-openshift and openshift-origin-cartridge-jenkins packages
that fix a bug are now available for Red Hat OpenShift Enterprise 2.1.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.

This update fixes the following bug:

  • Changes to the httpd and mod_ssl packages in Red Hat Enterprise Linux 6.6

caused certain ciphers' key sizes offered during TLS/SSL handshaking to be
larger than the same ciphers' key sizes in previous versions. These larger key
sizes are not supported by the current release of openjdk-1.7.0 and cause an
exception during TLS/SSL handshaking. On OpenShift Enterprise deployments which
had been updated to Red Hat Enterprise Linux 6.6, Jenkins builds failed because
the Jenkins plug-in could not negotiate an SSL connection with the broker REST
API endpoint.

If an updated OpenJDK package newer than java-1.7.0-openjdk-1.7.0.65-2.5.1.2 is
available, then the openjdk-1.7.0 package must be updated. On systems where the
update is either unavailable or otherwise cannot be installed, this bug fix
provides the updated Jenkins cartridge and dependencies to allow the problematic
cipher to be disabled. Users can take advantage of this by checking out the
Jenkins gear repository and adding the "disable_bad_ciphers_yes" marker file. As
a result, Jenkins builds work as before. It is important to note that disabling
the problematic cipher degrades the security of the REST API connections from
the Jenkins gear, and as soon as possible the OpenJDK package must be updated
and the marker file removed from all active Jenkins gears. (BZ#1127667)

All OpenShift Enterprise users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

See the OpenShift Enterprise 2.1 Release Notes, which will be updated shortly
for this advisory, for important instructions on how to fully apply this
asynchronous errata update:

https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/2/html-single/2.1_Release_Notes/index.html#chap-Asynchronous_Errata_Updates

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258.

Affected Products

  • Red Hat OpenShift Enterprise Application Node 2.1 x86_64

Fixes

CVEs

(none)

References

(none)

Red Hat OpenShift Enterprise Application Node 2.1

SRPM
jenkins-1.565.3-1.el6op.src.rpm SHA-256: 01353ef4f415748144d351adbb7e46eac0e7afb8279c93c0b709e8cfae376da5
jenkins-plugin-openshift-0.6.40.1-0.el6op.src.rpm SHA-256: c9a3a0efab767c61c8e385e6dd751184d49ec0ccc7b9fa26a0f99ff55d5ed572
openshift-origin-cartridge-jenkins-1.20.3.5-1.el6op.src.rpm SHA-256: dc8bf04df573468b6874b757aa8b7425804269f4e4aac9023b404f3bff9377f3
x86_64
jenkins-1.565.3-1.el6op.noarch.rpm SHA-256: 257f05ecc0b9ae80fc227a4bd862658da51fefc9c46ee4de7558868fb3e6370b
jenkins-plugin-openshift-0.6.40.1-0.el6op.x86_64.rpm SHA-256: 8135b88e101fdc333c5561286842d73383cd11863e30c05fb066edaa9ba57139
openshift-origin-cartridge-jenkins-1.20.3.5-1.el6op.noarch.rpm SHA-256: 492ff20e97f000aaae2a97e30f082f9ae68fd3ae83276c7315d459d6c4083135

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.