RHBA-2016:1023 - Bug Fix Advisory

Topic

Updated logging images and packages that fix a bug are now available for Red Hat OpenShift Enterprise 3.1.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This update fixes the following bug:

• On clusters configured to use aggregated logging, users were able to access logs of a deleted namespace if recreated with the same name, regardless of whether they were the previous owner. Because users should be restricted only to logs generated from the pods created in their new namespace, the logging images have been updated to fix this issue. (BZ#1316216)

This update includes the following images:

openshift3/logging-deployment:3.1.1-16
openshift3/logging-elasticsearch:3.1.1-10
openshift3/logging-fluentd:3.1.1-10
aep3_beta/logging-deployment:3.1.1-16
aep3_beta/logging-elasticsearch:3.1.1-10
aep3_beta/logging-fluentd:3.1.1-10

All OpenShift Enterprise 3 users are advised to upgrade to these updated images and packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update your logging stack to use these latest OpenShift Enterprise 3.1 images, see the following "Upgrading the EFK Logging Stack" manual upgrade documentation:

https://docs.openshift.com/enterprise/3.1/install_config/upgrading/manual_upgrades.html#manual-upgrading-efk-logging-stack

Affected Products

• Red Hat OpenShift Container Platform 3.1 x86_64

Fixes

• BZ - 1316216 - Logging is not restricted to to current owner/group of a namespace

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal