- Issued:
- 2016-10-05
- Updated:
- 2016-10-05
RHBA-2016:2010 - Bug Fix Advisory
Synopsis
OpenShift Container Platform logging-elasticsearch bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated logging-elasticsearch container images that fix a bug are now available for Red Hat OpenShift Container Platform 3.1 and 3.2.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This update fixes the following bug:
- The OpenShift-Elasticsearch-Plugin did not remove the .all Kibana mapping for users that were cluster-admin but then had the role reverted. If a user was no longer a cluster-admin, they could still be able to view the .all Kibana mapping. They would not be able to see the logs for projects they did not have access to, but they would still incorrectly see the mapping. This bug fix updates the OpenShift-Elasticsearch-Plugin to remove the .all Kibana mapping to users that are not cluster-admin. As a result, non-cluster-admin users are not able to see the .all mapping if they are no longer cluster-admin. (BZ#1378702)
This advisory contains the RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2016:2011
All OpenShift Container Platform 3 users are advised to upgrade to these updated images.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update your logging stack to use these latest images, see the following "Upgrading the EFK Logging Stack" manual upgrade documentation that relates to your installed version of OpenShift Container Platform.
For OpenShift Container Platform 3.2:
For OpenShift Container Platform 3.1:
Affected Products
- Red Hat OpenShift Container Platform 3.3 x86_64
- Red Hat OpenShift Container Platform 3.1 x86_64
Fixes
- BZ - 1378702 - .all index is visible to ordinary user
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.3
| SRPM | |
|---|---|
| openshift-elasticsearch-plugin-0.17.0.redhat_1-1.el7.src.rpm | SHA-256: a6cd984060d58bbbaf127092dba84bc53bc006f5c3eb8997659ab83122264de6 |
| x86_64 | |
| openshift-elasticsearch-plugin-0.17.0.redhat_1-1.el7.noarch.rpm | SHA-256: 65b01b5322f74c122edc7caccd62fa157c4e6629b02c0e974d837db3e5eb9826 |
Red Hat OpenShift Container Platform 3.2
| SRPM | |
|---|---|
| openshift-elasticsearch-plugin-0.17.0.redhat_1-1.el7.src.rpm | SHA-256: a6cd984060d58bbbaf127092dba84bc53bc006f5c3eb8997659ab83122264de6 |
| x86_64 | |
Red Hat OpenShift Container Platform 3.1
| SRPM | |
|---|---|
| openshift-elasticsearch-plugin-0.17.0.redhat_1-1.el7.src.rpm | SHA-256: a6cd984060d58bbbaf127092dba84bc53bc006f5c3eb8997659ab83122264de6 |
| x86_64 | |
| openshift-elasticsearch-plugin-0.17.0.redhat_1-1.el7.noarch.rpm | SHA-256: 65b01b5322f74c122edc7caccd62fa157c4e6629b02c0e974d837db3e5eb9826 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
