- Issued:
- 2018-08-13
- Updated:
- 2018-08-13
RHBA-2018:2383 - Bug Fix Advisory
Synopsis
Update Data Grid 7.1 and 7.2 OpenShift Images to Fix CVE-2018-10897
Type/Severity
Bug Fix Advisory
Topic
This errata fixes CVE-2018-10897 ("yum-utils: reposync: improper path validation may lead to directory traversal").
This errata applies to the Red Hat JBoss Data Grid 7.1 for OpenShift image, Red Hat JBoss Data Grid 7.2 for OpenShift image, and Red Hat JBoss Data Grid 7.1 Client for OpenShift image. These images are supported on Red Hat OpenShift Container Platform versions 3.9 and 3.10.
Description
The JBoss Data Grid 7.1 OpenShift image, JBoss Data Grid 7.2 OpenShift image, and JBoss Data Grid 7.1 Client for OpenShift image require a fix for CVE-2018-10897 ("yum-utils: reposync: improper path validation may lead to directory traversal").
Solution
On your master host(s), log in to the CLI as a cluster
administrator or other user that has project administrator
access to the global "openshift" project. For example,
to log in with the default system:admin user, run the
following command:
$ oc login -u system:admin
Run the following command to update the image
streams in the "openshift" project:
$ for is in jboss-datagrid71-openshift:1.3 \
jboss-datagrid72-openshift:1.0 \
jboss-datagrid71-client-openshift:1.0 ;
do
oc -n openshift import-image ${is}
done
Affected Products
- Red Hat OpenShift Container Platform 3.10 x86_64
- Red Hat OpenShift Container Platform 3.9 x86_64
Fixes
(none)References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.