Issued:: 2015-09-03
Updated:: 2015-09-03

RHSA-2015:1736 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openshift security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openshift packages that fix one security issue are now
available for Red Hat OpenShift Enterprise 3.0.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-
Service (PaaS) solution designed for on-premise or private cloud
deployments.

Improper error handling in the API server can cause the master process
to crash. A user with network access to the master could cause this to
happen. (CVE-2015-5250)

This issue was discovered by Jordan Liggitt of the Red Hat OpenShift
Enterprise Team.

All OpenShift Enterprise 3.0 users are advised to upgrade to these
updated packages, which correct this issue.

Solution

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.

After running the "yum update" command on each host and ensuring all
packages have been updated, restart the openshift-master service on
the master host:

# systemctl restart openshift-master

Affected Products

Red Hat OpenShift Container Platform 3.0.0.0 x86_64

Fixes

BZ - 1258641 - Malformed JSON can cause API process crash
BZ - 1259867 - CVE-2015-5250 OpenShift: Malformed JSON can cause API process crash

CVEs

CVE-2015-5250

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.0.0.0

SRPM
openshift-3.0.1.0-1.git.529.dcab62c.el7ose.src.rpm	SHA-256: 9b27db65f89b6f240fa6f5ea8b5eb2be38a3d862b0b82e952ab0e62d225eccc5
x86_64
openshift-3.0.1.0-1.git.529.dcab62c.el7ose.x86_64.rpm	SHA-256: 5dd9974d1717f1aa528cd03610ff190f25a09ea256b17849b35341597d55e901
openshift-clients-3.0.1.0-1.git.529.dcab62c.el7ose.x86_64.rpm	SHA-256: 661556ce83cc9eb0dd18c7df7d5add4fca8ccbf4d2d910a6ac4ca9f2cc771a51
openshift-master-3.0.1.0-1.git.529.dcab62c.el7ose.x86_64.rpm	SHA-256: 979fa0b0a34323fa5b019cab0b3a18a0a5c38700d8ab082575ead36f2ec738f5
openshift-node-3.0.1.0-1.git.529.dcab62c.el7ose.x86_64.rpm	SHA-256: 9639d68296c2ad85e4b936f66eb6dc4bd2d4974ff4c293fe1d711410f0a672ee
openshift-sdn-ovs-3.0.1.0-1.git.529.dcab62c.el7ose.x86_64.rpm	SHA-256: ced62f93ead2b67bbc7a4965225567c8e752d102296c27c3962b3ba1a7a7f663
tuned-profiles-openshift-node-3.0.1.0-1.git.529.dcab62c.el7ose.x86_64.rpm	SHA-256: 0d3fdc37b273e9be0ab32d638e8966c1b6aeccb5df71a0513f5ce1be88d73dcb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation