Issued:: 2015-12-03
Updated:: 2015-12-03

RHSA-2015:2544 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openshift security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openshift packages that fix one security issue are now
available for Red Hat OpenShift Enterprise 3.0 and 3.1.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

It was found that OpenShift's API back end did not verify requests for
pod log locations, allowing a pod on a Node to request logs for any
other pod on that Node. A remote attacker could use this flaw to view
sensitive information via pod logs that they would normally not have
access to. (CVE-2015-7528)

This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.

All OpenShift Enterprise 3.0 and 3.1 users are advised to upgrade to
these updated packages, which correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenShift Container Platform 3.1 x86_64
Red Hat OpenShift Container Platform 3.0.0.0 x86_64

Fixes

BZ - 1286745 - CVE-2015-7528 OpenShift: pod log location must validate container if provided

CVEs

CVE-2015-7528

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.1

SRPM
atomic-openshift-3.1.0.4-1.git.15.5e061c3.el7aos.src.rpm	SHA-256: ecdbd9e59ecbcce1d57b4894ab2ba9c348af3d6f733ce688b631436f129f0d4b
x86_64
atomic-openshift-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: 175673954df1b56fdcc2b898eac1f38f768db58d50497557e94c481324814c00
atomic-openshift-clients-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: 8c1fc4ef9a4b2ed4b96564bc8d71a2f28fb06bedc3a5c3b5ed749248d15ff00e
atomic-openshift-clients-redistributable-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: 08bb678e397d14bf185fed8a96c9b203484e24bd1bbc32fed2d2c399a74ae77e
atomic-openshift-dockerregistry-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: 9354daa825296b79728f7f941049d465b34a62abcb80436cd5b79e8edc038f75
atomic-openshift-master-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: d89a43c7403f0c7399e3f37238211d5dd66aa96461515283db50cc9172099b22
atomic-openshift-node-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: c6c6ebc532f3f19fbdd4184c3cfdee7665be76734bac60406c91e36067849ea6
atomic-openshift-pod-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: dc38904a78c7f8d020b876f9aaacb5dce134e109ba291359d10bc3c869ca4310
atomic-openshift-recycle-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: 43f72ef63868f716836fef4976222923026ff797122853c703c291d20b4d6753
atomic-openshift-sdn-ovs-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: ffb219075111b78d555c93dbfa06836313981839d1d125be1d0ca50e2e8edc7d
tuned-profiles-atomic-openshift-node-3.1.0.4-1.git.15.5e061c3.el7aos.x86_64.rpm	SHA-256: aac0bd3b88b135cfe76739e85754bdb3954ee32a7e9a1d14c7c81fe5e3839aa8

Red Hat OpenShift Container Platform 3.0.0.0

SRPM
openshift-3.0.2.0-0.git.38.7576bc5.el7ose.src.rpm	SHA-256: 79ff43f96bf54b6914b296d964c5d6022633bb3826ff71f706894c3bc4502ed2
x86_64
openshift-3.0.2.0-0.git.38.7576bc5.el7ose.x86_64.rpm	SHA-256: d88d1084bb5585e43aefe8f0302d2d0601d175d39269431663b58799a2cc09fd
openshift-clients-3.0.2.0-0.git.38.7576bc5.el7ose.x86_64.rpm	SHA-256: 0f231c6adda158961bfcd5b83e271411c4afd68be60885e906a49bbf228bd1cc
openshift-master-3.0.2.0-0.git.38.7576bc5.el7ose.x86_64.rpm	SHA-256: 14a29a950d582153455e496ae106513d4fc5f1c24f43c862876ecc15bacfb012
openshift-node-3.0.2.0-0.git.38.7576bc5.el7ose.x86_64.rpm	SHA-256: 112e6d161ece3f33b4263c4cb89f4c6c7c67695eeb5a47349f4e1dfba5660b0b
openshift-sdn-ovs-3.0.2.0-0.git.38.7576bc5.el7ose.x86_64.rpm	SHA-256: 549629e8d9550943f085dd52fba1465021cc0d6e27e7ef9e0a77bf569afc7c44
tuned-profiles-openshift-node-3.0.2.0-0.git.38.7576bc5.el7ose.x86_64.rpm	SHA-256: 37a68950dbc191286d544ecdab846d676c21480375065def31dc4b783835f22e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation