- Issued:
- 2016-07-14
- Updated:
- 2016-07-14
RHSA-2016:1427 - Security Advisory
Synopsis
Important: atomic-openshift security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Security Fix(es):
- The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information. (CVE-2016-5392)
This issue was discovered by Yanping Zhang (Red Hat).
This updates includes the following images:
openshift3/openvswitch:v3.2.1.7-1
openshift3/ose-pod:v3.2.1.7-1
openshift3/ose:v3.2.1.7-1
openshift3/ose-docker-registry:v3.2.1.7-1
openshift3/ose-keepalived-ipfailover:v3.2.1.7-1
openshift3/ose-recycler:v3.2.1.7-1
openshift3/ose-f5-router:v3.2.1.7-1
openshift3/ose-deployer:v3.2.1.7-1
openshift3/node:v3.2.1.7-1
openshift3/ose-sti-builder:v3.2.1.7-1
openshift3/ose-docker-builder:v3.2.1.7-1
openshift3/ose-haproxy-router:v3.2.1.7-1
All OpenShift Enterprise 3 users are advised to upgrade to these updated
packages and images.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenShift Container Platform 3.2 x86_64
Fixes
(none)CVEs
References
Red Hat OpenShift Container Platform 3.2
| SRPM | |
|---|---|
| atomic-openshift-3.2.1.7-1.git.0.2702170.el7.src.rpm | SHA-256: 3d035594bb8b40c8693e589860181b0b46632f95098677e11be4f57b9504572b |
| x86_64 | |
| atomic-openshift-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: af63ac609315a41805c8232c1816ac8b5336c410290cfde7c067537fe461df61 |
| atomic-openshift-clients-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: 2cb6603904137315af0830399db97f7e79d8b82f0814e1ba609f45fa248cc65d |
| atomic-openshift-clients-redistributable-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: 32651fc1d4f42f113aa0feb3a2ce96431f69ca98508b81a52c28aa4a54f1b354 |
| atomic-openshift-dockerregistry-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: 6675ee139054348b6865cdb4030a2a18c65c7bec0ca9b030d797486c92f6b6ca |
| atomic-openshift-master-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: cb01bf6d117722b1c019d2de912f88b1140ee823e4e9273b5fd8ebb902704631 |
| atomic-openshift-node-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: b344b22a0a0b2821b91472a6df0b0c6c0321dd64bdbb8ac4b9688407e81cf137 |
| atomic-openshift-pod-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: 00078cba38ad0cda20aaef01be658f10a23cece1e8b969192b63f1d46b7e0fb5 |
| atomic-openshift-recycle-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: e0936e2571ecf822ddf85a6be19e7ba5549f6b47591908bdfc251dbb7509ad6c |
| atomic-openshift-sdn-ovs-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: a72fa765fc0ebcf34389e2c9d012a5121131fc2257a54050a65fb5d497af632f |
| atomic-openshift-tests-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: 25568f8fc678082817c191636e49c4c2007527e3377a13d28302fb1f7c46a91c |
| tuned-profiles-atomic-openshift-node-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm | SHA-256: 584156542248e4079c6c0a9f67eab454cc322e1028238f96f26c38c84359068d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.