Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2016:2915 - Security Advisory
Issued:
2016-12-07
Updated:
2016-12-07

RHSA-2016:2915 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: atomic-openshift security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for atomic-openshift is now available for Red Hat OpenShift
Container Platform 3.1, 3.2, and 3.3.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform releases 3.3.1.7, 3.2.1.21, and 3.1.1.10. See the following
advisory for the container images for these releases:

https://access.redhat.com/errata/RHBA-2016:2916

Security Fix(es):

  • An input validation flaw was found in the way OpenShift handles requests

for images. A user, with a copy of the manifest associated with an image,
can pull an image even if they do not have access to the image normally,
resulting in the disclosure of any information contained within the image.
(CVE-2016-8651)

Bug Fix(es) for OpenShift Container Platform 3.3:

  • Previously when rapidly updating multiple namespaces

controlled by a single ClusterResourceQuota, the status.total.used can get
out of sync with the sum of the status.namespaces[*].used. This bug fix
ensures the ClusterResourceQuota objects are properly updated. (BZ#1400200)

  • When using the `oc new-app --search` command in an environment where

OpenShift Container Platform (OCP) could not reach Docker Hub, the command
failed for any query. OCP now prints a warning and continues with what was
found in other sources. (BZ#1388524)

  • The OpenShift Container Platform node daemon did not recover properly

from restarts, and it lost information about attached and mounted volumes.
In rare cases, the daemon deleted all data on a mounted volume, thinking
that it has been already unmounted while it was only missing its node's
cache. This bug fix ensures node caches are recovered after restarts, and
as a result no data loss occurs on the mounted volumes. (BZ#1398417)

  • Previously, ScheduledJobs were not cleaned up on project deletion. If a

new project was created with the same project name, the previously-defined
ScheduledJobs would re-appear. This bug fix ensures ScheduledJobs are
removed when a project is removed. (BZ#1399700)

Bug Fix(es) for OpenShift Container Platform 3.2:

  • When using the `oc new-app --search` command in an environment where

OpenShift Container Platform (OCP) could not reach Docker Hub, the command
failed for any query. OCP now prints a warning and continues with what was
found in other sources. (BZ#1388522)

All OpenShift Container Platform users are advised to upgrade to these
updated packages and images.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To apply this update, see the following cluster upgrade documentation that
relates to your installed version of OpenShift Container Platform.

For OpenShift Container Platform 3.3:

https://docs.openshift.com/container-platform/3.3/install_config/upgrading/automated_upgrades.html#upgrading-to-ocp-3-3-asynchronous-releases

For OpenShift Container Platform 3.2:

https://docs.openshift.com/enterprise/3.2/install_config/upgrading/automated_upgrades.html#upgrading-to-openshift-enterprise-3-2-asynchronous-releases

For OpenShift Container Platform 3.1:

https://docs.openshift.com/enterprise/3.1/install_config/upgrading/automated_upgrades.html#upgrading-to-openshift-enterprise-3-1-asynchronous-releases

Affected Products

  • Red Hat OpenShift Container Platform 3.3 x86_64
  • Red Hat OpenShift Container Platform 3.1 x86_64

Fixes

  • BZ - 1388522 - [backport] (3.2) Failed to "oc new-app --search" at the offline environment disconnected to the Internet
  • BZ - 1388524 - [backport] (3.3) Failed to "oc new-app --search" at the offline environment disconnected to the Internet
  • BZ - 1397987 - CVE-2016-8651 OpenShift Enterprise 3: Pulling of any image is possible with it manifest
  • BZ - 1398417 - Data from persistent volumes is wiped after a node service restart
  • BZ - 1399700 - Scheduledjob not deleted when project has been deleted
  • BZ - 1400200 - ClusterResourceQuota status total doesn't match sum of namespaces

CVEs

  • CVE-2016-8651

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.3

SRPM
atomic-openshift-3.3.1.7-1.git.0.0988966.el7.src.rpm SHA-256: 431bce991887a1ccfe3bbf2b633771bc0842718b0912e49831c55b48570a12dd
x86_64
atomic-openshift-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 368424e294a567c16263668af8f4f14462a424206eea5c28eaf49e2a3958a0d0
atomic-openshift-clients-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 2cc6e36f28d846e51584db94f97df3d66196b44c406c04c14f1ae99993c6fc61
atomic-openshift-clients-redistributable-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 40e1d8281e77fc6813fb96abcb790cb214dfaac4d2832bed390b62ac1abcb080
atomic-openshift-docker-excluder-3.3.1.7-1.git.0.0988966.el7.noarch.rpm SHA-256: f7e60ec48049265fdd8586b7c903d60f9a35b23b37591916a847f037cca91036
atomic-openshift-dockerregistry-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 2746f08797d81b931b45bad1df1d07560c120d410efd67cf231c6c890b769024
atomic-openshift-excluder-3.3.1.7-1.git.0.0988966.el7.noarch.rpm SHA-256: 6f4fb9963fa168de004c1964da1dd102bc827be7c739f773cc00bcf181955545
atomic-openshift-master-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 4a4d8c9579232d38c2b5e33e50f40223b76c069f51c023957f109914a1783559
atomic-openshift-node-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 194be3eeea7cf9fb4c8e307d58b301309e7d4cc15320608bfedde6615ab8c973
atomic-openshift-pod-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 26574191bae75d8144fc189e1ef6dd566fafbd90f74b0418d7df21db450838ea
atomic-openshift-sdn-ovs-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 3c99d5e31a8c2f66df5f5e04b16c247286518adfb97648864faaa917699d43f4
atomic-openshift-tests-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 23b4e216296443c96455a3a61b6a757ce5de80d5aa54290d874acf6a98e056b6
tuned-profiles-atomic-openshift-node-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 7c0b7d4fca28f9b3fb68c7b3bc281faa17646284d0716b2693f6a04dea120517

Red Hat OpenShift Container Platform 3.2

SRPM
atomic-openshift-3.2.1.21-1.git.0.4250771.el7.src.rpm SHA-256: da003316d2c17effa4c637bc576495cd67d5920de9013a9844124a4af7cd32e6
x86_64

Red Hat OpenShift Container Platform 3.1

SRPM
atomic-openshift-3.1.1.10-1.git.0.efeef8d.el7aos.src.rpm SHA-256: ac77288bfd3f81b3411a5c708cbde719c5b56b225b873445b4da6d90d3c086a5
x86_64
atomic-openshift-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 45eacf89c4ed6b87f93a90c53ab228458c0f9627025b01f8d7a9f00d1dcc54fe
atomic-openshift-clients-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 7b4034de0bc0342adf26701d34d3720ff5ff6378ec945e2df8ef359bf463a4f6
atomic-openshift-clients-redistributable-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 5755347f9958b9406e6163715604fe4e335f2fb0048e626dc17b86a1cec2d056
atomic-openshift-docker-excluder-3.1.1.10-1.git.0.efeef8d.el7aos.noarch.rpm SHA-256: 5b0157881518ab5827f25ca6a67731172ce7f83738b5ec43536740aec1a1aa67
atomic-openshift-dockerregistry-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: dd2099d20afd68b70a4d83b7e53a43938d0ffef5e284a4b0602044da94d0bf25
atomic-openshift-excluder-3.1.1.10-1.git.0.efeef8d.el7aos.noarch.rpm SHA-256: a86646e8deda4f06f96719375ed8cb346492a557863273efc92ba37bc8dad2a1
atomic-openshift-master-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 11f80422628a0ef4de37afd26b17ade94935aaf78a9d99e8d552c8618389faf7
atomic-openshift-node-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 91c91ccce0b773a0eeb35571284becbbceb54aa8de722e65f151e18ea266aaa4
atomic-openshift-pod-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 7be160b2b4eff682c38129efafcd6bd6df262f01ca96ff8a2a4873ba5d05c1fb
atomic-openshift-recycle-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: b09a75fe99e7813220be337025085b5fadde683b80722fa7bf93e423597d9c16
atomic-openshift-sdn-ovs-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 4231ebb02f1f7d50f08c9f03480ea8f143df7513284216d1eeedc04642262238
tuned-profiles-atomic-openshift-node-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 9d4702907497b6af6033587dc2b3980573fe26cccc873a61030c0588f9495d1a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility