Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2016:2915 - Security Advisory
Issued:
2016-12-07
Updated:
2016-12-07

RHSA-2016:2915 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: atomic-openshift security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for atomic-openshift is now available for Red Hat OpenShift
Container Platform 3.1, 3.2, and 3.3.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform releases 3.3.1.7, 3.2.1.21, and 3.1.1.10. See the following
advisory for the container images for these releases:

https://access.redhat.com/errata/RHBA-2016:2916

Security Fix(es):

  • An input validation flaw was found in the way OpenShift handles requests

for images. A user, with a copy of the manifest associated with an image,
can pull an image even if they do not have access to the image normally,
resulting in the disclosure of any information contained within the image.
(CVE-2016-8651)

Bug Fix(es) for OpenShift Container Platform 3.3:

  • Previously when rapidly updating multiple namespaces

controlled by a single ClusterResourceQuota, the status.total.used can get
out of sync with the sum of the status.namespaces[*].used. This bug fix
ensures the ClusterResourceQuota objects are properly updated. (BZ#1400200)

  • When using the `oc new-app --search` command in an environment where

OpenShift Container Platform (OCP) could not reach Docker Hub, the command
failed for any query. OCP now prints a warning and continues with what was
found in other sources. (BZ#1388524)

  • The OpenShift Container Platform node daemon did not recover properly

from restarts, and it lost information about attached and mounted volumes.
In rare cases, the daemon deleted all data on a mounted volume, thinking
that it has been already unmounted while it was only missing its node's
cache. This bug fix ensures node caches are recovered after restarts, and
as a result no data loss occurs on the mounted volumes. (BZ#1398417)

  • Previously, ScheduledJobs were not cleaned up on project deletion. If a

new project was created with the same project name, the previously-defined
ScheduledJobs would re-appear. This bug fix ensures ScheduledJobs are
removed when a project is removed. (BZ#1399700)

Bug Fix(es) for OpenShift Container Platform 3.2:

  • When using the `oc new-app --search` command in an environment where

OpenShift Container Platform (OCP) could not reach Docker Hub, the command
failed for any query. OCP now prints a warning and continues with what was
found in other sources. (BZ#1388522)

All OpenShift Container Platform users are advised to upgrade to these
updated packages and images.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To apply this update, see the following cluster upgrade documentation that
relates to your installed version of OpenShift Container Platform.

For OpenShift Container Platform 3.3:

https://docs.openshift.com/container-platform/3.3/install_config/upgrading/automated_upgrades.html#upgrading-to-ocp-3-3-asynchronous-releases

For OpenShift Container Platform 3.2:

https://docs.openshift.com/enterprise/3.2/install_config/upgrading/automated_upgrades.html#upgrading-to-openshift-enterprise-3-2-asynchronous-releases

For OpenShift Container Platform 3.1:

https://docs.openshift.com/enterprise/3.1/install_config/upgrading/automated_upgrades.html#upgrading-to-openshift-enterprise-3-1-asynchronous-releases

Affected Products

  • Red Hat OpenShift Container Platform 3.3 x86_64
  • Red Hat OpenShift Container Platform 3.1 x86_64

Fixes

  • BZ - 1388522 - [backport] (3.2) Failed to "oc new-app --search" at the offline environment disconnected to the Internet
  • BZ - 1388524 - [backport] (3.3) Failed to "oc new-app --search" at the offline environment disconnected to the Internet
  • BZ - 1397987 - CVE-2016-8651 OpenShift Enterprise 3: Pulling of any image is possible with it manifest
  • BZ - 1398417 - Data from persistent volumes is wiped after a node service restart
  • BZ - 1399700 - Scheduledjob not deleted when project has been deleted
  • BZ - 1400200 - ClusterResourceQuota status total doesn't match sum of namespaces

CVEs

  • CVE-2016-8651

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.3

SRPM
atomic-openshift-3.3.1.7-1.git.0.0988966.el7.src.rpm SHA-256: 431bce991887a1ccfe3bbf2b633771bc0842718b0912e49831c55b48570a12dd
x86_64
atomic-openshift-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 368424e294a567c16263668af8f4f14462a424206eea5c28eaf49e2a3958a0d0
atomic-openshift-clients-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 2cc6e36f28d846e51584db94f97df3d66196b44c406c04c14f1ae99993c6fc61
atomic-openshift-clients-redistributable-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 40e1d8281e77fc6813fb96abcb790cb214dfaac4d2832bed390b62ac1abcb080
atomic-openshift-docker-excluder-3.3.1.7-1.git.0.0988966.el7.noarch.rpm SHA-256: f7e60ec48049265fdd8586b7c903d60f9a35b23b37591916a847f037cca91036
atomic-openshift-dockerregistry-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 2746f08797d81b931b45bad1df1d07560c120d410efd67cf231c6c890b769024
atomic-openshift-excluder-3.3.1.7-1.git.0.0988966.el7.noarch.rpm SHA-256: 6f4fb9963fa168de004c1964da1dd102bc827be7c739f773cc00bcf181955545
atomic-openshift-master-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 4a4d8c9579232d38c2b5e33e50f40223b76c069f51c023957f109914a1783559
atomic-openshift-node-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 194be3eeea7cf9fb4c8e307d58b301309e7d4cc15320608bfedde6615ab8c973
atomic-openshift-pod-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 26574191bae75d8144fc189e1ef6dd566fafbd90f74b0418d7df21db450838ea
atomic-openshift-sdn-ovs-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 3c99d5e31a8c2f66df5f5e04b16c247286518adfb97648864faaa917699d43f4
atomic-openshift-tests-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 23b4e216296443c96455a3a61b6a757ce5de80d5aa54290d874acf6a98e056b6
tuned-profiles-atomic-openshift-node-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm SHA-256: 7c0b7d4fca28f9b3fb68c7b3bc281faa17646284d0716b2693f6a04dea120517

Red Hat OpenShift Container Platform 3.2

SRPM
atomic-openshift-3.2.1.21-1.git.0.4250771.el7.src.rpm SHA-256: da003316d2c17effa4c637bc576495cd67d5920de9013a9844124a4af7cd32e6
x86_64

Red Hat OpenShift Container Platform 3.1

SRPM
atomic-openshift-3.1.1.10-1.git.0.efeef8d.el7aos.src.rpm SHA-256: ac77288bfd3f81b3411a5c708cbde719c5b56b225b873445b4da6d90d3c086a5
x86_64
atomic-openshift-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 45eacf89c4ed6b87f93a90c53ab228458c0f9627025b01f8d7a9f00d1dcc54fe
atomic-openshift-clients-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 7b4034de0bc0342adf26701d34d3720ff5ff6378ec945e2df8ef359bf463a4f6
atomic-openshift-clients-redistributable-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 5755347f9958b9406e6163715604fe4e335f2fb0048e626dc17b86a1cec2d056
atomic-openshift-docker-excluder-3.1.1.10-1.git.0.efeef8d.el7aos.noarch.rpm SHA-256: 5b0157881518ab5827f25ca6a67731172ce7f83738b5ec43536740aec1a1aa67
atomic-openshift-dockerregistry-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: dd2099d20afd68b70a4d83b7e53a43938d0ffef5e284a4b0602044da94d0bf25
atomic-openshift-excluder-3.1.1.10-1.git.0.efeef8d.el7aos.noarch.rpm SHA-256: a86646e8deda4f06f96719375ed8cb346492a557863273efc92ba37bc8dad2a1
atomic-openshift-master-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 11f80422628a0ef4de37afd26b17ade94935aaf78a9d99e8d552c8618389faf7
atomic-openshift-node-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 91c91ccce0b773a0eeb35571284becbbceb54aa8de722e65f151e18ea266aaa4
atomic-openshift-pod-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 7be160b2b4eff682c38129efafcd6bd6df262f01ca96ff8a2a4873ba5d05c1fb
atomic-openshift-recycle-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: b09a75fe99e7813220be337025085b5fadde683b80722fa7bf93e423597d9c16
atomic-openshift-sdn-ovs-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 4231ebb02f1f7d50f08c9f03480ea8f143df7513284216d1eeedc04642262238
tuned-profiles-atomic-openshift-node-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm SHA-256: 9d4702907497b6af6033587dc2b3980573fe26cccc873a61030c0588f9495d1a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter