Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

Fedora 22: FEDORA-2016-0f490eea10 Critical: Jenkins Remote Code Execution

fedora
Calendar Grey March 17, 2016
Dist Fedora Esm H88
Stay secure with the latest Jenkins update for Fedora 22, featuring crucial security patches, performance enhancements, and improved features for optimal use
Fixes CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792

Summary

Jenkins is an award-winning application that monitors executions of repeated

jobs, such as building a software project or jobs run by cron. Among those

things, current Jenkins focuses on the following two jobs:

- building/testing software projects continuously. In a nutshell, Jenkins

provides an easy-to-use so-called continuous integration system, making it

easier for developers to integrate changes to the project, and making it

easier for users to obtain a fresh build. The automated, continuous build

increases the productivity.

- monitoring executions of externally-run jobs, such as cron jobs and procmail

jobs, even those that are run on a remote machine. For example, with cron, all

you receive is regular e-mails that capture the output, and it is up to you to

look at them diligently and notice when it broke. Jenkins keeps those outputs

and makes it easy for you to notice when something is wrong.

Update Information:

Fixes CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792

Change Log

References


[ 1 ] Bug #1311950 - CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247) https://bugzilla.redhat.com/show_bug.cgi?id=1311950

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update jenkins' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: jenkins
Product: Fedora 22
Version: 1.609.3
Release: 6.fc22
Summary: An extendable open source continuous integration server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.