RedHat: RHSA-2016-0070:01 Important: Red Hat OpenShift Enterprise 3.1.1 bug
Summary
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issues are addressed with this release:
An authorization flaw was discovered in Kubernetes; the API server
did not properly check user permissions when handling certain
requests. An authenticated remote attacker could use this flaw to
gain additional access to resources such as RAM and disk space.
(CVE-2016-1905)
An authorization flaw was discovered in Kubernetes; the API server
did not properly check user permissions when handling certain build-
configuration strategies. A remote attacker could create build
configurations with strategies that violate policy. Although the
attacker could not launch the build themselves (launch fails when
the policy is violated), if the build configuration files were later
launched by other privileged services (such as automated triggers),
user privileges could be bypassed allowing attacker escalation.
(CVE-2016-1906)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662
CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667
CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807
CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813
CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319
CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323
CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537
CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes and enhancements in
this advisory. See the OpenShift Enterprise 3.1 Release Notes, which
will be updated shortly for release 3.1.1, for details about these
changes:
es.html
All OpenShift Enterprise 3 users are advised to upgrade to these
updated packages.
Summary
Solution
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 3.1 documentation, which will be
updated shortly for release 3.1.1, for important instructions on how
to upgrade your OpenShift cluster and fully apply this asynchronous
errata update:
es.html
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
References
https://access.redhat.com/security/cve/CVE-2013-2186 https://access.redhat.com/security/cve/CVE-2014-1869 https://access.redhat.com/security/cve/CVE-2014-3661 https://access.redhat.com/security/cve/CVE-2014-3662 https://access.redhat.com/security/cve/CVE-2014-3663 https://access.redhat.com/security/cve/CVE-2014-3664 https://access.redhat.com/security/cve/CVE-2014-3666 https://access.redhat.com/security/cve/CVE-2014-3667 https://access.redhat.com/security/cve/CVE-2014-3680 https://access.redhat.com/security/cve/CVE-2014-3681 https://access.redhat.com/security/cve/CVE-2015-1806 https://access.redhat.com/security/cve/CVE-2015-1807 https://access.redhat.com/security/cve/CVE-2015-1808 https://access.redhat.com/security/cve/CVE-2015-1810 https://access.redhat.com/security/cve/CVE-2015-1812 https://access.redhat.com/security/cve/CVE-2015-1813 https://access.redhat.com/security/cve/CVE-2015-1814 https://access.redhat.com/security/cve/CVE-2015-5317 https://access.redhat.com/security/cve/CVE-2015-5318 https://access.redhat.com/security/cve/CVE-2015-5319 https://access.redhat.com/security/cve/CVE-2015-5320 https://access.redhat.com/security/cve/CVE-2015-5321 https://access.redhat.com/security/cve/CVE-2015-5322 https://access.redhat.com/security/cve/CVE-2015-5323 https://access.redhat.com/security/cve/CVE-2015-5324 https://access.redhat.com/security/cve/CVE-2015-5325 https://access.redhat.com/security/cve/CVE-2015-5326 https://access.redhat.com/security/cve/CVE-2015-7537 https://access.redhat.com/security/cve/CVE-2015-7538 https://access.redhat.com/security/cve/CVE-2015-7539 https://access.redhat.com/security/cve/CVE-2015-8103 https://access.redhat.com/security/cve/CVE-2016-1905 https://access.redhat.com/security/cve/CVE-2016-1906 https://access.redhat.com/security/updates/classification/#important
Package List
RHOSE 3.1:
Source:
atomic-openshift-3.1.1.6-1.git.0.b57e8bd.el7aos.src.rpm
heapster-0.18.2-3.gitaf4752e.el7aos.src.rpm
jenkins-1.625.3-2.el7aos.src.rpm
nodejs-align-text-0.1.3-2.el7aos.src.rpm
nodejs-ansi-green-0.1.1-1.el7aos.src.rpm
nodejs-ansi-wrap-0.1.0-1.el7aos.src.rpm
nodejs-anymatch-1.3.0-1.el7aos.src.rpm
nodejs-arr-diff-2.0.0-1.el7aos.src.rpm
nodejs-arr-flatten-1.0.1-1.el7aos.src.rpm
nodejs-array-unique-0.2.1-1.el7aos.src.rpm
nodejs-arrify-1.0.0-1.el7aos.src.rpm
nodejs-async-each-1.0.0-1.el7aos.src.rpm
nodejs-binary-extensions-1.3.1-1.el7aos.src.rpm
nodejs-braces-1.8.2-2.el7aos.src.rpm
nodejs-capture-stack-trace-1.0.0-2.el7aos.src.rpm
nodejs-chokidar-1.4.1-2.el7aos.src.rpm
nodejs-configstore-1.4.0-1.el7aos.src.rpm
nodejs-create-error-class-2.0.1-2.el7aos.src.rpm
nodejs-deep-extend-0.3.2-2.el7aos.src.rpm
nodejs-duplexer-0.1.1-2.el7aos.src.rpm
nodejs-duplexify-3.4.2-1.el7aos.src.rpm
nodejs-end-of-stream-1.1.0-2.el7aos.src.rpm
nodejs-error-ex-1.2.0-1.el7aos.src.rpm
nodejs-es6-promise-3.0.2-2.el7aos.src.rpm
nodejs-event-stream-3.3.2-1.el7aos.src.rpm
nodejs-expand-brackets-0.1.4-1.el7aos.src.rpm
nodejs-expand-range-1.8.1-1.el7aos.src.rpm
nodejs-extglob-0.3.1-1.el7aos.src.rpm
nodejs-filename-regex-2.0.0-1.el7aos.src.rpm
nodejs-fill-range-2.2.3-1.el7aos.src.rpm
nodejs-for-in-0.1.4-1.el7aos.src.rpm
nodejs-for-own-0.1.3-1.el7aos.src.rpm
nodejs-from-0.1.3-2.el7aos.src.rpm
nodejs-glob-base-0.3.0-1.el7aos.src.rpm
nodejs-glob-parent-2.0.0-1.el7aos.src.rpm
nodejs-got-5.2.1-1.el7aos.src.rpm
nodejs-graceful-fs-4.1.2-1.el7aos.src.rpm
nodejs-ini-1.1.0-6.el7aos.src.rpm
nodejs-is-binary-path-1.0.1-1.el7aos.src.rpm
nodejs-is-dotfile-1.0.2-1.el7aos.src.rpm
nodejs-is-equal-shallow-0.1.3-1.el7aos.src.rpm
nodejs-is-extendable-0.1.1-1.el7aos.src.rpm
nodejs-is-extglob-1.0.0-1.el7aos.src.rpm
nodejs-is-glob-2.0.1-1.el7aos.src.rpm
nodejs-is-npm-1.0.0-1.el7aos.src.rpm
nodejs-is-number-2.1.0-1.el7aos.src.rpm
nodejs-is-plain-obj-1.0.0-1.el7aos.src.rpm
nodejs-is-primitive-2.0.0-1.el7aos.src.rpm
nodejs-is-redirect-1.0.0-1.el7aos.src.rpm
nodejs-is-stream-1.0.1-2.el7aos.src.rpm
nodejs-isobject-2.0.0-1.el7aos.src.rpm
nodejs-kind-of-3.0.2-1.el7aos.src.rpm
nodejs-latest-version-2.0.0-1.el7aos.src.rpm
nodejs-lazy-cache-1.0.2-1.el7aos.src.rpm
nodejs-lodash.assign-3.2.0-1.el7aos.src.rpm
nodejs-lodash.baseassign-3.2.0-1.el7aos.src.rpm
nodejs-lodash.basecopy-3.0.1-1.el7aos.src.rpm
nodejs-lodash.bindcallback-3.0.1-1.el7aos.src.rpm
nodejs-lodash.createassigner-3.1.1-1.el7aos.src.rpm
nodejs-lodash.defaults-3.1.2-1.el7aos.src.rpm
nodejs-lodash.getnative-3.9.1-1.el7aos.src.rpm
nodejs-lodash.isarguments-3.0.4-1.el7aos.src.rpm
nodejs-lodash.isarray-3.0.4-1.el7aos.src.rpm
nodejs-lodash.isiterateecall-3.0.9-1.el7aos.src.rpm
nodejs-lodash.keys-3.1.2-1.el7aos.src.rpm
nodejs-lodash.restparam-3.6.1-1.el7aos.src.rpm
nodejs-lowercase-keys-1.0.0-2.el7aos.src.rpm
nodejs-map-stream-0.1.0-2.el7aos.src.rpm
nodejs-micromatch-2.3.5-2.el7aos.src.rpm
nodejs-mkdirp-0.5.0-2.el7aos.src.rpm
nodejs-node-status-codes-1.0.0-1.el7aos.src.rpm
nodejs-nodemon-1.8.1-2.el7aos.src.rpm
nodejs-normalize-path-2.0.1-1.el7aos.src.rpm
nodejs-object-assign-4.0.1-1.el7aos.src.rpm
nodejs-object.omit-2.0.0-1.el7aos.src.rpm
nodejs-optimist-0.4.0-5.el7aos.src.rpm
nodejs-os-homedir-1.0.1-1.el7aos.src.rpm
nodejs-os-tmpdir-1.0.1-1.el7aos.src.rpm
nodejs-osenv-0.1.0-2.el7aos.src.rpm
nodejs-package-json-2.3.0-1.el7aos.src.rpm
nodejs-parse-glob-3.0.4-1.el7aos.src.rpm
nodejs-parse-json-2.2.0-2.el7aos.src.rpm
nodejs-pause-stream-0.0.11-2.el7aos.src.rpm
nodejs-pinkie-2.0.1-1.el7aos.src.rpm
nodejs-pinkie-promise-2.0.0-1.el7aos.src.rpm
nodejs-prepend-http-1.0.1-2.el7aos.src.rpm
nodejs-preserve-0.2.0-1.el7aos.src.rpm
nodejs-ps-tree-1.0.1-1.el7aos.src.rpm
nodejs-randomatic-1.1.5-1.el7aos.src.rpm
nodejs-rc-1.1.2-1.el7aos.src.rpm
nodejs-read-all-stream-3.0.1-3.el7aos.src.rpm
nodejs-readdirp-2.0.0-2.el7aos.src.rpm
nodejs-regex-cache-0.4.2-1.el7aos.src.rpm
nodejs-registry-url-3.0.3-1.el7aos.src.rpm
nodejs-repeat-element-1.1.2-1.el7aos.src.rpm
nodejs-semver-5.1.0-1.el7aos.src.rpm
nodejs-semver-diff-2.1.0-1.el7aos.src.rpm
nodejs-slide-1.1.5-3.el7aos.src.rpm
nodejs-split-0.3.3-2.el7aos.src.rpm
nodejs-stream-combiner-0.2.1-2.el7aos.src.rpm
nodejs-string-length-1.0.1-1.el7aos.src.rpm
nodejs-strip-json-comments-1.0.2-2.el7aos.src.rpm
nodejs-success-symbol-0.1.0-1.el7aos.src.rpm
nodejs-through-2.3.4-4.el7aos.src.rpm
nodejs-timed-out-2.0.0-3.el7aos.src.rpm
nodejs-touch-1.0.0-2.el7aos.src.rpm
nodejs-undefsafe-0.0.3-1.el7aos.src.rpm
nodejs-unzip-response-1.0.0-1.el7aos.src.rpm
nodejs-update-notifier-0.6.0-1.el7aos.src.rpm
nodejs-url-parse-lax-1.0.0-1.el7aos.src.rpm
nodejs-uuid-2.0.1-1.el7aos.src.rpm
nodejs-write-file-atomic-1.1.2-2.el7aos.src.rpm
nodejs-xdg-basedir-2.0.0-1.el7aos.src.rpm
nss_wrapper-1.0.3-1.el7.src.rpm
openshift-ansible-3.0.35-1.git.0.6a386dd.el7aos.src.rpm
openvswitch-2.4.0-1.el7.src.rpm
origin-kibana-0.5.0-1.el7aos.src.rpm
noarch:
atomic-openshift-utils-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
jenkins-1.625.3-2.el7aos.noarch.rpm
nodejs-align-text-0.1.3-2.el7aos.noarch.rpm
nodejs-ansi-green-0.1.1-1.el7aos.noarch.rpm
nodejs-ansi-wrap-0.1.0-1.el7aos.noarch.rpm
nodejs-anymatch-1.3.0-1.el7aos.noarch.rpm
nodejs-arr-diff-2.0.0-1.el7aos.noarch.rpm
nodejs-arr-flatten-1.0.1-1.el7aos.noarch.rpm
nodejs-array-unique-0.2.1-1.el7aos.noarch.rpm
nodejs-arrify-1.0.0-1.el7aos.noarch.rpm
nodejs-async-each-1.0.0-1.el7aos.noarch.rpm
nodejs-binary-extensions-1.3.1-1.el7aos.noarch.rpm
nodejs-braces-1.8.2-2.el7aos.noarch.rpm
nodejs-capture-stack-trace-1.0.0-2.el7aos.noarch.rpm
nodejs-chokidar-1.4.1-2.el7aos.noarch.rpm
nodejs-configstore-1.4.0-1.el7aos.noarch.rpm
nodejs-create-error-class-2.0.1-2.el7aos.noarch.rpm
nodejs-deep-extend-0.3.2-2.el7aos.noarch.rpm
nodejs-duplexer-0.1.1-2.el7aos.noarch.rpm
nodejs-duplexify-3.4.2-1.el7aos.noarch.rpm
nodejs-end-of-stream-1.1.0-2.el7aos.noarch.rpm
nodejs-error-ex-1.2.0-1.el7aos.noarch.rpm
nodejs-es6-promise-3.0.2-2.el7aos.noarch.rpm
nodejs-event-stream-3.3.2-1.el7aos.noarch.rpm
nodejs-expand-brackets-0.1.4-1.el7aos.noarch.rpm
nodejs-expand-range-1.8.1-1.el7aos.noarch.rpm
nodejs-extglob-0.3.1-1.el7aos.noarch.rpm
nodejs-filename-regex-2.0.0-1.el7aos.noarch.rpm
nodejs-fill-range-2.2.3-1.el7aos.noarch.rpm
nodejs-for-in-0.1.4-1.el7aos.noarch.rpm
nodejs-for-own-0.1.3-1.el7aos.noarch.rpm
nodejs-from-0.1.3-2.el7aos.noarch.rpm
nodejs-glob-base-0.3.0-1.el7aos.noarch.rpm
nodejs-glob-parent-2.0.0-1.el7aos.noarch.rpm
nodejs-got-5.2.1-1.el7aos.noarch.rpm
nodejs-graceful-fs-4.1.2-1.el7aos.noarch.rpm
nodejs-ini-1.1.0-6.el7aos.noarch.rpm
nodejs-is-binary-path-1.0.1-1.el7aos.noarch.rpm
nodejs-is-dotfile-1.0.2-1.el7aos.noarch.rpm
nodejs-is-equal-shallow-0.1.3-1.el7aos.noarch.rpm
nodejs-is-extendable-0.1.1-1.el7aos.noarch.rpm
nodejs-is-extglob-1.0.0-1.el7aos.noarch.rpm
nodejs-is-glob-2.0.1-1.el7aos.noarch.rpm
nodejs-is-npm-1.0.0-1.el7aos.noarch.rpm
nodejs-is-number-2.1.0-1.el7aos.noarch.rpm
nodejs-is-plain-obj-1.0.0-1.el7aos.noarch.rpm
nodejs-is-primitive-2.0.0-1.el7aos.noarch.rpm
nodejs-is-redirect-1.0.0-1.el7aos.noarch.rpm
nodejs-is-stream-1.0.1-2.el7aos.noarch.rpm
nodejs-isobject-2.0.0-1.el7aos.noarch.rpm
nodejs-kind-of-3.0.2-1.el7aos.noarch.rpm
nodejs-latest-version-2.0.0-1.el7aos.noarch.rpm
nodejs-lazy-cache-1.0.2-1.el7aos.noarch.rpm
nodejs-lodash.assign-3.2.0-1.el7aos.noarch.rpm
nodejs-lodash.baseassign-3.2.0-1.el7aos.noarch.rpm
nodejs-lodash.basecopy-3.0.1-1.el7aos.noarch.rpm
nodejs-lodash.bindcallback-3.0.1-1.el7aos.noarch.rpm
nodejs-lodash.createassigner-3.1.1-1.el7aos.noarch.rpm
nodejs-lodash.defaults-3.1.2-1.el7aos.noarch.rpm
nodejs-lodash.getnative-3.9.1-1.el7aos.noarch.rpm
nodejs-lodash.isarguments-3.0.4-1.el7aos.noarch.rpm
nodejs-lodash.isarray-3.0.4-1.el7aos.noarch.rpm
nodejs-lodash.isiterateecall-3.0.9-1.el7aos.noarch.rpm
nodejs-lodash.keys-3.1.2-1.el7aos.noarch.rpm
nodejs-lodash.restparam-3.6.1-1.el7aos.noarch.rpm
nodejs-lowercase-keys-1.0.0-2.el7aos.noarch.rpm
nodejs-map-stream-0.1.0-2.el7aos.noarch.rpm
nodejs-micromatch-2.3.5-2.el7aos.noarch.rpm
nodejs-mkdirp-0.5.0-2.el7aos.noarch.rpm
nodejs-node-status-codes-1.0.0-1.el7aos.noarch.rpm
nodejs-nodemon-1.8.1-2.el7aos.noarch.rpm
nodejs-normalize-path-2.0.1-1.el7aos.noarch.rpm
nodejs-object-assign-4.0.1-1.el7aos.noarch.rpm
nodejs-object.omit-2.0.0-1.el7aos.noarch.rpm
nodejs-optimist-0.4.0-5.el7aos.noarch.rpm
nodejs-os-homedir-1.0.1-1.el7aos.noarch.rpm
nodejs-os-tmpdir-1.0.1-1.el7aos.noarch.rpm
nodejs-osenv-0.1.0-2.el7aos.noarch.rpm
nodejs-package-json-2.3.0-1.el7aos.noarch.rpm
nodejs-parse-glob-3.0.4-1.el7aos.noarch.rpm
nodejs-parse-json-2.2.0-2.el7aos.noarch.rpm
nodejs-pause-stream-0.0.11-2.el7aos.noarch.rpm
nodejs-pinkie-2.0.1-1.el7aos.noarch.rpm
nodejs-pinkie-promise-2.0.0-1.el7aos.noarch.rpm
nodejs-prepend-http-1.0.1-2.el7aos.noarch.rpm
nodejs-preserve-0.2.0-1.el7aos.noarch.rpm
nodejs-ps-tree-1.0.1-1.el7aos.noarch.rpm
nodejs-randomatic-1.1.5-1.el7aos.noarch.rpm
nodejs-rc-1.1.2-1.el7aos.noarch.rpm
nodejs-read-all-stream-3.0.1-3.el7aos.noarch.rpm
nodejs-readdirp-2.0.0-2.el7aos.noarch.rpm
nodejs-regex-cache-0.4.2-1.el7aos.noarch.rpm
nodejs-registry-url-3.0.3-1.el7aos.noarch.rpm
nodejs-repeat-element-1.1.2-1.el7aos.noarch.rpm
nodejs-semver-5.1.0-1.el7aos.noarch.rpm
nodejs-semver-diff-2.1.0-1.el7aos.noarch.rpm
nodejs-slide-1.1.5-3.el7aos.noarch.rpm
nodejs-split-0.3.3-2.el7aos.noarch.rpm
nodejs-stream-combiner-0.2.1-2.el7aos.noarch.rpm
nodejs-string-length-1.0.1-1.el7aos.noarch.rpm
nodejs-strip-json-comments-1.0.2-2.el7aos.noarch.rpm
nodejs-success-symbol-0.1.0-1.el7aos.noarch.rpm
nodejs-through-2.3.4-4.el7aos.noarch.rpm
nodejs-timed-out-2.0.0-3.el7aos.noarch.rpm
nodejs-touch-1.0.0-2.el7aos.noarch.rpm
nodejs-undefsafe-0.0.3-1.el7aos.noarch.rpm
nodejs-unzip-response-1.0.0-1.el7aos.noarch.rpm
nodejs-update-notifier-0.6.0-1.el7aos.noarch.rpm
nodejs-url-parse-lax-1.0.0-1.el7aos.noarch.rpm
nodejs-uuid-2.0.1-1.el7aos.noarch.rpm
nodejs-write-file-atomic-1.1.2-2.el7aos.noarch.rpm
nodejs-xdg-basedir-2.0.0-1.el7aos.noarch.rpm
openshift-ansible-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
openshift-ansible-docs-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
openshift-ansible-filter-plugins-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
openshift-ansible-lookup-plugins-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
openshift-ansible-playbooks-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
openshift-ansible-roles-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm
openvswitch-test-2.4.0-1.el7.noarch.rpm
origin-kibana-0.5.0-1.el7aos.noarch.rpm
python-openvswitch-2.4.0-1.el7.noarch.rpm
x86_64:
atomic-openshift-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-clients-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-clients-redistributable-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-dockerregistry-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-master-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-pod-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-recycle-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
atomic-openshift-sdn-ovs-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
heapster-0.18.2-3.gitaf4752e.el7aos.x86_64.rpm
nss_wrapper-1.0.3-1.el7.x86_64.rpm
nss_wrapper-debuginfo-1.0.3-1.el7.x86_64.rpm
openvswitch-2.4.0-1.el7.x86_64.rpm
openvswitch-debuginfo-2.4.0-1.el7.x86_64.rpm
openvswitch-devel-2.4.0-1.el7.x86_64.rpm
tuned-profiles-atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Topic
Relevant Releases Architectures
RHOSE 3.1 - noarch, x86_64
Bugs Fixed
974814 - CVE-2013-2186 Apache commons-fileupload: Arbitrary file upload via deserialization
1063099 - CVE-2014-1869 stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
1147758 - CVE-2014-3661 jenkins: denial of service (SECURITY-87)
1147759 - CVE-2014-3662 jenkins: username discovery (SECURITY-110)
1147764 - CVE-2014-3663 jenkins: job configuration issues (SECURITY-127, SECURITY-128)
1147765 - CVE-2014-3664 jenkins: directory traversal flaw (SECURITY-131)
1147766 - CVE-2014-3681 jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)
1147769 - CVE-2014-3666 jenkins: remote code execution flaw (SECURITY-150)
1147770 - CVE-2014-3667 jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)
1148645 - CVE-2014-3680 jenkins: password exposure in DOM (SECURITY-138)
1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)
1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125)
1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162)
1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)
1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
1243514 - there is possibly a race / error / startup dependency condition where the master's node/sdn doesn't start up properly on boot
1247523 - [RFE]-UI only includes first port in generated service
1254880 - Secure communication for Heapster metric collection
1256869 - Deleting Users and Identity does not remove Authorization Settings
1268478 - docker builder cannot retrieve source from git when user name is not a private git repository.
1273739 - Event shows "Cloud provider not initialized properly" when creating pod with cinder PV
1277329 - Core dump when running openshift for several days
1277383 - ovs-port wasn't deleted when openshift deleted pods
1277608 - NFS Recycler Fails in containerized Kubernetes
1278232 - if build fails to schedule because of quota, and pod count is reduced, build never automatically starts
1278630 - oc rollback says it is doing something, but doesn't appear to do it
1279404 - The clustered mysql pod keeps CrashLoopBackOff for cannot create directory '/var/lib/mysql/data/mysql': Permission denied
1279744 - postgresql-92-rhel7 cannot startup on AEP env
1279925 - After installation, openshift-sdn didn't make /etc/openshift-sdn/config.env, and can't access to the pod
1280216 - Setting env vars via Web UI not visible in the assemble phase of STI build (https://github.com/openshift/origin/issues/5817)
1280497 - [Supportability] Build OpenShift with DWARF
1282359 - CVE-2015-5317 jenkins: Project name disclosure via fingerprints (SECURITY-153)
1282361 - CVE-2015-5318 jenkins: Public value used for CSRF protection salt (SECURITY-169)
1282362 - CVE-2015-5319 jenkins: XXE injection into job configurations via CLI (SECURITY-173)
1282363 - CVE-2015-5320 jenkins: Secret key not verified when connecting a slave (SECURITY-184)
1282364 - CVE-2015-5321 jenkins: Information disclosure via sidepanel (SECURITY-192)
1282365 - CVE-2015-5322 jenkins: Local file inclusion vulnerability (SECURITY-195)
1282366 - CVE-2015-5323 jenkins: API tokens of other users available to admins (SECURITY-200)
1282367 - CVE-2015-5324 jenkins: Queue API did show items not visible to the current user (SECURITY-186)
1282368 - CVE-2015-5325 jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)
1282369 - CVE-2015-5326 jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)
1282371 - CVE-2015-8103 jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)
1282426 - The secret cannot be recognized which was added via .docker/config.json
1282738 - Mysql Can't handle MYSQL_USER=root case
1283952 - Default haproxy 503 response lack HTTP response header
1284506 - tuned-profiles-atomic-openshift-node man is not updated to "atomic-openshift-X" new naming
1287414 - Wrong prompt message for oc attach regardless of parameter values
1287943 - When cancel a build the build status always become failed
1288014 - Panic, if redhat/openshift-ovs-multitenant is enabled.
1289603 - oc login fails with Unauthorized error sometimes on HA etcd environment
1289965 - node crashed
1290643 - Wrong Forwarded Header format
1290967 - Hostsubnet is not created and OSE node host doesn't do OVS setup
1291795 - CVE-2015-7537 jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)
1291797 - CVE-2015-7538 jenkins: CSRF protection ineffective (SECURITY-233)
1291798 - CVE-2015-7539 jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)
1292621 - jenkins-ephemeral template points at centos instead of rhel
1293251 - Can not access service endpoint between different nodes.
1293252 - Can not push images to docker-registry
1293829 - Return 'read time out‘ in jenkins webconsole when trigger a build more than 2 minites
1293877 - Postgresql pod is CrashLoopBackOff after add nfs volume to dc/rc
1294115 - Get error status 404 when trying to push result image to internal docker registry if registry is temporarily down and resumed immediately
1294798 - BuildConfig field for 'Perform builds in OpenShift' build step in Jenkins configure Job form is populated with default value of 'frontend' instead of actual stored value.
1296457 - Sometimes Persistent Volume can not become available after it is created
1297910 - CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control
1297916 - CVE-2016-1906 Kubernetes api server: build config to a strategy that isn't allowed by policy