RedHat: RHSA-2016-1427:01 Important: atomic-openshift security and bug fix
Summary
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* The Kubernetes API server contains a watch cache that speeds up
performance. Due to an input validation error OpenShift Enterprise may
return data for other users and projects when queried by a user. An
attacker with knowledge of other project names could use this vulnerability
to view their information. (CVE-2016-5392)
This issue was discovered by Yanping Zhang (Red Hat).
This updates includes the following images:
openshift3/openvswitch:v3.2.1.7-1
openshift3/ose-pod:v3.2.1.7-1
openshift3/ose:v3.2.1.7-1
openshift3/ose-docker-registry:v3.2.1.7-1
openshift3/ose-keepalived-ipfailover:v3.2.1.7-1
openshift3/ose-recycler:v3.2.1.7-1
openshift3/ose-f5-router:v3.2.1.7-1
openshift3/ose-deployer:v3.2.1.7-1
openshift3/node:v3.2.1.7-1
openshift3/ose-sti-builder:v3.2.1.7-1
openshift3/ose-docker-builder:v3.2.1.7-1
openshift3/ose-haproxy-router:v3.2.1.7-1
All OpenShift Enterprise 3 users are advised to upgrade to these updated
packages and images.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2016-5392 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat OpenShift Enterprise 3.2:
Source:
atomic-openshift-3.2.1.7-1.git.0.2702170.el7.src.rpm
x86_64:
atomic-openshift-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-clients-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-clients-redistributable-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-dockerregistry-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-master-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-node-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-pod-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-recycle-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-sdn-ovs-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
atomic-openshift-tests-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
tuned-profiles-atomic-openshift-node-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for atomic-openshift is now available for Red Hat OpenShiftEnterprise 3.2.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat OpenShift Enterprise 3.2 - x86_64
Bugs Fixed