-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update
Advisory ID:       RHSA-2016:1773-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2016:1773.html
Issue date:        2016-08-24
CVE Names:         CVE-2014-3577 CVE-2015-7501 CVE-2016-0788 
                   CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 
                   CVE-2016-0792 CVE-2016-3721 CVE-2016-3722 
                   CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 
                   CVE-2016-3726 CVE-2016-3727 
====================================================================
1. Summary:

An update is now available for Red Hat OpenShift Enterprise 2.2.

Red Hat Product Security has rated this update as having a security impact 
of Important. A Common Vulnerability Scoring System (CVSS) base score, 
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Enterprise Client 2.2 - noarch
Red Hat OpenShift Enterprise Infrastructure 2.2 - noarch, x86_64
Red Hat OpenShift Enterprise JBoss EAP add-on 2.2 - noarch
Red Hat OpenShift Enterprise Node 2.2 - noarch, x86_64

3. Description:

OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

* The Jenkins continuous integration server has been updated to upstream 
version 1.651.2 LTS that addresses a large number of security issues, 
including open redirects, a potential denial of service, unsafe handling of
user provided environment variables and several instances of sensitive 
information disclosure. (CVE-2014-3577, CVE-2016-0788, CVE-2016-0789,
CVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722,
CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727,
CVE-2015-7501)

Space precludes documenting all of the bug fixes and enhancements in this 
advisory. See the OpenShift Enterprise Technical Notes, which will be 
updated shortly for release 2.2.10, for details about these changes:

ingle/Technical_Notes/index.html

All OpenShift Enterprise 2 users are advised to upgrade to these updated 
packages.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

See the OpenShift Enterprise 2.2 Release Notes, which will be updated 
shortly for release 2.2.10, for important instructions on how to fully 
apply this asynchronous errata update:

ingle/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates

This update is available via the Red Hat Network. Details on how to use 
the Red Hat Network to apply this update are available at 
https://access.redhat.com/articles/11258.

5. Bugs fixed (https://bugzilla.redhat.com/):

1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
1196783 - OPENSHIFT_GEAR_MEMORY_MB is not updated when resource limits change
1217403 - [RFE] separate system-level logs of cron cartridge from gear-level logs
1266239 - [RFE] Make user variables maximum value configurable.
1274852 - Routing Daemon does not update LB when head gear is moved.
1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation
1282852 - Tomcat Does not properly parse spaces in JVM parameters/setttings
1311722 - Deleting a multi-version cartridge on the node fails silently
1311946 - CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)
1311947 - CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238)
1311948 - CVE-2016-0790 jenkins: Non-constant time comparison of API token (SECURITY-241)
1311949 - CVE-2016-0791 jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)
1311950 - CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247)
1335415 - CVE-2016-3721 jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
1335416 - CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)
1335417 - CVE-2016-3723 jenkins: Information on installed plugins exposed via API (SECURITY-250)
1335418 - CVE-2016-3724 jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)
1335420 - CVE-2016-3725 jenkins: Regular users can trigger download of update site metadata (SECURITY-273)
1335421 - CVE-2016-3726 jenkins: Open redirect to scheme-relative URLs (SECURITY-276)
1335422 - CVE-2016-3727 jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
1358938 - libcgroup dependency error when installing node in ose-2.2
1361305 - gears exceeding quota cannot be stopped or idled
1361306 - Unable to obtain user-agent or client IP in websocket handshake on OpenShift hosted WildFly
1361307 - mysql cartridge removes logs on start
1362666 - oo-admin-move should move gears to nodes with enough free space + buffer space

6. Package List:

Red Hat OpenShift Enterprise Client 2.2:

Source:
rhc-1.38.7.1-1.el6op.src.rpm

noarch:
rhc-1.38.7.1-1.el6op.noarch.rpm

Red Hat OpenShift Enterprise Infrastructure 2.2:

Source:
activemq-5.9.0-6.redhat.611463.el6op.src.rpm
openshift-origin-broker-1.16.3.2-1.el6op.src.rpm
openshift-origin-broker-util-1.37.6.2-1.el6op.src.rpm
rubygem-openshift-origin-admin-console-1.28.2.1-1.el6op.src.rpm
rubygem-openshift-origin-controller-1.38.6.4-1.el6op.src.rpm
rubygem-openshift-origin-msg-broker-mcollective-1.36.2.4-1.el6op.src.rpm
rubygem-openshift-origin-routing-daemon-0.26.6.1-1.el6op.src.rpm

noarch:
openshift-origin-broker-1.16.3.2-1.el6op.noarch.rpm
openshift-origin-broker-util-1.37.6.2-1.el6op.noarch.rpm
rubygem-openshift-origin-admin-console-1.28.2.1-1.el6op.noarch.rpm
rubygem-openshift-origin-controller-1.38.6.4-1.el6op.noarch.rpm
rubygem-openshift-origin-msg-broker-mcollective-1.36.2.4-1.el6op.noarch.rpm
rubygem-openshift-origin-routing-daemon-0.26.6.1-1.el6op.noarch.rpm

x86_64:
activemq-5.9.0-6.redhat.611463.el6op.x86_64.rpm
activemq-client-5.9.0-6.redhat.611463.el6op.x86_64.rpm

Red Hat OpenShift Enterprise JBoss EAP add-on 2.2:

Source:
openshift-origin-cartridge-jbosseap-2.27.4.2-1.el6op.src.rpm

noarch:
openshift-origin-cartridge-jbosseap-2.27.4.2-1.el6op.noarch.rpm

Red Hat OpenShift Enterprise Node 2.2:

Source:
ImageMagick-6.7.2.7-5.el6_8.src.rpm
activemq-5.9.0-6.redhat.611463.el6op.src.rpm
jenkins-1.651.2-1.el6op.src.rpm
libcgroup-0.40.rc1-18.el6_8.src.rpm
openshift-origin-cartridge-cron-1.25.4.2-1.el6op.src.rpm
openshift-origin-cartridge-diy-1.26.2.2-1.el6op.src.rpm
openshift-origin-cartridge-haproxy-1.31.6.2-1.el6op.src.rpm
openshift-origin-cartridge-jbossews-1.35.5.2-1.el6op.src.rpm
openshift-origin-cartridge-jenkins-1.29.2.2-1.el6op.src.rpm
openshift-origin-cartridge-jenkins-client-1.26.1.1-1.el6op.src.rpm
openshift-origin-cartridge-mongodb-1.26.2.2-1.el6op.src.rpm
openshift-origin-cartridge-mysql-1.31.3.3-1.el6op.src.rpm
openshift-origin-cartridge-nodejs-1.33.1.2-1.el6op.src.rpm
openshift-origin-cartridge-perl-1.30.2.2-1.el6op.src.rpm
openshift-origin-cartridge-php-1.35.4.2-1.el6op.src.rpm
openshift-origin-cartridge-python-1.34.3.2-1.el6op.src.rpm
openshift-origin-cartridge-ruby-1.32.2.2-1.el6op.src.rpm
openshift-origin-msg-node-mcollective-1.30.2.2-1.el6op.src.rpm
openshift-origin-node-proxy-1.26.3.1-1.el6op.src.rpm
openshift-origin-node-util-1.38.7.1-1.el6op.src.rpm
rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.2.1-1.el6op.src.rpm
rubygem-openshift-origin-node-1.38.6.4-1.el6op.src.rpm

noarch:
jenkins-1.651.2-1.el6op.noarch.rpm
openshift-origin-cartridge-cron-1.25.4.2-1.el6op.noarch.rpm
openshift-origin-cartridge-diy-1.26.2.2-1.el6op.noarch.rpm
openshift-origin-cartridge-haproxy-1.31.6.2-1.el6op.noarch.rpm
openshift-origin-cartridge-jbossews-1.35.5.2-1.el6op.noarch.rpm
openshift-origin-cartridge-jenkins-1.29.2.2-1.el6op.noarch.rpm
openshift-origin-cartridge-jenkins-client-1.26.1.1-1.el6op.noarch.rpm
openshift-origin-cartridge-mongodb-1.26.2.2-1.el6op.noarch.rpm
openshift-origin-cartridge-mysql-1.31.3.3-1.el6op.noarch.rpm
openshift-origin-cartridge-nodejs-1.33.1.2-1.el6op.noarch.rpm
openshift-origin-cartridge-perl-1.30.2.2-1.el6op.noarch.rpm
openshift-origin-cartridge-php-1.35.4.2-1.el6op.noarch.rpm
openshift-origin-cartridge-python-1.34.3.2-1.el6op.noarch.rpm
openshift-origin-cartridge-ruby-1.32.2.2-1.el6op.noarch.rpm
openshift-origin-msg-node-mcollective-1.30.2.2-1.el6op.noarch.rpm
openshift-origin-node-proxy-1.26.3.1-1.el6op.noarch.rpm
openshift-origin-node-util-1.38.7.1-1.el6op.noarch.rpm
rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.2.1-1.el6op.noarch.rpm
rubygem-openshift-origin-node-1.38.6.4-1.el6op.noarch.rpm

x86_64:
ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm
ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm
ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm
ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm
activemq-client-5.9.0-6.redhat.611463.el6op.x86_64.rpm
libcgroup-debuginfo-0.40.rc1-18.el6_8.x86_64.rpm
libcgroup-pam-0.40.rc1-18.el6_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-3577
https://access.redhat.com/security/cve/CVE-2015-7501
https://access.redhat.com/security/cve/CVE-2016-0788
https://access.redhat.com/security/cve/CVE-2016-0789
https://access.redhat.com/security/cve/CVE-2016-0790
https://access.redhat.com/security/cve/CVE-2016-0791
https://access.redhat.com/security/cve/CVE-2016-0792
https://access.redhat.com/security/cve/CVE-2016-3721
https://access.redhat.com/security/cve/CVE-2016-3722
https://access.redhat.com/security/cve/CVE-2016-3723
https://access.redhat.com/security/cve/CVE-2016-3724
https://access.redhat.com/security/cve/CVE-2016-3725
https://access.redhat.com/security/cve/CVE-2016-3726
https://access.redhat.com/security/cve/CVE-2016-3727
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXvfohXlSAg2UNWIIRAkfNAKCBtVY0xEgjCs6Artz4o1q2MTshjwCdG8ow
LTXLl4KmRK711Sc+V6NxT7c=mDbi
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

RedHat: RHSA-2016-1773:01 Important: Red Hat OpenShift Enterprise 2.2.10

An update is now available for Red Hat OpenShift Enterprise 2.2

Summary

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
* The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure. (CVE-2014-3577, CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727, CVE-2015-7501)
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise Technical Notes, which will be updated shortly for release 2.2.10, for details about these changes:
ingle/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these updated packages.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be updated shortly for release 2.2.10, for important instructions on how to fully apply this asynchronous errata update:
ingle/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

References

https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2015-7501 https://access.redhat.com/security/cve/CVE-2016-0788 https://access.redhat.com/security/cve/CVE-2016-0789 https://access.redhat.com/security/cve/CVE-2016-0790 https://access.redhat.com/security/cve/CVE-2016-0791 https://access.redhat.com/security/cve/CVE-2016-0792 https://access.redhat.com/security/cve/CVE-2016-3721 https://access.redhat.com/security/cve/CVE-2016-3722 https://access.redhat.com/security/cve/CVE-2016-3723 https://access.redhat.com/security/cve/CVE-2016-3724 https://access.redhat.com/security/cve/CVE-2016-3725 https://access.redhat.com/security/cve/CVE-2016-3726 https://access.redhat.com/security/cve/CVE-2016-3727 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat OpenShift Enterprise Client 2.2:
Source: rhc-1.38.7.1-1.el6op.src.rpm
noarch: rhc-1.38.7.1-1.el6op.noarch.rpm
Red Hat OpenShift Enterprise Infrastructure 2.2:
Source: activemq-5.9.0-6.redhat.611463.el6op.src.rpm openshift-origin-broker-1.16.3.2-1.el6op.src.rpm openshift-origin-broker-util-1.37.6.2-1.el6op.src.rpm rubygem-openshift-origin-admin-console-1.28.2.1-1.el6op.src.rpm rubygem-openshift-origin-controller-1.38.6.4-1.el6op.src.rpm rubygem-openshift-origin-msg-broker-mcollective-1.36.2.4-1.el6op.src.rpm rubygem-openshift-origin-routing-daemon-0.26.6.1-1.el6op.src.rpm
noarch: openshift-origin-broker-1.16.3.2-1.el6op.noarch.rpm openshift-origin-broker-util-1.37.6.2-1.el6op.noarch.rpm rubygem-openshift-origin-admin-console-1.28.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.38.6.4-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.36.2.4-1.el6op.noarch.rpm rubygem-openshift-origin-routing-daemon-0.26.6.1-1.el6op.noarch.rpm
x86_64: activemq-5.9.0-6.redhat.611463.el6op.x86_64.rpm activemq-client-5.9.0-6.redhat.611463.el6op.x86_64.rpm
Red Hat OpenShift Enterprise JBoss EAP add-on 2.2:
Source: openshift-origin-cartridge-jbosseap-2.27.4.2-1.el6op.src.rpm
noarch: openshift-origin-cartridge-jbosseap-2.27.4.2-1.el6op.noarch.rpm
Red Hat OpenShift Enterprise Node 2.2:
Source: ImageMagick-6.7.2.7-5.el6_8.src.rpm activemq-5.9.0-6.redhat.611463.el6op.src.rpm jenkins-1.651.2-1.el6op.src.rpm libcgroup-0.40.rc1-18.el6_8.src.rpm openshift-origin-cartridge-cron-1.25.4.2-1.el6op.src.rpm openshift-origin-cartridge-diy-1.26.2.2-1.el6op.src.rpm openshift-origin-cartridge-haproxy-1.31.6.2-1.el6op.src.rpm openshift-origin-cartridge-jbossews-1.35.5.2-1.el6op.src.rpm openshift-origin-cartridge-jenkins-1.29.2.2-1.el6op.src.rpm openshift-origin-cartridge-jenkins-client-1.26.1.1-1.el6op.src.rpm openshift-origin-cartridge-mongodb-1.26.2.2-1.el6op.src.rpm openshift-origin-cartridge-mysql-1.31.3.3-1.el6op.src.rpm openshift-origin-cartridge-nodejs-1.33.1.2-1.el6op.src.rpm openshift-origin-cartridge-perl-1.30.2.2-1.el6op.src.rpm openshift-origin-cartridge-php-1.35.4.2-1.el6op.src.rpm openshift-origin-cartridge-python-1.34.3.2-1.el6op.src.rpm openshift-origin-cartridge-ruby-1.32.2.2-1.el6op.src.rpm openshift-origin-msg-node-mcollective-1.30.2.2-1.el6op.src.rpm openshift-origin-node-proxy-1.26.3.1-1.el6op.src.rpm openshift-origin-node-util-1.38.7.1-1.el6op.src.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.2.1-1.el6op.src.rpm rubygem-openshift-origin-node-1.38.6.4-1.el6op.src.rpm
noarch: jenkins-1.651.2-1.el6op.noarch.rpm openshift-origin-cartridge-cron-1.25.4.2-1.el6op.noarch.rpm openshift-origin-cartridge-diy-1.26.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.31.6.2-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.35.5.2-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-1.29.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-client-1.26.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-mongodb-1.26.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-mysql-1.31.3.3-1.el6op.noarch.rpm openshift-origin-cartridge-nodejs-1.33.1.2-1.el6op.noarch.rpm openshift-origin-cartridge-perl-1.30.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-php-1.35.4.2-1.el6op.noarch.rpm openshift-origin-cartridge-python-1.34.3.2-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.32.2.2-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.30.2.2-1.el6op.noarch.rpm openshift-origin-node-proxy-1.26.3.1-1.el6op.noarch.rpm openshift-origin-node-util-1.38.7.1-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.38.6.4-1.el6op.noarch.rpm
x86_64: ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm activemq-client-5.9.0-6.redhat.611463.el6op.x86_64.rpm libcgroup-debuginfo-0.40.rc1-18.el6_8.x86_64.rpm libcgroup-pam-0.40.rc1-18.el6_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2016:1773-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1773.html
Issued Date: : 2016-08-24
CVE Names: CVE-2014-3577 CVE-2015-7501 CVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 CVE-2016-3721 CVE-2016-3722 CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 CVE-2016-3726 CVE-2016-3727

Topic

An update is now available for Red Hat OpenShift Enterprise 2.2.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat OpenShift Enterprise Client 2.2 - noarch

Red Hat OpenShift Enterprise Infrastructure 2.2 - noarch, x86_64

Red Hat OpenShift Enterprise JBoss EAP add-on 2.2 - noarch

Red Hat OpenShift Enterprise Node 2.2 - noarch, x86_64


Bugs Fixed

1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

1196783 - OPENSHIFT_GEAR_MEMORY_MB is not updated when resource limits change

1217403 - [RFE] separate system-level logs of cron cartridge from gear-level logs

1266239 - [RFE] Make user variables maximum value configurable.

1274852 - Routing Daemon does not update LB when head gear is moved.

1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation

1282852 - Tomcat Does not properly parse spaces in JVM parameters/setttings

1311722 - Deleting a multi-version cartridge on the node fails silently

1311946 - CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)

1311947 - CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238)

1311948 - CVE-2016-0790 jenkins: Non-constant time comparison of API token (SECURITY-241)

1311949 - CVE-2016-0791 jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)

1311950 - CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247)

1335415 - CVE-2016-3721 jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

1335416 - CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)

1335417 - CVE-2016-3723 jenkins: Information on installed plugins exposed via API (SECURITY-250)

1335418 - CVE-2016-3724 jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)

1335420 - CVE-2016-3725 jenkins: Regular users can trigger download of update site metadata (SECURITY-273)

1335421 - CVE-2016-3726 jenkins: Open redirect to scheme-relative URLs (SECURITY-276)

1335422 - CVE-2016-3727 jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

1358938 - libcgroup dependency error when installing node in ose-2.2

1361305 - gears exceeding quota cannot be stopped or idled

1361306 - Unable to obtain user-agent or client IP in websocket handshake on OpenShift hosted WildFly

1361307 - mysql cartridge removes logs on start

1362666 - oo-admin-move should move gears to nodes with enough free space + buffer space


Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved