RedHat: RHSA-2019-1423:01 Important: Red Hat OpenShift Container Platform

    Date10 Jun 2019
    CategoryRed Hat
    2871
    Posted ByLinuxSecurity Advisories
    An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update
    Advisory ID:       RHSA-2019:1423-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1423
    Issue date:        2019-06-10
    Cross references:   CVE-2019-1003040 CVE-2019-1003041 CVE-2019-1003042
    CVE Names:         CVE-2019-1003040 CVE-2019-1003041 CVE-2019-1003042 
    =====================================================================
    
    1. Summary:
    
    An update for jenkins-2-plugins is now available for Red Hat OpenShift
    Container Platform 3.11.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenShift Container Platform 3.11 - noarch
    
    3. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    Jenkins is a continuous integration server that monitors executions of
    repeated jobs, such as building a software project or jobs run by cron.
    
    Security Fix(es):
    
    * jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin
    and Pipeline: Groovy Plugin (CVE-2019-1003040)
    
    * jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and
    Pipeline: Groovy Plugin (CVE-2019-1003041)
    
    * jenkins-plugin-lockable-resources: XSS vulnerability in Lockable
    Resources Plugin (CVE-2019-1003042)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    See the following documentation, which will be updated shortly for this
    release, for important instructions on how to upgrade your cluster and
    fully apply this asynchronous errata update:
    
    https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r
    elease_notes.html
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1694532 - CVE-2019-1003040 jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
    1694536 - CVE-2019-1003041 jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
    1694538 - CVE-2019-1003042 jenkins-plugin-lockable-resources: XSS vulnerability in Lockable Resources Plugin (SECURITY-1361)
    
    6. Package List:
    
    Red Hat OpenShift Container Platform 3.11:
    
    Source:
    jenkins-2-plugins-3.11.1553788831-1.el7.src.rpm
    
    noarch:
    jenkins-2-plugins-3.11.1553788831-1.el7.noarch.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-1003040
    https://access.redhat.com/security/cve/CVE-2019-1003041
    https://access.redhat.com/security/cve/CVE-2019-1003042
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXP6MWdzjgjWX9erEAQhuGQ/9FGnt40hw+2q9K/76q+3Scxk8WrphDpoP
    e87vKWxQDNwlJaiXkdiaxGtTfCCNDE2CAtrNZjdqxXqZvGlnGEbsqZbbiUjirf1I
    w6nepMQ3YIPw7zwii/VoN51EWqyFVUByQMztCvMoQ2XscJhbCghjMuuan9pi2pGD
    jgQB9wm03micMAakiDnNW3z1H9Au3U7zb0hFJPAyy97qpuK2xt5+1bCrITTbPqxN
    BWubEGs1YnzjtpmaPlk6Mo7ZauoMOmQTIIQyrxBP6KnMbtUVbYIyt35qe7E5Uv6k
    cTwqEhVXEgfhmYgFGDq1kUvP+lL4/5uRC6rTtVhp6ynihQNvjoyMQ9utFFyoT7fc
    V4PnT/yqJy8k68T21sSJS/bjOFZ8/1I9A7ZjczSRS+a+/b2aF32IyWD4brSTGasX
    Jh7t+EGVSOJ15bDIz6rmonRjF2aXuvHeJN6kbX42QTNXh6uxXAPqdgPNWYS55cA0
    3rYXT+g6HQIdIwV4feN8nf3rZxBanA2XfknZ7DLBVJtfrDLh1iqCwUiWkk0Py8Iv
    akcQFz9f8xHdVIQfKUReutZl8APZV+DJV/tPtPmYO43YVs2OF5zlSVEAnS0s/1p2
    ePFIvQgLVO9RC2MTI11W7F9hOATwlYx1YVQrBikRKPFNXLsOlMA/VA4hj4l1ur61
    juBEKOWGcQQ=
    =Xb9M
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.