Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryFedorafeature enhancementFedora 24: Suricata Update 3.2.1 Critical: TLS & Protocol Enhancements
This is a new upstream feature and security release. Improvements include: bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default; and App Layer stats. Documentation: https://docs.suricata.io/en/suricata-3.2/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-f9f3a78148 2017-03-08 08:23:17.617377 -------------------------------------------------------------------------------- Name : suricata Product : Fedora 24 Version : 3.2.1 Release : 1.fc24 URL : Summary : Intrusion Detection System Description : The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification. -------------------------------------------------------------------------------- Update Information: This is a new upstream feature and security release. Improvements include: bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default; and App Layer stats. Documentation: https://docs.suricata.io/en/suricata-3.2/ -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade suricata' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 08, 2017
•Critical
Fedora
98
security advisorycriticalbug fixRed Hat OpenShift 3.1.1 Advisory RHSA-2016:0070 Critical: Kubernetes Flaws
Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update Advisory ID: RHSA-2016:0070-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0070 Issue date: 2016-01-26 CVE Names: CVE-2013-2186 CVE-2014-1869 CVE-2014-3661 CVE-2014-3662 CVE-2014-3663 CVE-2014-3664 CVE-2014-3666 CVE-2014-3667 CVE-2014-3680 CVE-2014-3681 CVE-2015-1806 CVE-2015-1807 CVE-2015-1808 CVE-2015-1810 CVE-2015-1812 CVE-2015-1813 CVE-2015-1814 CVE-2015-5317 CVE-2015-5318 CVE-2015-5319 CVE-2015-5320 CVE-2015-5321 CVE-2015-5322 CVE-2015-5323 CVE-2015-5324 CVE-2015-5325 CVE-2015-5326 CVE-2015-7537 CVE-2015-7538 CVE-2015-7539 CVE-2015-8103 CVE-2016-1905 CVE-2016-1906 ==================================================================== 1. Summary: Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHOSE 3.1 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Thefollowing security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905) An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build- configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation. (CVE-2016-1906) An update for Jenkins Continuous Integration Server that addresses a large number of security issues including XSS, CSRF, information disclosure and code execution have been addressed as well. (CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662 CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667 CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807 CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813 CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319 CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323 CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537 CVE-2015-7538, CVE-2015-7539, CVE-2015-8103) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise 3.1 Release Notes, which will be updated shortly for release 3.1.1, for details about these changes: es.html All OpenShift Enterprise 3 users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the OpenShift Enterprise 3.1 documentation, whichwill be updated shortly for release 3.1.1, for important instructions on how to upgrade your OpenShift cluster and fully apply this asynchronous errata update: es.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 974814 - CVE-2013-2186 Apache commons-fileupload: Arbitrary file upload via deserialization 1063099 - CVE-2014-1869 stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws 1147758 - CVE-2014-3661 jenkins: denial of service (SECURITY-87) 1147759 - CVE-2014-3662 jenkins: username discovery (SECURITY-110) 1147764 - CVE-2014-3663 jenkins: job configuration issues (SECURITY-127, SECURITY-128) 1147765 - CVE-2014-3664 jenkins: directory traversal flaw (SECURITY-131) 1147766 - CVE-2014-3681 jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143) 1147769 - CVE-2014-3666 jenkins: remote code execution flaw (SECURITY-150) 1147770 - CVE-2014-3667 jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155) 1148645 - CVE-2014-3680 jenkins: password exposure in DOM (SECURITY-138) 1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) 1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180) 1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125) 1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162) 1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163) 1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) 1243514 - there is possibly a race / error / startup dependency condition where the master's node/sdn doesn't start up properly on boot 1247523 - [RFE]-UI only includes first port in generated service 1254880 - Secure communication for Heapster metriccollection 1256869 - Deleting Users and Identity does not remove Authorization Settings 1268478 - docker builder cannot retrieve source from git when user name is not a private git repository. 1273739 - Event shows "Cloud provider not initialized properly" when creating pod with cinder PV 1277329 - Core dump when running openshift for several days 1277383 - ovs-port wasn't deleted when openshift deleted pods 1277608 - NFS Recycler Fails in containerized Kubernetes 1278232 - if build fails to schedule because of quota, and pod count is reduced, build never automatically starts 1278630 - oc rollback says it is doing something, but doesn't appear to do it 1279404 - The clustered mysql pod keeps CrashLoopBackOff for cannot create directory '/var/lib/mysql/data/mysql': Permission denied 1279744 - postgresql-92-rhel7 cannot startup on AEP env 1279925 - After installation, openshift-sdn didn't make /etc/openshift-sdn/config.env, and can't access to the pod 1280216 - Setting env vars via Web UI not visible in the assemble phase of STI build (https://github.com/openshift/origin/issues/5817) 1280497 - [Supportability] Build OpenShift with DWARF 1282359 - CVE-2015-5317 jenkins: Project name disclosure via fingerprints (SECURITY-153) 1282361 - CVE-2015-5318 jenkins: Public value used for CSRF protection salt (SECURITY-169) 1282362 - CVE-2015-5319 jenkins: XXE injection into job configurations via CLI (SECURITY-173) 1282363 - CVE-2015-5320 jenkins: Secret key not verified when connecting a slave (SECURITY-184) 1282364 - CVE-2015-5321 jenkins: Information disclosure via sidepanel (SECURITY-192) 1282365 - CVE-2015-5322 jenkins: Local file inclusion vulnerability (SECURITY-195) 1282366 - CVE-2015-5323 jenkins: API tokens of other users available to admins (SECURITY-200) 1282367 - CVE-2015-5324 jenkins: Queue API did show items not visible to the current user (SECURITY-186) 1282368 - CVE-2015-5325 jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206) 1282369 - CVE-2015-5326 jenkins: Stored XSSvulnerability in slave offline status message (SECURITY-214) 1282371 - CVE-2015-8103 jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218) 1282426 - The secret cannot be recognized which was added via .docker/config.json 1282738 - Mysql Can't handle MYSQL_USER=root case 1283952 - Default haproxy 503 response lack HTTP response header 1284506 - tuned-profiles-atomic-openshift-node man is not updated to "atomic-openshift-X" new naming 1287414 - Wrong prompt message for oc attach regardless of parameter values 1287943 - When cancel a build the build status always become failed 1288014 - Panic, if redhat/openshift-ovs-multitenant is enabled. 1289603 - oc login fails with Unauthorized error sometimes on HA etcd environment 1289965 - node crashed 1290643 - Wrong Forwarded Header format 1290967 - Hostsubnet is not created and OSE node host doesn't do OVS setup 1291795 - CVE-2015-7537 jenkins: CSRF vulnerability in some administrative actions (SECURITY-225) 1291797 - CVE-2015-7538 jenkins: CSRF protection ineffective (SECURITY-233) 1291798 - CVE-2015-7539 jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234) 1292621 - jenkins-ephemeral template points at centos instead of rhel 1293251 - Can not access service endpoint between different nodes. 1293252 - Can not push images to docker-registry 1293829 - Return 'read time out‘ in jenkins webconsole when trigger a build more than 2 minites 1293877 - Postgresql pod is CrashLoopBackOff after add nfs volume to dc/rc 1294115 - Get error status 404 when trying to push result image to internal docker registry if registry is temporarily down and resumed immediately 1294798 - BuildConfig field for 'Perform builds in OpenShift' build step in Jenkins configure Job form is populated with default value of 'frontend' instead of actual stored value. 1296457 - Sometimes Persistent Volume can not become available after it is created 1297910 - CVE-2016-1905 Kubernetes api server: patch operation should usepatched object to check admission control 1297916 - CVE-2016-1906 Kubernetes api server: build config to a strategy that isn't allowed by policy 6. Package List: RHOSE3.1: Source: atomic-openshift-3.1.1.6-1.git.0.b57e8bd.el7aos.src.rpm heapster-0.18.2-3.gitaf4752e.el7aos.src.rpm jenkins-1.625.3-2.el7aos.src.rpm nodejs-align-text-0.1.3-2.el7aos.src.rpm nodejs-ansi-green-0.1.1-1.el7aos.src.rpm nodejs-ansi-wrap-0.1.0-1.el7aos.src.rpm nodejs-anymatch-1.3.0-1.el7aos.src.rpm nodejs-arr-diff-2.0.0-1.el7aos.src.rpm nodejs-arr-flatten-1.0.1-1.el7aos.src.rpm nodejs-array-unique-0.2.1-1.el7aos.src.rpm nodejs-arrify-1.0.0-1.el7aos.src.rpm nodejs-async-each-1.0.0-1.el7aos.src.rpm nodejs-binary-extensions-1.3.1-1.el7aos.src.rpm nodejs-braces-1.8.2-2.el7aos.src.rpm nodejs-capture-stack-trace-1.0.0-2.el7aos.src.rpm nodejs-chokidar-1.4.1-2.el7aos.src.rpm nodejs-configstore-1.4.0-1.el7aos.src.rpm nodejs-create-error-class-2.0.1-2.el7aos.src.rpm nodejs-deep-extend-0.3.2-2.el7aos.src.rpm nodejs-duplexer-0.1.1-2.el7aos.src.rpm nodejs-duplexify-3.4.2-1.el7aos.src.rpm nodejs-end-of-stream-1.1.0-2.el7aos.src.rpm nodejs-error-ex-1.2.0-1.el7aos.src.rpm nodejs-es6-promise-3.0.2-2.el7aos.src.rpm nodejs-event-stream-3.3.2-1.el7aos.src.rpm nodejs-expand-brackets-0.1.4-1.el7aos.src.rpm nodejs-expand-range-1.8.1-1.el7aos.src.rpm nodejs-extglob-0.3.1-1.el7aos.src.rpm nodejs-filename-regex-2.0.0-1.el7aos.src.rpm nodejs-fill-range-2.2.3-1.el7aos.src.rpm nodejs-for-in-0.1.4-1.el7aos.src.rpm nodejs-for-own-0.1.3-1.el7aos.src.rpm nodejs-from-0.1.3-2.el7aos.src.rpm nodejs-glob-base-0.3.0-1.el7aos.src.rpm nodejs-glob-parent-2.0.0-1.el7aos.src.rpm nodejs-got-5.2.1-1.el7aos.src.rpm nodejs-graceful-fs-4.1.2-1.el7aos.src.rpm nodejs-ini-1.1.0-6.el7aos.src.rpm nodejs-is-binary-path-1.0.1-1.el7aos.src.rpm nodejs-is-dotfile-1.0.2-1.el7aos.src.rpm nodejs-is-equal-shallow-0.1.3-1.el7aos.src.rpm nodejs-is-extendable-0.1.1-1.el7aos.src.rpm nodejs-is-extglob-1.0.0-1.el7aos.src.rpm nodejs-is-glob-2.0.1-1.el7aos.src.rpm nodejs-is-npm-1.0.0-1.el7aos.src.rpm nodejs-is-number-2.1.0-1.el7aos.src.rpm nodejs-is-plain-obj-1.0.0-1.el7aos.src.rpm nodejs-is-primitive-2.0.0-1.el7aos.src.rpm nodejs-is-redirect-1.0.0-1.el7aos.src.rpm nodejs-is-stream-1.0.1-2.el7aos.src.rpm nodejs-isobject-2.0.0-1.el7aos.src.rpm nodejs-kind-of-3.0.2-1.el7aos.src.rpm nodejs-latest-version-2.0.0-1.el7aos.src.rpm nodejs-lazy-cache-1.0.2-1.el7aos.src.rpm nodejs-lodash.assign-3.2.0-1.el7aos.src.rpm nodejs-lodash.baseassign-3.2.0-1.el7aos.src.rpm nodejs-lodash.basecopy-3.0.1-1.el7aos.src.rpm nodejs-lodash.bindcallback-3.0.1-1.el7aos.src.rpm nodejs-lodash.createassigner-3.1.1-1.el7aos.src.rpm nodejs-lodash.defaults-3.1.2-1.el7aos.src.rpm nodejs-lodash.getnative-3.9.1-1.el7aos.src.rpm nodejs-lodash.isarguments-3.0.4-1.el7aos.src.rpm nodejs-lodash.isarray-3.0.4-1.el7aos.src.rpm nodejs-lodash.isiterateecall-3.0.9-1.el7aos.src.rpm nodejs-lodash.keys-3.1.2-1.el7aos.src.rpm nodejs-lodash.restparam-3.6.1-1.el7aos.src.rpm nodejs-lowercase-keys-1.0.0-2.el7aos.src.rpm nodejs-map-stream-0.1.0-2.el7aos.src.rpm nodejs-micromatch-2.3.5-2.el7aos.src.rpm nodejs-mkdirp-0.5.0-2.el7aos.src.rpm nodejs-node-status-codes-1.0.0-1.el7aos.src.rpm nodejs-nodemon-1.8.1-2.el7aos.src.rpm nodejs-normalize-path-2.0.1-1.el7aos.src.rpm nodejs-object-assign-4.0.1-1.el7aos.src.rpm nodejs-object.omit-2.0.0-1.el7aos.src.rpm nodejs-optimist-0.4.0-5.el7aos.src.rpm nodejs-os-homedir-1.0.1-1.el7aos.src.rpm nodejs-os-tmpdir-1.0.1-1.el7aos.src.rpm nodejs-osenv-0.1.0-2.el7aos.src.rpm nodejs-package-json-2.3.0-1.el7aos.src.rpm nodejs-parse-glob-3.0.4-1.el7aos.src.rpm nodejs-parse-json-2.2.0-2.el7aos.src.rpm nodejs-pause-stream-0.0.11-2.el7aos.src.rpm nodejs-pinkie-2.0.1-1.el7aos.src.rpm nodejs-pinkie-promise-2.0.0-1.el7aos.src.rpm nodejs-prepend-http-1.0.1-2.el7aos.src.rpm nodejs-preserve-0.2.0-1.el7aos.src.rpm nodejs-ps-tree-1.0.1-1.el7aos.src.rpm nodejs-randomatic-1.1.5-1.el7aos.src.rpm nodejs-rc-1.1.2-1.el7aos.src.rpm nodejs-read-all-stream-3.0.1-3.el7aos.src.rpm nodejs-readdirp-2.0.0-2.el7aos.src.rpm nodejs-regex-cache-0.4.2-1.el7aos.src.rpm nodejs-registry-url-3.0.3-1.el7aos.src.rpm nodejs-repeat-element-1.1.2-1.el7aos.src.rpm nodejs-semver-5.1.0-1.el7aos.src.rpm nodejs-semver-diff-2.1.0-1.el7aos.src.rpm nodejs-slide-1.1.5-3.el7aos.src.rpm nodejs-split-0.3.3-2.el7aos.src.rpm nodejs-stream-combiner-0.2.1-2.el7aos.src.rpm nodejs-string-length-1.0.1-1.el7aos.src.rpm nodejs-strip-json-comments-1.0.2-2.el7aos.src.rpm nodejs-success-symbol-0.1.0-1.el7aos.src.rpm nodejs-through-2.3.4-4.el7aos.src.rpm nodejs-timed-out-2.0.0-3.el7aos.src.rpm nodejs-touch-1.0.0-2.el7aos.src.rpm nodejs-undefsafe-0.0.3-1.el7aos.src.rpm nodejs-unzip-response-1.0.0-1.el7aos.src.rpm nodejs-update-notifier-0.6.0-1.el7aos.src.rpm nodejs-url-parse-lax-1.0.0-1.el7aos.src.rpm nodejs-uuid-2.0.1-1.el7aos.src.rpm nodejs-write-file-atomic-1.1.2-2.el7aos.src.rpm nodejs-xdg-basedir-2.0.0-1.el7aos.src.rpm nss_wrapper-1.0.3-1.el7.src.rpm openshift-ansible-3.0.35-1.git.0.6a386dd.el7aos.src.rpm openvswitch-2.4.0-1.el7.src.rpm origin-kibana-0.5.0-1.el7aos.src.rpm noarch: atomic-openshift-utils-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm jenkins-1.625.3-2.el7aos.noarch.rpm nodejs-align-text-0.1.3-2.el7aos.noarch.rpm nodejs-ansi-green-0.1.1-1.el7aos.noarch.rpm nodejs-ansi-wrap-0.1.0-1.el7aos.noarch.rpm nodejs-anymatch-1.3.0-1.el7aos.noarch.rpm nodejs-arr-diff-2.0.0-1.el7aos.noarch.rpm nodejs-arr-flatten-1.0.1-1.el7aos.noarch.rpm nodejs-array-unique-0.2.1-1.el7aos.noarch.rpm nodejs-arrify-1.0.0-1.el7aos.noarch.rpm nodejs-async-each-1.0.0-1.el7aos.noarch.rpm nodejs-binary-extensions-1.3.1-1.el7aos.noarch.rpm nodejs-braces-1.8.2-2.el7aos.noarch.rpm nodejs-capture-stack-trace-1.0.0-2.el7aos.noarch.rpm nodejs-chokidar-1.4.1-2.el7aos.noarch.rpm nodejs-configstore-1.4.0-1.el7aos.noarch.rpm nodejs-create-error-class-2.0.1-2.el7aos.noarch.rpm nodejs-deep-extend-0.3.2-2.el7aos.noarch.rpm nodejs-duplexer-0.1.1-2.el7aos.noarch.rpm nodejs-duplexify-3.4.2-1.el7aos.noarch.rpm nodejs-end-of-stream-1.1.0-2.el7aos.noarch.rpm nodejs-error-ex-1.2.0-1.el7aos.noarch.rpm nodejs-es6-promise-3.0.2-2.el7aos.noarch.rpm nodejs-event-stream-3.3.2-1.el7aos.noarch.rpm nodejs-expand-brackets-0.1.4-1.el7aos.noarch.rpm nodejs-expand-range-1.8.1-1.el7aos.noarch.rpm nodejs-extglob-0.3.1-1.el7aos.noarch.rpm nodejs-filename-regex-2.0.0-1.el7aos.noarch.rpm nodejs-fill-range-2.2.3-1.el7aos.noarch.rpm nodejs-for-in-0.1.4-1.el7aos.noarch.rpm nodejs-for-own-0.1.3-1.el7aos.noarch.rpm nodejs-from-0.1.3-2.el7aos.noarch.rpm nodejs-glob-base-0.3.0-1.el7aos.noarch.rpm nodejs-glob-parent-2.0.0-1.el7aos.noarch.rpm nodejs-got-5.2.1-1.el7aos.noarch.rpm nodejs-graceful-fs-4.1.2-1.el7aos.noarch.rpm nodejs-ini-1.1.0-6.el7aos.noarch.rpm nodejs-is-binary-path-1.0.1-1.el7aos.noarch.rpm nodejs-is-dotfile-1.0.2-1.el7aos.noarch.rpm nodejs-is-equal-shallow-0.1.3-1.el7aos.noarch.rpm nodejs-is-extendable-0.1.1-1.el7aos.noarch.rpm nodejs-is-extglob-1.0.0-1.el7aos.noarch.rpm nodejs-is-glob-2.0.1-1.el7aos.noarch.rpm nodejs-is-npm-1.0.0-1.el7aos.noarch.rpm nodejs-is-number-2.1.0-1.el7aos.noarch.rpm nodejs-is-plain-obj-1.0.0-1.el7aos.noarch.rpm nodejs-is-primitive-2.0.0-1.el7aos.noarch.rpm nodejs-is-redirect-1.0.0-1.el7aos.noarch.rpm nodejs-is-stream-1.0.1-2.el7aos.noarch.rpm nodejs-isobject-2.0.0-1.el7aos.noarch.rpm nodejs-kind-of-3.0.2-1.el7aos.noarch.rpm nodejs-latest-version-2.0.0-1.el7aos.noarch.rpm nodejs-lazy-cache-1.0.2-1.el7aos.noarch.rpm nodejs-lodash.assign-3.2.0-1.el7aos.noarch.rpm nodejs-lodash.baseassign-3.2.0-1.el7aos.noarch.rpm nodejs-lodash.basecopy-3.0.1-1.el7aos.noarch.rpm nodejs-lodash.bindcallback-3.0.1-1.el7aos.noarch.rpm nodejs-lodash.createassigner-3.1.1-1.el7aos.noarch.rpm nodejs-lodash.defaults-3.1.2-1.el7aos.noarch.rpm nodejs-lodash.getnative-3.9.1-1.el7aos.noarch.rpm nodejs-lodash.isarguments-3.0.4-1.el7aos.noarch.rpm nodejs-lodash.isarray-3.0.4-1.el7aos.noarch.rpm nodejs-lodash.isiterateecall-3.0.9-1.el7aos.noarch.rpm nodejs-lodash.keys-3.1.2-1.el7aos.noarch.rpm nodejs-lodash.restparam-3.6.1-1.el7aos.noarch.rpm nodejs-lowercase-keys-1.0.0-2.el7aos.noarch.rpm nodejs-map-stream-0.1.0-2.el7aos.noarch.rpm nodejs-micromatch-2.3.5-2.el7aos.noarch.rpm nodejs-mkdirp-0.5.0-2.el7aos.noarch.rpm nodejs-node-status-codes-1.0.0-1.el7aos.noarch.rpm nodejs-nodemon-1.8.1-2.el7aos.noarch.rpm nodejs-normalize-path-2.0.1-1.el7aos.noarch.rpm nodejs-object-assign-4.0.1-1.el7aos.noarch.rpm nodejs-object.omit-2.0.0-1.el7aos.noarch.rpm nodejs-optimist-0.4.0-5.el7aos.noarch.rpm nodejs-os-homedir-1.0.1-1.el7aos.noarch.rpm nodejs-os-tmpdir-1.0.1-1.el7aos.noarch.rpm nodejs-osenv-0.1.0-2.el7aos.noarch.rpm nodejs-package-json-2.3.0-1.el7aos.noarch.rpm nodejs-parse-glob-3.0.4-1.el7aos.noarch.rpm nodejs-parse-json-2.2.0-2.el7aos.noarch.rpm nodejs-pause-stream-0.0.11-2.el7aos.noarch.rpm nodejs-pinkie-2.0.1-1.el7aos.noarch.rpm nodejs-pinkie-promise-2.0.0-1.el7aos.noarch.rpm nodejs-prepend-http-1.0.1-2.el7aos.noarch.rpm nodejs-preserve-0.2.0-1.el7aos.noarch.rpm nodejs-ps-tree-1.0.1-1.el7aos.noarch.rpm nodejs-randomatic-1.1.5-1.el7aos.noarch.rpm nodejs-rc-1.1.2-1.el7aos.noarch.rpm nodejs-read-all-stream-3.0.1-3.el7aos.noarch.rpm nodejs-readdirp-2.0.0-2.el7aos.noarch.rpm nodejs-regex-cache-0.4.2-1.el7aos.noarch.rpm nodejs-registry-url-3.0.3-1.el7aos.noarch.rpm nodejs-repeat-element-1.1.2-1.el7aos.noarch.rpm nodejs-semver-5.1.0-1.el7aos.noarch.rpm nodejs-semver-diff-2.1.0-1.el7aos.noarch.rpm nodejs-slide-1.1.5-3.el7aos.noarch.rpm nodejs-split-0.3.3-2.el7aos.noarch.rpm nodejs-stream-combiner-0.2.1-2.el7aos.noarch.rpm nodejs-string-length-1.0.1-1.el7aos.noarch.rpm nodejs-strip-json-comments-1.0.2-2.el7aos.noarch.rpm nodejs-success-symbol-0.1.0-1.el7aos.noarch.rpm nodejs-through-2.3.4-4.el7aos.noarch.rpm nodejs-timed-out-2.0.0-3.el7aos.noarch.rpm nodejs-touch-1.0.0-2.el7aos.noarch.rpm nodejs-undefsafe-0.0.3-1.el7aos.noarch.rpm nodejs-unzip-response-1.0.0-1.el7aos.noarch.rpm nodejs-update-notifier-0.6.0-1.el7aos.noarch.rpm nodejs-url-parse-lax-1.0.0-1.el7aos.noarch.rpm nodejs-uuid-2.0.1-1.el7aos.noarch.rpm nodejs-write-file-atomic-1.1.2-2.el7aos.noarch.rpm nodejs-xdg-basedir-2.0.0-1.el7aos.noarch.rpm openshift-ansible-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm openshift-ansible-docs-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm openshift-ansible-filter-plugins-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm openshift-ansible-lookup-plugins-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm openshift-ansible-playbooks-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm openshift-ansible-roles-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm openvswitch-test-2.4.0-1.el7.noarch.rpm origin-kibana-0.5.0-1.el7aos.noarch.rpm python-openvswitch-2.4.0-1.el7.noarch.rpm x86_64: atomic-openshift-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-clients-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-master-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-pod-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-recycle-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm heapster-0.18.2-3.gitaf4752e.el7aos.x86_64.rpm nss_wrapper-1.0.3-1.el7.x86_64.rpm nss_wrapper-debuginfo-1.0.3-1.el7.x86_64.rpm openvswitch-2.4.0-1.el7.x86_64.rpm openvswitch-debuginfo-2.4.0-1.el7.x86_64.rpm openvswitch-devel-2.4.0-1.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2013-2186 https://access.redhat.com/security/cve/CVE-2014-1869 https://access.redhat.com/security/cve/CVE-2014-3661 https://access.redhat.com/security/cve/CVE-2014-3662 https://access.redhat.com/security/cve/CVE-2014-3663 https://access.redhat.com/security/cve/CVE-2014-3664 https://access.redhat.com/security/cve/CVE-2014-3666 https://access.redhat.com/security/cve/CVE-2014-3667 https://access.redhat.com/security/cve/CVE-2014-3680 https://access.redhat.com/security/cve/CVE-2014-3681 https://access.redhat.com/security/cve/CVE-2015-1806 https://access.redhat.com/security/cve/CVE-2015-1807 https://access.redhat.com/security/cve/CVE-2015-1808 https://access.redhat.com/security/cve/CVE-2015-1810 https://access.redhat.com/security/cve/CVE-2015-1812 https://access.redhat.com/security/cve/CVE-2015-1813 https://access.redhat.com/security/cve/CVE-2015-1814 https://access.redhat.com/security/cve/CVE-2015-5317 https://access.redhat.com/security/cve/CVE-2015-5318 https://access.redhat.com/security/cve/CVE-2015-5319 https://access.redhat.com/security/cve/CVE-2015-5320 https://access.redhat.com/security/cve/CVE-2015-5321 https://access.redhat.com/security/cve/CVE-2015-5322 https://access.redhat.com/security/cve/CVE-2015-5323 https://access.redhat.com/security/cve/CVE-2015-5324 https://access.redhat.com/security/cve/CVE-2015-5325 https://access.redhat.com/security/cve/CVE-2015-5326 https://access.redhat.com/security/cve/CVE-2015-7537 https://access.redhat.com/security/cve/CVE-2015-7538 https://access.redhat.com/security/cve/CVE-2015-7539 https://access.redhat.com/security/cve/CVE-2015-8103 https://access.redhat.com/security/cve/CVE-2016-1905 https://access.redhat.com/security/cve/CVE-2016-1906 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iD8DBQFWp8WBXlSAg2UNWIIRApU1AJ9rfvzdqsJw+FiIJ738zkP8W9aUdQCgrpMI HGjEZ3TomH8FH54NirLBZkg=biAq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 26, 2016
•Important
Red Hat
98
security advisoryRed Hatbug fixRed Hat OpenShift 2.2.7 RHSA-2015:1844-01 Important Security Update
Red Hat OpenShift Enterprise release 2.2.7 is now available with updates to packages that fix several bugs and introduce feature enhancements. Red Hat Product Security has rated this update as having Important . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 2.2.7 security, bug fix and enhancement update Advisory ID: RHSA-2015:1844-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2015:1844.html Issue date: 2015-09-30 CVE Names: CVE-2015-1806 CVE-2015-1807 CVE-2015-1808 CVE-2015-1809 CVE-2015-1810 CVE-2015-1811 CVE-2015-1812 CVE-2015-1813 CVE-2015-1814 ==================================================================== 1. Summary: Red Hat OpenShift Enterprise release 2.2.7 is now available with updates to packages that fix several bugs and introduce feature enhancements. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the references section. 2. Relevant releases/architectures: RHOSE Client 2.2 - noarch RHOSE Infrastructure 2.2 - noarch, x86_64 RHOSE JBoss EAP add-on 2.2 - noarch RHOSE Node 2.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Space precludes documenting all of the bug fixes in this advisory. See the OpenShift Enterprise Technical Notes, which will be updated shortly for release 2.2.7, for details about these changes. The following security issues are addressed in this release: A flaw was found in the Jenkins API token-issuing service. The service was not properly protected againstanonymous users, potentially allowing remote attackers to escalate privileges. (CVE-2015-1814) It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master. (CVE-2015-1806) It was found that when building artifacts, the Jenkins server would follow symbolic links, potentially resulting in disclosure of information on the server. (CVE-2015-1807) A denial of service flaw was found in the way Jenkins handled certain update center data. An authenticated user could provide specially crafted update center data to Jenkins, causing plug-in and tool installation to not work properly. (CVE-2015-1808) It was found that Jenkins' XPath handling allowed XML External Entity (XXE) expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server. (CVE-2015-1809) It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges. (CVE-2015-1810) It was found that Jenkins' XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server. (CVE-2015-1811) Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins. (CVE-2015-1812, CVE-2015-1813) ingle/Technical_Notes/index.html All OpenShift Enterprise 2 users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the OpenShift Enterprise 2.2 Release Notes, which will be updated shortly for release 2.2.7, for important instructions on how to fully apply this asynchronous errata update: ingle/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates This update is available via the Red HatNetwork. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1062253 - JBoss Cartridge needs to have dependency on both JDK 1.6 and JDK 1.7 packages. 1128567 - Cron/Jenkins-client cartridge can't be shown on scalable app when using "rhc app show $app -g" command 1130028 - 'rhc app-show --gears' lists jbossas and jbosseap cartridges four times for scalable apps 1138522 - Values of MaxClients/ServerLimit in performance.conf is overidden by httpd_nolog.conf 1152524 - [RFE] Dns timeout setting for oo-accept-broker 1160699 - App didn't inherit HA when created from another HA app. 1171815 - Cannot create Jenkins cartridge 1191283 - Duplicate cartridges are seen when importing active cartridges 1197123 - Error reported while adding storage to gear should be informative to the user 1197576 - Upgrade Jenkins from jenkins-1.565.3-1 to jenkins-1.580.3-1 1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) 1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180) 1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125) 1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162) 1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163) 1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165) 1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) 1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167) 1216206 - [RFE] --always-auth should be an allowed option for rhc setup 1217572 - [RFE] routing daemon should have a sync option for F5 1221931 - Move scale app to different profile district node should return 1 1225943 - oo-init-quota function get_filesystem_type pulls in commented lines in fstab if samemount point 1226061 - Lack of raising exception and error logging for the ssh and scp commands while copying keys and certs from broker to F5 LTM 1227501 - routing-daemon not removing var/tmp/*.key and var/tmp/*.crt 1228373 - Gears from a scaled application are not evenly distributed across nodes in the district or zone 1229300 - oo-admin-move across node profiles should update quota limits appropriately 1232827 - [RFE] Provide java 8 in OpenShift Enterprise 1232921 - No error reported when app-create environment variables cannot be parsed 1241750 - SLOW_HOST should be SLOW_HOSTS in openshift-origin-gear-placement.conf.pin-user-to-host-example 1257757 - Scaled application takes 4+mins to unidle 1264039 - logshifter does not parse config properly if there's no newline at the end 1264210 - nodejs control script should wait for http to be available 1264216 - "service openshift-gears start" should not be calling unidle 6. Package List: RHOSE Client 2.2: Source: rhc-1.37.1.2-1.el6op.src.rpm noarch: rhc-1.37.1.2-1.el6op.noarch.rpm RHOSE Infrastructure2.2: Source: openshift-origin-broker-1.16.2.10-1.el6op.src.rpm openshift-origin-broker-util-1.36.2.2-1.el6op.src.rpm openshift-origin-logshifter-1.10.1.2-1.el6op.src.rpm rubygem-openshift-origin-console-1.35.2.1-1.el6op.src.rpm rubygem-openshift-origin-controller-1.37.3.1-1.el6op.src.rpm rubygem-openshift-origin-gear-placement-0.0.2.1-1.el6op.src.rpm rubygem-openshift-origin-msg-broker-mcollective-1.35.3.1-1.el6op.src.rpm rubygem-openshift-origin-routing-daemon-0.25.1.2-1.el6op.src.rpm noarch: openshift-origin-broker-1.16.2.10-1.el6op.noarch.rpm openshift-origin-broker-util-1.36.2.2-1.el6op.noarch.rpm rubygem-openshift-origin-console-1.35.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.37.3.1-1.el6op.noarch.rpm rubygem-openshift-origin-gear-placement-0.0.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.35.3.1-1.el6op.noarch.rpm rubygem-openshift-origin-routing-daemon-0.25.1.2-1.el6op.noarch.rpm x86_64: openshift-origin-logshifter-1.10.1.2-1.el6op.x86_64.rpm RHOSE JBoss EAP add-on 2.2: Source: openshift-origin-cartridge-jbosseap-2.26.3.1-1.el6op.src.rpm noarch: openshift-origin-cartridge-jbosseap-2.26.3.1-1.el6op.noarch.rpm RHOSE Node2.2: Source: jenkins-1.609.1-1.el6op.src.rpm openshift-origin-cartridge-diy-1.26.1.1-1.el6op.src.rpm openshift-origin-cartridge-haproxy-1.30.1.1-1.el6op.src.rpm openshift-origin-cartridge-jbossews-1.34.3.1-1.el6op.src.rpm openshift-origin-cartridge-jenkins-1.28.2.1-1.el6op.src.rpm openshift-origin-cartridge-mock-1.22.1.1-1.el6op.src.rpm openshift-origin-cartridge-nodejs-1.33.1.1-1.el6op.src.rpm openshift-origin-cartridge-perl-1.30.1.1-1.el6op.src.rpm openshift-origin-cartridge-php-1.34.1.1-1.el6op.src.rpm openshift-origin-cartridge-python-1.33.3.1-1.el6op.src.rpm openshift-origin-cartridge-ruby-1.32.1.1-1.el6op.src.rpm openshift-origin-logshifter-1.10.1.2-1.el6op.src.rpm openshift-origin-node-util-1.37.2.1-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-vhost-0.12.4.2-1.el6op.src.rpm rubygem-openshift-origin-node-1.37.1.1-1.el6op.src.rpm noarch: jenkins-1.609.1-1.el6op.noarch.rpm openshift-origin-cartridge-diy-1.26.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.30.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.34.3.1-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-1.28.2.1-1.el6op.noarch.rpm openshift-origin-cartridge-mock-1.22.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-nodejs-1.33.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-perl-1.30.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-php-1.34.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-python-1.33.3.1-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.32.1.1-1.el6op.noarch.rpm openshift-origin-node-util-1.37.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-vhost-0.12.4.2-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.37.1.1-1.el6op.noarch.rpm x86_64: openshift-origin-logshifter-1.10.1.2-1.el6op.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2015-1806 https://access.redhat.com/security/cve/CVE-2015-1807 https://access.redhat.com/security/cve/CVE-2015-1808 https://access.redhat.com/security/cve/CVE-2015-1809 https://access.redhat.com/security/cve/CVE-2015-1810 https://access.redhat.com/security/cve/CVE-2015-1811 https://access.redhat.com/security/cve/CVE-2015-1812 https://access.redhat.com/security/cve/CVE-2015-1813 https://access.redhat.com/security/cve/CVE-2015-1814 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWDA+7XlSAg2UNWIIRAourAJ9S+czEpyfUmPPnvaNOEnxGPf3EtACdEXKz 7UVciid34ARw+f3FFvzulro=83Zt -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 30, 2015
•Important
Red Hat
89
security advisoryupdatesoftware patchFedora Core 3 KOffice 1.3.5 Update: Fixes Dead Key Issue and Enhancements
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-214 2005-03-15 ---------------------------------------------------------------------Product : Fedora Core 3 Name : koffice Version : 1.3.5 Release : 0.FC3.2 Summary : A set of office applications for KDE. Description : The koffice package contains the KOffice office-type applications for the K Desktop Environment (KDE) GUI desktop. KOffice contains KWord, a word processor; KSpread, a spreadsheet; KPresenter, for presentations; and KChart, a diagram generator. ---------------------------------------------------------------------* Fri Mar 11 2005 Than Ngo 4:1.3.5-0.FC3.2 - fix dead key problem #150489 - place KThesaurus in Accessories #90137 ---------------------------------------------------------------------This update can be downloaded from: f1539901eaab74de1691255ff7fd3b78 SRPMS/koffice-1.3.5-0.FC3.2.src.rpm 0dcfa950569cb0007eb84b11f8bb6886 x86_64/koffice-1.3.5-0.FC3.2.x86_64.rpm b6c46c24b16a3e62bf11e7c23b768d90 x86_64/koffice-devel-1.3.5-0.FC3.2.x86_64.rpm 58a7ad27beec0daceb1d9360f06dfaff x86_64/koffice-i18n-1.3.5-0.FC3.2.x86_64.rpm bb78ea0f2a74c0a18e1526524272f01b x86_64/debug/koffice-debuginfo-1.3.5-0.FC3.2.x86_64.rpm b95f18b3cf4adad494127bcdc6e766fc i386/koffice-1.3.5-0.FC3.2.i386.rpm 7b2460187cd9b1f852bdedfbca712eb1 i386/koffice-devel-1.3.5-0.FC3.2.i386.rpm fb851ef026b8dfce6e5d37a90c8688d9 i386/koffice-i18n-1.3.5-0.FC3.2.i386.rpm 128c1cc53d056364315db50fe674768f i386/debug/koffice-debuginfo-1.3.5-0.FC3.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Mar 15, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!