RHEL 7 : jenkins (RHSA-2016:0711)
Critical Nessus Plugin ID 119370
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn updated Jenkins package and image that include a security fix are now available for Red Hat OpenShift Enterprise 3.1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es) :
The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.
(CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792)
Refer to the changelog listed in the References section for a list of changes.
This update includes the following image :
All OpenShift Enterprise 3.1 users are advised to upgrade to the updated package and image.
SolutionUpdate the affected packages.