RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1064)

High Nessus Plugin ID 119372

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Red Hat OpenShift Enterprise 3.2 is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es) :

* A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges. (CVE-2016-2160)

* It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name. (CVE-2016-2149)

* An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name 'OPENSHIFT_[namespace]
_SERVERID' was set, which contained the internal IP address of a pod.
(CVE-2016-3711)

The CVE-2016-2149 issue was discovered by Wesley Hearn (Red Hat).

Additional Changes :

* Space precludes documenting all of the bug fixes and enhancements in this advisory. For details on all new features, bug fixes, and known issues, see the OpenShift Enterprise 3.2 Release Notes linked to in the References section.

This update includes the following images :

openshift3/ose:v3.2.0.20-3 openshift3/ose-deployer:v3.2.0.20-3 openshift3/ose-docker-builder:v3.2.0.20-3 openshift3/ose-docker-registry:v3.2.0.20-3 openshift3/ose-f5-router:v3.2.0.20-3 openshift3/ose-haproxy-router:v3.2.0.20-3 openshift3/ose-keepalived-ipfailover:v3.2.0.20-3 openshift3/ose-pod:v3.2.0.20-3 openshift3/ose-recycler:v3.2.0.20-3 openshift3/ose-sti-builder:v3.2.0.20-3 openshift3/image-inspector:1.0.0-12 openshift3/jenkins-1-rhel7:1.642-31 openshift3/logging-auth-proxy:3.2.0-3 openshift3/logging-deployment:3.2.0-8 openshift3/logging-elasticsearch:3.2.0-7 openshift3/logging-fluentd:3.2.0-6 openshift3/logging-kibana:3.2.0-3 openshift3/metrics-cassandra:3.2.0-4 openshift3/metrics-deployer:3.2.0-5 openshift3/metrics-hawkular-metrics:3.2.0-6 openshift3/metrics-heapster:3.2.0-5 openshift3/mongodb-24-rhel7:2.4-27 openshift3/mysql-55-rhel7:5.5-25 openshift3/nodejs-010-rhel7:0.10-34 openshift3/node:v3.2.0.20-3 openshift3/openvswitch:v3.2.0.20-4 openshift3/perl-516-rhel7:5.16-37 openshift3/php-55-rhel7:5.5-34 openshift3/postgresql-92-rhel7:9.2-24 openshift3/python-33-rhel7:3.3-34 openshift3/ruby-20-rhel7:2.0-34

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2016:1064

https://access.redhat.com/security/cve/cve-2016-2149

https://access.redhat.com/security/cve/cve-2016-2160

https://access.redhat.com/security/cve/cve-2016-3711

Plugin Details

Severity: High

ID: 119372

File Name: redhat-RHSA-2016-1064.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/12/04

Modified: 2018/12/04

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ansible, p-cpe:/a:redhat:enterprise_linux:atomic-openshift, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests, p-cpe:/a:redhat:enterprise_linux:cockpit-debuginfo, p-cpe:/a:redhat:enterprise_linux:cockpit-kubernetes, p-cpe:/a:redhat:enterprise_linux:elastic-curator, p-cpe:/a:redhat:enterprise_linux:elasticsearch, p-cpe:/a:redhat:enterprise_linux:elasticsearch-cloud-kubernetes, p-cpe:/a:redhat:enterprise_linux:fb303, p-cpe:/a:redhat:enterprise_linux:fb303-devel, p-cpe:/a:redhat:enterprise_linux:fb303-java, p-cpe:/a:redhat:enterprise_linux:fluentd, p-cpe:/a:redhat:enterprise_linux:fluentd-doc, p-cpe:/a:redhat:enterprise_linux:heapster, p-cpe:/a:redhat:enterprise_linux:http-parser, p-cpe:/a:redhat:enterprise_linux:http-parser-debuginfo, p-cpe:/a:redhat:enterprise_linux:http-parser-devel, p-cpe:/a:redhat:enterprise_linux:image-inspector, p-cpe:/a:redhat:enterprise_linux:jenkins, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-credentials, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-durable-task, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-kubernetes, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-openshift, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-openshift-pipeline, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-promoted-builds, p-cpe:/a:redhat:enterprise_linux:jenkins-plugin-swarm, p-cpe:/a:redhat:enterprise_linux:kibana, p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo, p-cpe:/a:redhat:enterprise_linux:libthrift-java, p-cpe:/a:redhat:enterprise_linux:libthrift-javadoc, p-cpe:/a:redhat:enterprise_linux:libuv, p-cpe:/a:redhat:enterprise_linux:libuv-debuginfo, p-cpe:/a:redhat:enterprise_linux:libuv-devel, p-cpe:/a:redhat:enterprise_linux:libuv-static, p-cpe:/a:redhat:enterprise_linux:lucene, p-cpe:/a:redhat:enterprise_linux:lucene-contrib, p-cpe:/a:redhat:enterprise_linux:nodejs, p-cpe:/a:redhat:enterprise_linux:nodejs-abbrev, p-cpe:/a:redhat:enterprise_linux:nodejs-accepts, p-cpe:/a:redhat:enterprise_linux:nodejs-align-text, p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-green, p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-regex, p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-styles, p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-wrap, p-cpe:/a:redhat:enterprise_linux:nodejs-anymatch, p-cpe:/a:redhat:enterprise_linux:nodejs-arr-diff, p-cpe:/a:redhat:enterprise_linux:nodejs-arr-flatten, p-cpe:/a:redhat:enterprise_linux:nodejs-array-flatten, p-cpe:/a:redhat:enterprise_linux:nodejs-array-unique, p-cpe:/a:redhat:enterprise_linux:nodejs-arrify, p-cpe:/a:redhat:enterprise_linux:nodejs-asn1, p-cpe:/a:redhat:enterprise_linux:nodejs-assert-plus, p-cpe:/a:redhat:enterprise_linux:nodejs-async, p-cpe:/a:redhat:enterprise_linux:nodejs-async-each, p-cpe:/a:redhat:enterprise_linux:nodejs-aws-sign2, p-cpe:/a:redhat:enterprise_linux:nodejs-balanced-match, p-cpe:/a:redhat:enterprise_linux:nodejs-base64url, p-cpe:/a:redhat:enterprise_linux:nodejs-basic-auth, p-cpe:/a:redhat:enterprise_linux:nodejs-binary-extensions, p-cpe:/a:redhat:enterprise_linux:nodejs-bl, p-cpe:/a:redhat:enterprise_linux:nodejs-bluebird, p-cpe:/a:redhat:enterprise_linux:nodejs-body-parser, p-cpe:/a:redhat:enterprise_linux:nodejs-boom, p-cpe:/a:redhat:enterprise_linux:nodejs-brace-expansion, p-cpe:/a:redhat:enterprise_linux:nodejs-braces, p-cpe:/a:redhat:enterprise_linux:nodejs-bytes, p-cpe:/a:redhat:enterprise_linux:nodejs-camelcase, p-cpe:/a:redhat:enterprise_linux:nodejs-camelcase-keys, p-cpe:/a:redhat:enterprise_linux:nodejs-capture-stack-trace, p-cpe:/a:redhat:enterprise_linux:nodejs-caseless, p-cpe:/a:redhat:enterprise_linux:nodejs-center-align, p-cpe:/a:redhat:enterprise_linux:nodejs-chalk, p-cpe:/a:redhat:enterprise_linux:nodejs-chokidar, p-cpe:/a:redhat:enterprise_linux:nodejs-client-sessions, p-cpe:/a:redhat:enterprise_linux:nodejs-cliui, p-cpe:/a:redhat:enterprise_linux:nodejs-combined-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-commander, p-cpe:/a:redhat:enterprise_linux:nodejs-concat-map, p-cpe:/a:redhat:enterprise_linux:nodejs-concat-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-configstore, p-cpe:/a:redhat:enterprise_linux:nodejs-content-disposition, p-cpe:/a:redhat:enterprise_linux:nodejs-content-type, p-cpe:/a:redhat:enterprise_linux:nodejs-cookie, p-cpe:/a:redhat:enterprise_linux:nodejs-cookie-signature, p-cpe:/a:redhat:enterprise_linux:nodejs-cookies, p-cpe:/a:redhat:enterprise_linux:nodejs-core-util-is, p-cpe:/a:redhat:enterprise_linux:nodejs-create-error-class, p-cpe:/a:redhat:enterprise_linux:nodejs-cryptiles, p-cpe:/a:redhat:enterprise_linux:nodejs-ctype, p-cpe:/a:redhat:enterprise_linux:nodejs-debug, p-cpe:/a:redhat:enterprise_linux:nodejs-debuginfo, p-cpe:/a:redhat:enterprise_linux:nodejs-decamelize, p-cpe:/a:redhat:enterprise_linux:nodejs-deep-extend, p-cpe:/a:redhat:enterprise_linux:nodejs-delayed-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-depd, p-cpe:/a:redhat:enterprise_linux:nodejs-destroy, p-cpe:/a:redhat:enterprise_linux:nodejs-devel, p-cpe:/a:redhat:enterprise_linux:nodejs-docs, p-cpe:/a:redhat:enterprise_linux:nodejs-duplexer, p-cpe:/a:redhat:enterprise_linux:nodejs-duplexify, p-cpe:/a:redhat:enterprise_linux:nodejs-ee-first, p-cpe:/a:redhat:enterprise_linux:nodejs-end-of-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-error-ex, p-cpe:/a:redhat:enterprise_linux:nodejs-es6-promise, p-cpe:/a:redhat:enterprise_linux:nodejs-escape-html, p-cpe:/a:redhat:enterprise_linux:nodejs-escape-string-regexp, p-cpe:/a:redhat:enterprise_linux:nodejs-etag, p-cpe:/a:redhat:enterprise_linux:nodejs-event-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-eventemitter3, p-cpe:/a:redhat:enterprise_linux:nodejs-expand-brackets, p-cpe:/a:redhat:enterprise_linux:nodejs-expand-range, p-cpe:/a:redhat:enterprise_linux:nodejs-express, p-cpe:/a:redhat:enterprise_linux:nodejs-extend, p-cpe:/a:redhat:enterprise_linux:nodejs-extglob, p-cpe:/a:redhat:enterprise_linux:nodejs-filename-regex, p-cpe:/a:redhat:enterprise_linux:nodejs-fill-range, p-cpe:/a:redhat:enterprise_linux:nodejs-finalhandler, p-cpe:/a:redhat:enterprise_linux:nodejs-findup-sync, p-cpe:/a:redhat:enterprise_linux:nodejs-for-in, p-cpe:/a:redhat:enterprise_linux:nodejs-for-own, p-cpe:/a:redhat:enterprise_linux:nodejs-forever-agent, p-cpe:/a:redhat:enterprise_linux:nodejs-form-data, p-cpe:/a:redhat:enterprise_linux:nodejs-forwarded, p-cpe:/a:redhat:enterprise_linux:nodejs-fresh, p-cpe:/a:redhat:enterprise_linux:nodejs-from, p-cpe:/a:redhat:enterprise_linux:nodejs-generate-function, p-cpe:/a:redhat:enterprise_linux:nodejs-generate-object-property, p-cpe:/a:redhat:enterprise_linux:nodejs-glob, p-cpe:/a:redhat:enterprise_linux:nodejs-glob-base, p-cpe:/a:redhat:enterprise_linux:nodejs-glob-parent, p-cpe:/a:redhat:enterprise_linux:nodejs-got, p-cpe:/a:redhat:enterprise_linux:nodejs-graceful-fs, p-cpe:/a:redhat:enterprise_linux:nodejs-graceful-readlink, p-cpe:/a:redhat:enterprise_linux:nodejs-har-validator, p-cpe:/a:redhat:enterprise_linux:nodejs-has-ansi, p-cpe:/a:redhat:enterprise_linux:nodejs-has-color, p-cpe:/a:redhat:enterprise_linux:nodejs-has-flag, p-cpe:/a:redhat:enterprise_linux:nodejs-hawk, p-cpe:/a:redhat:enterprise_linux:nodejs-hoek, p-cpe:/a:redhat:enterprise_linux:nodejs-http-errors, p-cpe:/a:redhat:enterprise_linux:nodejs-http-proxy, p-cpe:/a:redhat:enterprise_linux:nodejs-http-signature, p-cpe:/a:redhat:enterprise_linux:nodejs-iconv-lite, p-cpe:/a:redhat:enterprise_linux:nodejs-indent-string, p-cpe:/a:redhat:enterprise_linux:nodejs-inflight, p-cpe:/a:redhat:enterprise_linux:nodejs-inherits, p-cpe:/a:redhat:enterprise_linux:nodejs-ini, p-cpe:/a:redhat:enterprise_linux:nodejs-invert-kv, p-cpe:/a:redhat:enterprise_linux:nodejs-ipaddr.js, p-cpe:/a:redhat:enterprise_linux:nodejs-is-binary-path, p-cpe:/a:redhat:enterprise_linux:nodejs-is-buffer, p-cpe:/a:redhat:enterprise_linux:nodejs-is-dotfile, p-cpe:/a:redhat:enterprise_linux:nodejs-is-equal-shallow, p-cpe:/a:redhat:enterprise_linux:nodejs-is-extendable, p-cpe:/a:redhat:enterprise_linux:nodejs-is-extglob, p-cpe:/a:redhat:enterprise_linux:nodejs-is-finite, p-cpe:/a:redhat:enterprise_linux:nodejs-is-glob, p-cpe:/a:redhat:enterprise_linux:nodejs-is-my-json-valid, p-cpe:/a:redhat:enterprise_linux:nodejs-is-npm, p-cpe:/a:redhat:enterprise_linux:nodejs-is-number, p-cpe:/a:redhat:enterprise_linux:nodejs-is-plain-obj, p-cpe:/a:redhat:enterprise_linux:nodejs-is-primitive, p-cpe:/a:redhat:enterprise_linux:nodejs-is-property, p-cpe:/a:redhat:enterprise_linux:nodejs-is-redirect, p-cpe:/a:redhat:enterprise_linux:nodejs-is-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-isarray, p-cpe:/a:redhat:enterprise_linux:nodejs-isobject, p-cpe:/a:redhat:enterprise_linux:nodejs-isstream, p-cpe:/a:redhat:enterprise_linux:nodejs-json-stringify-safe, p-cpe:/a:redhat:enterprise_linux:nodejs-jsonpointer, p-cpe:/a:redhat:enterprise_linux:nodejs-keygrip, p-cpe:/a:redhat:enterprise_linux:nodejs-kind-of, p-cpe:/a:redhat:enterprise_linux:nodejs-latest-version, p-cpe:/a:redhat:enterprise_linux:nodejs-lazy-cache, p-cpe:/a:redhat:enterprise_linux:nodejs-lcid, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.assign, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.baseassign, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.basecopy, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.bindcallback, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.createassigner, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.defaults, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.getnative, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isarguments, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isarray, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isiterateecall, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.keys, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.restparam, p-cpe:/a:redhat:enterprise_linux:nodejs-longest, p-cpe:/a:redhat:enterprise_linux:nodejs-lowercase-keys, p-cpe:/a:redhat:enterprise_linux:nodejs-map-obj, p-cpe:/a:redhat:enterprise_linux:nodejs-map-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-media-typer, p-cpe:/a:redhat:enterprise_linux:nodejs-meow, p-cpe:/a:redhat:enterprise_linux:nodejs-merge-descriptors, p-cpe:/a:redhat:enterprise_linux:nodejs-methods, p-cpe:/a:redhat:enterprise_linux:nodejs-micromatch, p-cpe:/a:redhat:enterprise_linux:nodejs-mime, p-cpe:/a:redhat:enterprise_linux:nodejs-mime-db, p-cpe:/a:redhat:enterprise_linux:nodejs-mime-types, p-cpe:/a:redhat:enterprise_linux:nodejs-minimatch, p-cpe:/a:redhat:enterprise_linux:nodejs-minimist, p-cpe:/a:redhat:enterprise_linux:nodejs-mkdirp, p-cpe:/a:redhat:enterprise_linux:nodejs-morgan, p-cpe:/a:redhat:enterprise_linux:nodejs-ms, p-cpe:/a:redhat:enterprise_linux:nodejs-negotiator, p-cpe:/a:redhat:enterprise_linux:nodejs-node-status-codes, p-cpe:/a:redhat:enterprise_linux:nodejs-node-uuid, p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon, p-cpe:/a:redhat:enterprise_linux:nodejs-nopt, p-cpe:/a:redhat:enterprise_linux:nodejs-normalize-path, p-cpe:/a:redhat:enterprise_linux:nodejs-number-is-nan, p-cpe:/a:redhat:enterprise_linux:nodejs-oauth, p-cpe:/a:redhat:enterprise_linux:nodejs-oauth-sign, p-cpe:/a:redhat:enterprise_linux:nodejs-object-assign, p-cpe:/a:redhat:enterprise_linux:nodejs-object.omit, p-cpe:/a:redhat:enterprise_linux:nodejs-on-finished, p-cpe:/a:redhat:enterprise_linux:nodejs-on-headers, p-cpe:/a:redhat:enterprise_linux:nodejs-once, p-cpe:/a:redhat:enterprise_linux:nodejs-openshift-auth-proxy, p-cpe:/a:redhat:enterprise_linux:nodejs-optimist, p-cpe:/a:redhat:enterprise_linux:nodejs-os-homedir, p-cpe:/a:redhat:enterprise_linux:nodejs-os-locale, p-cpe:/a:redhat:enterprise_linux:nodejs-os-tmpdir, p-cpe:/a:redhat:enterprise_linux:nodejs-osenv, p-cpe:/a:redhat:enterprise_linux:nodejs-package-json, p-cpe:/a:redhat:enterprise_linux:nodejs-packaging, p-cpe:/a:redhat:enterprise_linux:nodejs-parse-duration, p-cpe:/a:redhat:enterprise_linux:nodejs-parse-glob, p-cpe:/a:redhat:enterprise_linux:nodejs-parse-json, p-cpe:/a:redhat:enterprise_linux:nodejs-parseurl, p-cpe:/a:redhat:enterprise_linux:nodejs-passport, p-cpe:/a:redhat:enterprise_linux:nodejs-passport-http-bearer, p-cpe:/a:redhat:enterprise_linux:nodejs-passport-oauth2, p-cpe:/a:redhat:enterprise_linux:nodejs-passport-strategy, p-cpe:/a:redhat:enterprise_linux:nodejs-path-is-absolute, p-cpe:/a:redhat:enterprise_linux:nodejs-path-to-regexp, p-cpe:/a:redhat:enterprise_linux:nodejs-patternfly, p-cpe:/a:redhat:enterprise_linux:nodejs-pause, p-cpe:/a:redhat:enterprise_linux:nodejs-pause-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-pinkie, p-cpe:/a:redhat:enterprise_linux:nodejs-pinkie-promise, p-cpe:/a:redhat:enterprise_linux:nodejs-prepend-http, p-cpe:/a:redhat:enterprise_linux:nodejs-preserve, p-cpe:/a:redhat:enterprise_linux:nodejs-process-nextick-args, p-cpe:/a:redhat:enterprise_linux:nodejs-proxy-addr, p-cpe:/a:redhat:enterprise_linux:nodejs-ps-tree, p-cpe:/a:redhat:enterprise_linux:nodejs-qs, p-cpe:/a:redhat:enterprise_linux:nodejs-randomatic, p-cpe:/a:redhat:enterprise_linux:nodejs-range-parser, p-cpe:/a:redhat:enterprise_linux:nodejs-raw-body, p-cpe:/a:redhat:enterprise_linux:nodejs-rc, p-cpe:/a:redhat:enterprise_linux:nodejs-read-all-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-readable-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-readdirp, p-cpe:/a:redhat:enterprise_linux:nodejs-regex-cache, p-cpe:/a:redhat:enterprise_linux:nodejs-registry-url, p-cpe:/a:redhat:enterprise_linux:nodejs-repeat-element, p-cpe:/a:redhat:enterprise_linux:nodejs-repeat-string, p-cpe:/a:redhat:enterprise_linux:nodejs-repeating, p-cpe:/a:redhat:enterprise_linux:nodejs-request, p-cpe:/a:redhat:enterprise_linux:nodejs-requires-port, p-cpe:/a:redhat:enterprise_linux:nodejs-resolve, p-cpe:/a:redhat:enterprise_linux:nodejs-right-align, p-cpe:/a:redhat:enterprise_linux:nodejs-semver, p-cpe:/a:redhat:enterprise_linux:nodejs-semver-diff, p-cpe:/a:redhat:enterprise_linux:nodejs-send, p-cpe:/a:redhat:enterprise_linux:nodejs-serve-static, p-cpe:/a:redhat:enterprise_linux:nodejs-slide, p-cpe:/a:redhat:enterprise_linux:nodejs-sntp, p-cpe:/a:redhat:enterprise_linux:nodejs-split, p-cpe:/a:redhat:enterprise_linux:nodejs-statuses, p-cpe:/a:redhat:enterprise_linux:nodejs-stream-combiner, p-cpe:/a:redhat:enterprise_linux:nodejs-string-length, p-cpe:/a:redhat:enterprise_linux:nodejs-string_decoder, p-cpe:/a:redhat:enterprise_linux:nodejs-stringstream, p-cpe:/a:redhat:enterprise_linux:nodejs-strip-ansi, p-cpe:/a:redhat:enterprise_linux:nodejs-strip-json-comments, p-cpe:/a:redhat:enterprise_linux:nodejs-success-symbol, p-cpe:/a:redhat:enterprise_linux:nodejs-supports-color, p-cpe:/a:redhat:enterprise_linux:nodejs-through, p-cpe:/a:redhat:enterprise_linux:nodejs-timed-out, p-cpe:/a:redhat:enterprise_linux:nodejs-touch, p-cpe:/a:redhat:enterprise_linux:nodejs-tough-cookie, p-cpe:/a:redhat:enterprise_linux:nodejs-tunnel-agent, p-cpe:/a:redhat:enterprise_linux:nodejs-type-is, p-cpe:/a:redhat:enterprise_linux:nodejs-typedarray, p-cpe:/a:redhat:enterprise_linux:nodejs-uid2, p-cpe:/a:redhat:enterprise_linux:nodejs-undefsafe, p-cpe:/a:redhat:enterprise_linux:nodejs-unpipe, p-cpe:/a:redhat:enterprise_linux:nodejs-unzip-response, p-cpe:/a:redhat:enterprise_linux:nodejs-update-notifier, p-cpe:/a:redhat:enterprise_linux:nodejs-url-join, p-cpe:/a:redhat:enterprise_linux:nodejs-url-parse-lax, p-cpe:/a:redhat:enterprise_linux:nodejs-util-deprecate, p-cpe:/a:redhat:enterprise_linux:nodejs-utils-merge, p-cpe:/a:redhat:enterprise_linux:nodejs-uuid, p-cpe:/a:redhat:enterprise_linux:nodejs-vary, p-cpe:/a:redhat:enterprise_linux:nodejs-window-size, p-cpe:/a:redhat:enterprise_linux:nodejs-wordwrap, p-cpe:/a:redhat:enterprise_linux:nodejs-wrappy, p-cpe:/a:redhat:enterprise_linux:nodejs-write-file-atomic, p-cpe:/a:redhat:enterprise_linux:nodejs-xdg-basedir, p-cpe:/a:redhat:enterprise_linux:nodejs-xtend, p-cpe:/a:redhat:enterprise_linux:nodejs-y18n, p-cpe:/a:redhat:enterprise_linux:nodejs-yargs, p-cpe:/a:redhat:enterprise_linux:nss_wrapper, p-cpe:/a:redhat:enterprise_linux:nss_wrapper-debuginfo, p-cpe:/a:redhat:enterprise_linux:openshift-elasticsearch-plugin, p-cpe:/a:redhat:enterprise_linux:openvswitch, p-cpe:/a:redhat:enterprise_linux:openvswitch-debuginfo, p-cpe:/a:redhat:enterprise_linux:openvswitch-devel, p-cpe:/a:redhat:enterprise_linux:openvswitch-test, p-cpe:/a:redhat:enterprise_linux:origin-kibana, p-cpe:/a:redhat:enterprise_linux:perl-thrift, p-cpe:/a:redhat:enterprise_linux:php55-php-pecl-imagick, p-cpe:/a:redhat:enterprise_linux:php55-php-pecl-imagick-debuginfo, p-cpe:/a:redhat:enterprise_linux:php55-php-pecl-xdebug, p-cpe:/a:redhat:enterprise_linux:php55-php-pecl-xdebug-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-click, p-cpe:/a:redhat:enterprise_linux:python-contextlib2, p-cpe:/a:redhat:enterprise_linux:python-crypto, p-cpe:/a:redhat:enterprise_linux:python-crypto-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-ecdsa, p-cpe:/a:redhat:enterprise_linux:python-elasticsearch, p-cpe:/a:redhat:enterprise_linux:python-extras, p-cpe:/a:redhat:enterprise_linux:python-fb303, p-cpe:/a:redhat:enterprise_linux:python-fixtures, p-cpe:/a:redhat:enterprise_linux:python-httplib2, p-cpe:/a:redhat:enterprise_linux:python-keyczar, p-cpe:/a:redhat:enterprise_linux:python-linecache2, p-cpe:/a:redhat:enterprise_linux:python-mimeparse, p-cpe:/a:redhat:enterprise_linux:python-nose-xcover, p-cpe:/a:redhat:enterprise_linux:python-openvswitch, p-cpe:/a:redhat:enterprise_linux:python-paramiko, p-cpe:/a:redhat:enterprise_linux:python-pbr, p-cpe:/a:redhat:enterprise_linux:python-setuptools, p-cpe:/a:redhat:enterprise_linux:python-testtools, p-cpe:/a:redhat:enterprise_linux:python-testtools-doc, p-cpe:/a:redhat:enterprise_linux:python-thrift, p-cpe:/a:redhat:enterprise_linux:python-traceback2, p-cpe:/a:redhat:enterprise_linux:python-unittest2, p-cpe:/a:redhat:enterprise_linux:python2-mock, p-cpe:/a:redhat:enterprise_linux:python33-python-pip, p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:rubygem-addressable-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-atomic, p-cpe:/a:redhat:enterprise_linux:rubygem-atomic-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-atomic-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-builder, p-cpe:/a:redhat:enterprise_linux:rubygem-builder-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-configuration, p-cpe:/a:redhat:enterprise_linux:rubygem-configuration-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-cool.io, p-cpe:/a:redhat:enterprise_linux:rubygem-cool.io-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-cool.io-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-crack, p-cpe:/a:redhat:enterprise_linux:rubygem-crack-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-dalli, p-cpe:/a:redhat:enterprise_linux:rubygem-dalli-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-diff-lcs, p-cpe:/a:redhat:enterprise_linux:rubygem-diff-lcs-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-docker-api, p-cpe:/a:redhat:enterprise_linux:rubygem-docker-api-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-api, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-api-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-extensions, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-extensions-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-transport, p-cpe:/a:redhat:enterprise_linux:rubygem-elasticsearch-transport-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-excon, p-cpe:/a:redhat:enterprise_linux:rubygem-excon-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:rubygem-faraday-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-add, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-add-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-docker_metadata_filter, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-docker_metadata_filter-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-elasticsearch, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-elasticsearch-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-flatten-hash, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-flatten-hash-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-kubernetes_metadata_filter, p-cpe:/a:redhat:enterprise_linux:rubygem-fluent-plugin-kubernetes_metadata_filter-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-http_parser.rb, p-cpe:/a:redhat:enterprise_linux:rubygem-http_parser.rb-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-http_parser.rb-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:rubygem-i18n-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-introspection, p-cpe:/a:redhat:enterprise_linux:rubygem-introspection-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-jnunemaker-matchy, p-cpe:/a:redhat:enterprise_linux:rubygem-jnunemaker-matchy-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-json_pure, p-cpe:/a:redhat:enterprise_linux:rubygem-json_pure-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-kubeclient, p-cpe:/a:redhat:enterprise_linux:rubygem-kubeclient-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-launchy, p-cpe:/a:redhat:enterprise_linux:rubygem-lru_redux, p-cpe:/a:redhat:enterprise_linux:rubygem-lru_redux-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-metaclass, p-cpe:/a:redhat:enterprise_linux:rubygem-metaclass-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-minitest, p-cpe:/a:redhat:enterprise_linux:rubygem-minitest-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-mocha, p-cpe:/a:redhat:enterprise_linux:rubygem-mocha-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-msgpack, p-cpe:/a:redhat:enterprise_linux:rubygem-msgpack-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-msgpack-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:rubygem-multipart-post-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:rubygem-netrc-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-recursive-open-struct, p-cpe:/a:redhat:enterprise_linux:rubygem-recursive-open-struct-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:rubygem-rr, p-cpe:/a:redhat:enterprise_linux:rubygem-rr-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec-core, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec-core-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec-expectations, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec-expectations-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec-mocks, p-cpe:/a:redhat:enterprise_linux:rubygem-rspec-mocks-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-session, p-cpe:/a:redhat:enterprise_linux:rubygem-session-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-shoulda, p-cpe:/a:redhat:enterprise_linux:rubygem-shoulda-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-sigdump, p-cpe:/a:redhat:enterprise_linux:rubygem-sigdump-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-string-scrub, p-cpe:/a:redhat:enterprise_linux:rubygem-string-scrub-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-string-scrub-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-test-unit, p-cpe:/a:redhat:enterprise_linux:rubygem-test-unit-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-test-unit-rr, p-cpe:/a:redhat:enterprise_linux:rubygem-test-unit-rr-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-test_declarative, p-cpe:/a:redhat:enterprise_linux:rubygem-test_declarative-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-thread_safe, p-cpe:/a:redhat:enterprise_linux:rubygem-thread_safe-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-tzinfo, p-cpe:/a:redhat:enterprise_linux:rubygem-tzinfo-data, p-cpe:/a:redhat:enterprise_linux:rubygem-tzinfo-data-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-tzinfo-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-webmock, p-cpe:/a:redhat:enterprise_linux:rubygem-webmock-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-yajl-ruby, p-cpe:/a:redhat:enterprise_linux:rubygem-yajl-ruby-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-yajl-ruby-doc, p-cpe:/a:redhat:enterprise_linux:search-guard, p-cpe:/a:redhat:enterprise_linux:sshpass, p-cpe:/a:redhat:enterprise_linux:sshpass-debuginfo, p-cpe:/a:redhat:enterprise_linux:thrift, p-cpe:/a:redhat:enterprise_linux:thrift-debuginfo, p-cpe:/a:redhat:enterprise_linux:thrift-devel, p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node, p-cpe:/a:redhat:enterprise_linux:v8, p-cpe:/a:redhat:enterprise_linux:v8-debuginfo, p-cpe:/a:redhat:enterprise_linux:v8-devel, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2016/05/12

Reference Information

CVE: CVE-2016-2149, CVE-2016-2160, CVE-2016-3711

RHSA: 2016:1064