RHEL 7 : atomic-openshift (RHSA-2016:1427)
Medium Nessus Plugin ID 119376
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Security Fix(es) :
* The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information. (CVE-2016-5392)
This issue was discovered by Yanping Zhang (Red Hat).
This updates includes the following images :
openshift3/openvswitch:v126.96.36.199-1 openshift3/ose-pod:v188.8.131.52-1 openshift3/ose:v184.108.40.206-1 openshift3/ose-docker-registry:v220.127.116.11-1 openshift3/ose-keepalived-ipfailover:v18.104.22.168-1 openshift3/ose-recycler:v22.214.171.124-1 openshift3/ose-f5-router:v126.96.36.199-1 openshift3/ose-deployer:v188.8.131.52-1 openshift3/node:v184.108.40.206-1 openshift3/ose-sti-builder:v220.127.116.11-1 openshift3/ose-docker-builder:v18.104.22.168-1 openshift3/ose-haproxy-router:v22.214.171.124-1
All OpenShift Enterprise 3 users are advised to upgrade to these updated packages and images.
SolutionUpdate the affected packages.