(RHSA-2014:0762) Critical: rubygem-openshift-origin-node security update

2014-06-18T04:00:00
ID RHSA-2014:0762
Type redhat
Reporter RedHat
Modified 2018-06-09T14:16:48

Description

The rubygem-openshift-origin-node package provides basic OpenShift node functionality.

A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. (CVE-2014-3496)

This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team.

All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.