ID RHSA-2016:0351 Type redhat Reporter RedHat Modified 2018-03-19T16:27:53
Description
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
An authorization flaw was discovered in Kubernetes; the API server did
not properly check user permissions when handling certain requests. An
authenticated remote attacker could use this flaw to gain additional
access to resources such as RAM and disk space. (CVE-2016-1905)
An authorization flaw was discovered in Kubernetes; the API server did
not properly check user permissions when handling certain build
configuration strategies. A remote attacker could create build
configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the
policy is violated), if the build configuration files were later
launched by other privileged services (such as automated triggers),
user privileges could be bypassed allowing attacker escalation.
(CVE-2016-1906)
All OpenShift Enterprise 3.0 users are advised to upgrade to these
updated packages.
{"id": "RHSA-2016:0351", "hash": "0714c697790d229f777dc3c81255ac18", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0351) Moderate: kubernetes security update", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional \naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain build\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the \npolicy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these \nupdated packages.", "published": "2016-03-03T21:07:25", "modified": "2018-03-19T16:27:53", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2016:0351", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1905", "CVE-2016-1906"], "lastseen": "2019-05-29T14:35:23", "history": [{"bulletin": {"id": "RHSA-2016:0351", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0351) Moderate: kubernetes security update", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional \naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain build\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the \npolicy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these \nupdated packages.", "published": "2016-03-03T21:07:25", "modified": "2016-11-01T18:50:54", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0351", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1906", "CVE-2016-1905"], "lastseen": "2016-11-25T14:52:34", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "openshift-sdn-ovs-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-sdn-ovs", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-clients-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-clients", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-node", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "openshift", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "tuned-profiles-openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "tuned-profiles-openshift-node", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-master-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-master", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}]}, "lastseen": "2016-11-25T14:52:34", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2016:0351", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0351) Moderate: kubernetes security update", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional \naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain build\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the \npolicy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these \nupdated packages.", "published": "2016-03-03T21:07:25", "modified": "2017-07-21T12:44:10", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0351", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1906", "CVE-2016-1905"], "lastseen": "2017-07-22T02:58:03", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 2.8, "modified": "2017-07-22T02:58:03", "vector": "AV:N/AC:M/Au:M/C:N/I:P/A:N/"}}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "openshift-sdn-ovs-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-sdn-ovs", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-clients-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-clients", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-node", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "openshift", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "tuned-profiles-openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "tuned-profiles-openshift-node", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}, {"packageFilename": "openshift-master-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "openshift-master", "OSVersion": "7", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "operator": "lt"}]}, "lastseen": "2017-07-22T02:58:03", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2016:0351", "hash": "48a07fa05f398abcc211b3af6a3ce234", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0351) Moderate: kubernetes security update", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional \naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain build\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the \npolicy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these \nupdated packages.", "published": "2016-03-03T21:07:25", "modified": "2018-03-19T16:27:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0351", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1905", "CVE-2016-1906"], "lastseen": "2018-03-19T21:56:02", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "openshift", "packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "openshift", "packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "openshift-clients", "packageFilename": "openshift-clients-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "openshift-master", "packageFilename": "openshift-master-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "openshift-node", "packageFilename": "openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "openshift-sdn-ovs", "packageFilename": "openshift-sdn-ovs-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageName": "tuned-profiles-openshift-node", "packageFilename": "tuned-profiles-openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}]}, "lastseen": "2018-03-19T21:56:02", "differentElements": ["affectedPackage"], "edition": 3}, {"bulletin": {"id": "RHSA-2016:0351", "hash": "6cd40270f3c589c48ca77e79a03c016b", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0351) Moderate: kubernetes security update", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional \naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did \nnot properly check user permissions when handling certain build\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the \npolicy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these \nupdated packages.", "published": "2016-03-03T21:07:25", "modified": "2018-03-19T16:27:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0351", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1905", "CVE-2016-1906"], "lastseen": "2018-12-11T17:44:42", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1906", "CVE-2016-1905"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2016-0351.NASL", "REDHAT-RHSA-2016-0070.NASL"]}, {"type": "redhat", "idList": ["RHSA-2016:0070"]}], "modified": "2018-12-11T17:44:42"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.src.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:44:42", "differentElements": ["cvss"], "edition": 4}], "viewCount": 3, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2019-05-29T14:35:23"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1906", "CVE-2016-1905"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2016-0351.NASL", "REDHAT-RHSA-2016-0070.NASL"]}, {"type": "redhat", "idList": ["RHSA-2016:0070"]}], "modified": "2019-05-29T14:35:23"}, "vulnersScore": 5.5}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift", "packageVersion": "3.0.2.0-0.git.45.423f434.el7ose", "packageFilename": "openshift-3.0.2.0-0.git.45.423f434.el7ose.src.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:15:34", "bulletinFamily": "NVD", "description": "The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.", "modified": "2016-06-15T12:32:00", "id": "CVE-2016-1905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1905", "published": "2016-02-03T18:59:00", "title": "CVE-2016-1905", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:15:34", "bulletinFamily": "NVD", "description": "Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.", "modified": "2017-05-19T01:29:00", "id": "CVE-2016-1906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1906", "published": "2016-02-03T18:59:00", "title": "CVE-2016-1906", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:44:21", "bulletinFamily": "scanner", "description": "Updated kubernetes packages that fix two security issues are now available for Red Hat OpenShift Enterprise 3.0.2.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation.\n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these updated packages.", "modified": "2018-12-04T00:00:00", "id": "REDHAT-RHSA-2016-0351.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119367", "published": "2018-12-04T00:00:00", "title": "RHEL 7 : kubernetes (RHSA-2016:0351)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0351. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119367);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/12/04 16:01:27\");\n\n script_cve_id(\"CVE-2016-1905\", \"CVE-2016-1906\");\n script_xref(name:\"RHSA\", value:\"2016:0351\");\n\n script_name(english:\"RHEL 7 : kubernetes (RHSA-2016:0351)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kubernetes packages that fix two security issues are now\navailable for Red Hat OpenShift Enterprise 3.0.2.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nAn authorization flaw was discovered in Kubernetes; the API server did\nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional\naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did\nnot properly check user permissions when handling certain build\nconfiguration strategies. A remote attacker could create build\nconfigurations with strategies that violate policy. Although the\nattacker could not launch the build themselves (launch fails when the\npolicy is violated), if the build configuration files were later\nlaunched by other privileged services (such as automated triggers),\nuser privileges could be bypassed allowing attacker escalation.\n(CVE-2016-1906)\n\nAll OpenShift Enterprise 3.0 users are advised to upgrade to these\nupdated packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1906\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0351\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"openshift-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-3.0.2.0-0.git.45.423f434.el7ose\")) flag++;\n if (rpm_exists(rpm:\"openshift-clients-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-3.0.2.0-0.git.45.423f434.el7ose\")) flag++;\n if (rpm_exists(rpm:\"openshift-master-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-master-3.0.2.0-0.git.45.423f434.el7ose\")) flag++;\n if (rpm_exists(rpm:\"openshift-node-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-node-3.0.2.0-0.git.45.423f434.el7ose\")) flag++;\n if (rpm_exists(rpm:\"openshift-sdn-ovs-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-sdn-ovs-3.0.2.0-0.git.45.423f434.el7ose\")) flag++;\n if (rpm_exists(rpm:\"tuned-profiles-openshift-node-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tuned-profiles-openshift-node-3.0.2.0-0.git.45.423f434.el7ose\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openshift / openshift-clients / openshift-master / openshift-node / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:44:23", "bulletinFamily": "scanner", "description": "Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThe following security issues are addressed with this release :\n\nAn authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build- configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation.\n(CVE-2016-1906)\n\nAn update for Jenkins Continuous Integration Server that addresses a large number of security issues including XSS, CSRF, information disclosure and code execution have been addressed as well.\n(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662 CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667 CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807 CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813 CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319 CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323 CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537 CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise 3.1 Release Notes, which will be updated shortly for release 3.1.1, for details about these changes :\n\nhttps://docs.openshift.com/enterprise/3.1/release_notes/ ose_3_1_release_notes.html\n\nAll OpenShift Enterprise 3 users are advised to upgrade to these updated packages.", "modified": "2018-12-06T00:00:00", "id": "REDHAT-RHSA-2016-0070.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119442", "published": "2018-12-06T00:00:00", "title": "RHEL 7 : openshift (RHSA-2016:0070)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0070. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119442);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/12/06 10:16:47\");\n\n script_cve_id(\"CVE-2013-2186\", \"CVE-2014-1869\", \"CVE-2014-3661\", \"CVE-2014-3662\", \"CVE-2014-3663\", \"CVE-2014-3664\", \"CVE-2014-3666\", \"CVE-2014-3667\", \"CVE-2014-3680\", \"CVE-2014-3681\", \"CVE-2015-1806\", \"CVE-2015-1807\", \"CVE-2015-1808\", \"CVE-2015-1810\", \"CVE-2015-1812\", \"CVE-2015-1813\", \"CVE-2015-1814\", \"CVE-2015-5317\", \"CVE-2015-5318\", \"CVE-2015-5319\", \"CVE-2015-5320\", \"CVE-2015-5321\", \"CVE-2015-5322\", \"CVE-2015-5323\", \"CVE-2015-5324\", \"CVE-2015-5325\", \"CVE-2015-5326\", \"CVE-2015-7537\", \"CVE-2015-7538\", \"CVE-2015-7539\", \"CVE-2015-8103\", \"CVE-2016-1905\", \"CVE-2016-1906\");\n script_xref(name:\"RHSA\", value:\"2016:0070\");\n script_xref(name:\"TRA\", value:\"TRA-2016-23\");\n\n script_name(english:\"RHEL 7 : openshift (RHSA-2016:0070)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat OpenShift Enterprise release 3.1.1 is now available with\nupdates to packages that fix several security issues, bugs and\nintroduce feature enhancements.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issues are addressed with this release :\n\nAn authorization flaw was discovered in Kubernetes; the API server did\nnot properly check user permissions when handling certain requests. An\nauthenticated remote attacker could use this flaw to gain additional\naccess to resources such as RAM and disk space. (CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server did\nnot properly check user permissions when handling certain build-\nconfiguration strategies. A remote attacker could create build\nconfigurations with strategies that violate policy. Although the\nattacker could not launch the build themselves (launch fails when the\npolicy is violated), if the build configuration files were later\nlaunched by other privileged services (such as automated triggers),\nuser privileges could be bypassed allowing attacker escalation.\n(CVE-2016-1906)\n\nAn update for Jenkins Continuous Integration Server that addresses a\nlarge number of security issues including XSS, CSRF, information\ndisclosure and code execution have been addressed as well.\n(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662\nCVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667\nCVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807\nCVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813\nCVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319\nCVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323\nCVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537\nCVE-2015-7538, CVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes and enhancements in\nthis advisory. See the OpenShift Enterprise 3.1 Release Notes, which\nwill be updated shortly for release 3.1.1, for details about these\nchanges :\n\nhttps://docs.openshift.com/enterprise/3.1/release_notes/\nose_3_1_release_notes.html\n\nAll OpenShift Enterprise 3 users are advised to upgrade to these\nupdated packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenNMS Java Object Unserialization Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:heapster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-align-text\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-green\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-wrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-anymatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-arr-diff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-arr-flatten\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-array-unique\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-arrify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-async-each\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-binary-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-braces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-capture-stack-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-chokidar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-configstore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-create-error-class\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-deep-extend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-duplexer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-duplexify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-end-of-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-error-ex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-es6-promise\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-event-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-expand-brackets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-expand-range\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-extglob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-filename-regex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-fill-range\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-for-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-for-own\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-from\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-glob-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-glob-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-got\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-graceful-fs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-binary-path\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-dotfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-equal-shallow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-extendable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-extglob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-glob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-npm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-number\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-plain-obj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-primitive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-redirect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-is-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-isobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-kind-of\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-latest-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lazy-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.assign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.baseassign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.basecopy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.bindcallback\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.createassigner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.defaults\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.getnative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isarguments\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isarray\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isiterateecall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.restparam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-lowercase-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-map-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-micromatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-mkdirp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-node-status-codes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-normalize-path\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-object-assign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-object.omit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-optimist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-os-homedir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-os-tmpdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-osenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-package-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-parse-glob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-parse-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-pause-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-pinkie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-pinkie-promise\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-prepend-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-preserve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-ps-tree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-randomatic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-rc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-read-all-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-readdirp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-regex-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-registry-url\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-repeat-element\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-semver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-semver-diff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-slide\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-split\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-stream-combiner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-string-length\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-strip-json-comments\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-success-symbol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-through\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-timed-out\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-touch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-undefsafe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-unzip-response\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-update-notifier\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-url-parse-lax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-write-file-atomic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-xdg-basedir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_wrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_wrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-filter-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-lookup-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:origin-kibana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0070\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-dockerregistry-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-dockerregistry-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-recycle-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-recycle-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-utils-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-utils-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"heapster-0.18.2-3.gitaf4752e.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jenkins-1.625.3-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-align-text-0.1.3-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-ansi-green-0.1.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-ansi-wrap-0.1.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-anymatch-1.3.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-arr-diff-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-arr-flatten-1.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-array-unique-0.2.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-arrify-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-async-each-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-binary-extensions-1.3.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-braces-1.8.2-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-capture-stack-trace-1.0.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-chokidar-1.4.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-configstore-1.4.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-create-error-class-2.0.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-deep-extend-0.3.2-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-duplexer-0.1.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-duplexify-3.4.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-end-of-stream-1.1.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-error-ex-1.2.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-es6-promise-3.0.2-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-event-stream-3.3.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-expand-brackets-0.1.4-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-expand-range-1.8.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-extglob-0.3.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-filename-regex-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-fill-range-2.2.3-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-for-in-0.1.4-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-for-own-0.1.3-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-from-0.1.3-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-glob-base-0.3.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-glob-parent-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-got-5.2.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-graceful-fs-4.1.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-ini-1.1.0-6.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-binary-path-1.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-dotfile-1.0.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-equal-shallow-0.1.3-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-extendable-0.1.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-extglob-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-glob-2.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-npm-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-number-2.1.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-plain-obj-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-primitive-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-redirect-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-is-stream-1.0.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-isobject-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-kind-of-3.0.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-latest-version-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lazy-cache-1.0.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.assign-3.2.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.baseassign-3.2.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.basecopy-3.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.bindcallback-3.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.createassigner-3.1.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.defaults-3.1.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.getnative-3.9.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.isarguments-3.0.4-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.isarray-3.0.4-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.isiterateecall-3.0.9-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.keys-3.1.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lodash.restparam-3.6.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-lowercase-keys-1.0.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-map-stream-0.1.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-micromatch-2.3.5-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-mkdirp-0.5.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-node-status-codes-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-nodemon-1.8.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-normalize-path-2.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-object-assign-4.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-object.omit-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-optimist-0.4.0-5.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-os-homedir-1.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-os-tmpdir-1.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-osenv-0.1.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-package-json-2.3.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-parse-glob-3.0.4-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-parse-json-2.2.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-pause-stream-0.0.11-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-pinkie-2.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-pinkie-promise-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-prepend-http-1.0.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-preserve-0.2.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-ps-tree-1.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-randomatic-1.1.5-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-rc-1.1.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-read-all-stream-3.0.1-3.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-readdirp-2.0.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-regex-cache-0.4.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-registry-url-3.0.3-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-repeat-element-1.1.2-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-semver-5.1.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-semver-diff-2.1.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-slide-1.1.5-3.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-split-0.3.3-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-stream-combiner-0.2.1-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-string-length-1.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-strip-json-comments-1.0.2-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-success-symbol-0.1.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-through-2.3.4-4.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-timed-out-2.0.0-3.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-touch-1.0.0-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-undefsafe-0.0.3-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-unzip-response-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-update-notifier-0.6.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-url-parse-lax-1.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-uuid-2.0.1-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-write-file-atomic-1.1.2-2.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-xdg-basedir-2.0.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss_wrapper-1.0.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss_wrapper-debuginfo-1.0.3-1.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-docs-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-docs-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-filter-plugins-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-filter-plugins-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-lookup-plugins-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-lookup-plugins-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-playbooks-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-playbooks-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-roles-3.0\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-roles-3.0.35-1.git.0.6a386dd.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openvswitch-2.4.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openvswitch-debuginfo-2.4.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openvswitch-devel-2.4.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"openvswitch-test-2.4.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"origin-kibana-0.5.0-1.el7aos\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-openvswitch-2.4.0-1.el7\")) flag++;\n if (rpm_exists(rpm:\"tuned-profiles-atomic-openshift-node-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tuned-profiles-atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-05-29T14:35:31", "bulletinFamily": "unix", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing \nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nThe following security issues are addressed with this release:\n\nAn authorization flaw was discovered in Kubernetes; the API server \ndid not properly check user permissions when handling certain \nrequests. An authenticated remote attacker could use this flaw to \ngain additional access to resources such as RAM and disk space. \n(CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server \ndid not properly check user permissions when handling certain build-\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the \nattacker could not launch the build themselves (launch fails when \nthe policy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662\nCVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667\nCVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807\nCVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813\nCVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319\nCVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323\nCVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537\nCVE-2015-7538, CVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes and enhancements in \nthis advisory. See the OpenShift Enterprise 3.1 Release Notes, which \nwill be updated shortly for release 3.1.1, for details about these \nchanges:\n\nhttps://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html\n\nAll OpenShift Enterprise 3 users are advised to upgrade to these \nupdated packages.", "modified": "2016-01-27T00:08:42", "published": "2016-01-27T00:01:15", "id": "RHSA-2016:0070", "href": "https://access.redhat.com/errata/RHSA-2016:0070", "type": "redhat", "title": "(RHSA-2016:0070) Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
