(RHSA-2016:0711) Important: jenkins security update

2016-05-0315:17:11

access.redhat.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-
as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.

Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

The Jenkins continuous integration server has been updated to upstream
version 1.642.2 LTS that addresses a large number of security issues,
including XSS, CSRF, information disclosure, and code execution.
(CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792)

Refer to the changelog listed in the References section for a list of
changes.

This update includes the following image:

openshift3/jenkins-1-rhel7:1.642-30

All OpenShift Enterprise 3.1 users are advised to upgrade to the updated
package and image.

OSVersionArchitecturePackageVersionFilename
RedHat7srcjenkins-plugin-kubernetes< 0.5-1.el7jenkins-plugin-kubernetes-0.5-1.el7.src.rpm
RedHat7srcjenkins-plugin-openshift-pipeline< 1.0.9-1.el7jenkins-plugin-openshift-pipeline-1.0.9-1.el7.src.rpm
RedHat7x86_64jenkins-plugin-openshift-pipeline< 1.0.9-1.el7jenkins-plugin-openshift-pipeline-1.0.9-1.el7.x86_64.rpm
RedHat7x86_64jenkins-plugin-kubernetes< 0.5-1.el7jenkins-plugin-kubernetes-0.5-1.el7.x86_64.rpm
RedHat7x86_64jenkins-plugin-durable-task< 1.7-1.el7jenkins-plugin-durable-task-1.7-1.el7.x86_64.rpm
RedHat7noarchjenkins< 1.642.2-1.el7jenkins-1.642.2-1.el7.noarch.rpm
RedHat7srcjenkins-plugin-durable-task< 1.7-1.el7jenkins-plugin-durable-task-1.7-1.el7.src.rpm
RedHat7x86_64jenkins-plugin-credentials< 1.24-2.el7jenkins-plugin-credentials-1.24-2.el7.x86_64.rpm
RedHat7srcjenkins-plugin-credentials< 1.24-2.el7jenkins-plugin-credentials-1.24-2.el7.src.rpm
RedHat7srcjenkins< 1.642.2-1.el7jenkins-1.642.2-1.el7.src.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	src	jenkins-plugin-kubernetes	< 0.5-1.el7	jenkins-plugin-kubernetes-0.5-1.el7.src.rpm
RedHat	7	src	jenkins-plugin-openshift-pipeline	< 1.0.9-1.el7	jenkins-plugin-openshift-pipeline-1.0.9-1.el7.src.rpm
RedHat	7	x86_64	jenkins-plugin-openshift-pipeline	< 1.0.9-1.el7	jenkins-plugin-openshift-pipeline-1.0.9-1.el7.x86_64.rpm
RedHat	7	x86_64	jenkins-plugin-kubernetes	< 0.5-1.el7	jenkins-plugin-kubernetes-0.5-1.el7.x86_64.rpm
RedHat	7	x86_64	jenkins-plugin-durable-task	< 1.7-1.el7	jenkins-plugin-durable-task-1.7-1.el7.x86_64.rpm
RedHat	7	noarch	jenkins	< 1.642.2-1.el7	jenkins-1.642.2-1.el7.noarch.rpm
RedHat	7	src	jenkins-plugin-durable-task	< 1.7-1.el7	jenkins-plugin-durable-task-1.7-1.el7.src.rpm
RedHat	7	x86_64	jenkins-plugin-credentials	< 1.24-2.el7	jenkins-plugin-credentials-1.24-2.el7.x86_64.rpm
RedHat	7	src	jenkins-plugin-credentials	< 1.24-2.el7	jenkins-plugin-credentials-1.24-2.el7.src.rpm
RedHat	7	src	jenkins	< 1.642.2-1.el7	jenkins-1.642.2-1.el7.src.rpm