(RHSA-2016:1206) Moderate: jenkins security update

2016-06-06T22:57:05
ID RHSA-2016:1206
Type redhat
Reporter RedHat
Modified 2016-06-06T22:58:54

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

  • The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure. (CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727)

Refer to the changelog listed in the References section for a list of changes.

This update includes the following image:

openshift3/jenkins-1-rhel7:1.651.2-4

All OpenShift Enterprise 3.2 users are advised to upgrade to the updated package and image.