(RHSA-2016:2696) Moderate: atomic-openshift security and bug fix update

2016-11-15T23:10:17
ID RHSA-2016:2696
Type redhat
Reporter RedHat
Modified 2016-11-15T23:24:01

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform release 3.3.1.4. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2016:2697

Security Fix(es):

  • The OpenShift Container Platform 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. (CVE-2016-8631)

This issue was discovered by Jordan Liggitt (Red Hat).

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.