Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2017:3389
HistoryDec 07, 2017 - 6:54 a.m.

(RHSA-2017:3389) Moderate: Red Hat OpenShift Enterprise security, bug fix, and enhancement update

2017-12-0706:54:54
access.redhat.com
15

0.001 Low

EPSS

Percentile

46.4%

JSON

OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for this release. An advisory for the container images for this release is available at: https://access.redhat.com/errata/RHBA-2017:3390.

Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/3.6/release_notes/ocp_3_6_release_notes.html

https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.

Security Fix(es):

  • An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices. (CVE-2017-12195)

This issue was discovered by Rich Megginson (Red Hat).

OSVersionArchitecturePackageVersionFilename
RedHat7noarchatomic-openshift-docker-excluder< 3.5.5.31.47-1.git.0.25d535c.el7atomic-openshift-docker-excluder-3.5.5.31.47-1.git.0.25d535c.el7.noarch.rpm
RedHat7x86_64atomic-openshift-clients-redistributable< 3.5.5.31.47-1.git.0.25d535c.el7atomic-openshift-clients-redistributable-3.5.5.31.47-1.git.0.25d535c.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-tests< 3.6.173.0.63-1.git.0.855ea8b.el7atomic-openshift-tests-3.6.173.0.63-1.git.0.855ea8b.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-sdn-ovs< 3.6.173.0.63-1.git.0.855ea8b.el7atomic-openshift-sdn-ovs-3.6.173.0.63-1.git.0.855ea8b.el7.x86_64.rpm
RedHat7noarchopenshift-elasticsearch-plugin< 2.4.4.17__redhat_1-3.el7openshift-elasticsearch-plugin-2.4.4.17__redhat_1-3.el7.noarch.rpm
RedHat7x86_64tuned-profiles-atomic-openshift-node< 3.6.173.0.63-1.git.0.855ea8b.el7tuned-profiles-atomic-openshift-node-3.6.173.0.63-1.git.0.855ea8b.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-dockerregistry< 3.5.5.31.47-1.git.0.25d535c.el7atomic-openshift-dockerregistry-3.5.5.31.47-1.git.0.25d535c.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-clients< 3.5.5.31.47-1.git.0.25d535c.el7atomic-openshift-clients-3.5.5.31.47-1.git.0.25d535c.el7.x86_64.rpm
RedHat7noarchopenshift-elasticsearch-plugin< 2.4.1.11__redhat_1-3.el7openshift-elasticsearch-plugin-2.4.1.11__redhat_1-3.el7.noarch.rpm
RedHat7x86_64atomic-openshift-clients< 3.6.173.0.63-1.git.0.855ea8b.el7atomic-openshift-clients-3.6.173.0.63-1.git.0.855ea8b.el7.x86_64.rpm
Rows per page:
1-10 of 431

Related

redhat 1
cvelist 1
veracode 1
redhatcve 1
nvd 1
nessus 2
cve 1
prion 1
redhat
redhat
(RHSA-2017:3188) Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update
2017-11-28 21:16:53
cvelist
cvelist
CVE-2017-12195
2018-07-27 15:00:00
veracode
veracode
Authentication Bypass
2019-01-15 09:19:33
redhatcve
redhatcve
CVE-2017-12195
2017-11-28 20:19:57
nvd
nvd
CVE-2017-12195
2018-07-27 15:29:00
nessus
nessus
RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2017:3389)
2018-12-04 00:00:00
RHEL 7 : Red Hat OpenShift Container Platform 3.7 (RHSA-2017:3188)
2018-12-04 00:00:00
cve
cve
CVE-2017-12195
2018-07-27 15:29:00
prion
prion
Design/Logic Flaw
2018-07-27 15:29:00

0.001 Low

EPSS

Percentile

46.4%

JSON
Related for RHSA-2017:3389
redhat1cvelist1veracode1redhatcve1nvd1nessus2cve1prion1