exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2017-0448-01

Red Hat Security Advisory 2017-0448-01
Posted Mar 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0448-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-9587
SHA-256 | 15d2e1d3a3647695e67c17545982961b87adc3960197616242e1d5c91083dc39

Red Hat Security Advisory 2017-0448-01

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: ansible and openshift-ansible security and bug fix update
Advisory ID: RHSA-2017:0448-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2017:0448
Issue date: 2017-03-06
CVE Names: CVE-2016-9587
=====================================================================

1. Summary:

An update for ansible and openshift-ansible is now available for Red Hat
OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3,
and Red Hat OpenShift Container Platform 3.4.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 3.2 - noarch
Red Hat OpenShift Container Platform 3.3 - noarch
Red Hat OpenShift Container Platform 3.4 - noarch

3. Description:

Red Hat OpenShift Container Platform is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.

Ansible is a SSH-based configuration management, deployment, and task
execution system. The openshift-ansible packages contain Ansible code and
playbooks for installing and upgrading OpenShift Container Platform 3.

Security Fix(es):

* An input validation vulnerability was found in Ansible's handling of data
sent from client systems. An attacker with control over a client system
being managed by Ansible and the ability to send facts back to the Ansible
server could use this flaw to execute arbitrary code on the Ansible server
using the Ansible server privileges. (CVE-2016-9587)

Bug Fix(es):

Space precludes documenting all of the non-security bug fixes in this
advisory. See the relevant OpenShift Container Platform Release Notes
linked to in the References section, which will be updated shortly for this
release.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To apply this update, run the following on all hosts where you intend to
initiate Ansible-based installation or upgrade procedures:

# yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1379189 - [3.2] ansible sometimes gets UNREACHABLE error after iptables restarted
1388016 - [3.3] The insecure-registry address was removed during upgrade
1389263 - [3.4] the summary of json report should include total/ok number after certificate expiry check
1393000 - [3.3] Ansible upgrade from 3.2 to 3.3 fails
1404378 - CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller
1414276 - [3.3] Installer is failing when `ansible_user` is set to Windows Login which requires dom\user format
1415067 - [3.2]Installer should persist net.ipv4.ip_forward
1416926 - [3.3] ansible sometimes gets UNREACHABLE error after iptables restarted
1416927 - [3.4] ansible sometimes gets UNREACHABLE error after iptables restarted
1417680 - [3.2] Backport openshift_certificate_expiry role
1417681 - [3.4] Backport openshift_certificate_expiry role
1417682 - [3.3] Backport openshift_certificate_expiry role
1419493 - [3.4] Installer pulls in 3.3 registry-console image
1419533 - [3.2]Installation on node failed when creating node config
1419654 - [3.4] Containerized advanced installation fails due to missing CA certificate /etc/origin/master/ca.crt
1420393 - [3.4] conntrack executable not found on $PATH during cluster horizontal run
1420395 - [3.3] conntrack executable not found on $PATH during cluster horizontal run
1421053 - [quick installer 3.4] quick installer failed due to a python method failure
1421059 - [quick installer 3.2]quick installer failed due to a python method failure
1421061 - [quick installer 3.3]quick installer failed due to a python method failure
1421860 - [3.4] Metrics Resolution of Heapster Image Should be 30s to Match cAdvisor
1422361 - [3.4] Advanced installer fails if python-six not available
1426705 - [3.4] Installer is failing when `ansible_user` is set to Windows Login which requires dom\user format

6. Package List:

Red Hat OpenShift Container Platform 3.2:

Source:
ansible-2.2.1.0-2.el7.src.rpm
openshift-ansible-3.2.53-1.git.0.2fefc17.el7.src.rpm

noarch:
ansible-2.2.1.0-2.el7.noarch.rpm
atomic-openshift-utils-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
openshift-ansible-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
openshift-ansible-docs-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
openshift-ansible-filter-plugins-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
openshift-ansible-playbooks-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
openshift-ansible-roles-3.2.53-1.git.0.2fefc17.el7.noarch.rpm

Red Hat OpenShift Container Platform 3.3:

Source:
ansible-2.2.1.0-2.el7.src.rpm
openshift-ansible-3.3.67-1.git.0.7c5da0c.el7.src.rpm

noarch:
ansible-2.2.1.0-2.el7.noarch.rpm
atomic-openshift-utils-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-callback-plugins-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-docs-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-filter-plugins-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-playbooks-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
openshift-ansible-roles-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm

Red Hat OpenShift Container Platform 3.4:

Source:
ansible-2.2.1.0-2.el7.src.rpm
openshift-ansible-3.4.67-1.git.0.14a0b4d.el7.src.rpm

noarch:
ansible-2.2.1.0-2.el7.noarch.rpm
atomic-openshift-utils-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-callback-plugins-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-docs-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-filter-plugins-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-playbooks-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
openshift-ansible-roles-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-9587
https://access.redhat.com/security/updates/classification/#important
https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html
https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html
https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYvZOvXlSAg2UNWIIRAtBgAKC/a5j2ToXiQ4uD9JYy2bMKYn+9JwCeL4nh
A7ntVFTpJOYbu3M9BeVZGqk=
=mgid
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close