Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update
🔗 CVE IDs covered (14)
📋 Description
CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2015-7501 — apache-commons-collections: InvokerTransformer code execution during deserialisation CVE-2016-0788 — jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) CVE-2016-0789 — jenkins: HTTP response splitting vulnerability (SECURITY-238) CVE-2016-0790 — jenkins: Non-constant time comparison of API token (SECURITY-241) CVE-2016-0791 — jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245) CVE-2016-0792 — jenkins: Remote code execution through remote API (SECURITY-247) CVE-2016-3721 — jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170) CVE-2016-3722 — jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243) CVE-2016-3723 — jenkins: Information on installed plugins exposed via API (SECURITY-250) CVE-2016-3724 — jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266) CVE-2016-3725 — jenkins: Regular users can trigger download of update site metadata (SECURITY-273) CVE-2016-3726 — jenkins: Open redirect to scheme-relative URLs (SECURITY-276) CVE-2016-3727 — jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
🔗 References (28)
- selfhttps://access.redhat.com/errata/RHSA-2016:1773
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1196783
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1217403
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1266239
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1274852
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1279330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282852
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1311722
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1311946
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1311947
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1311948
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1311949
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1311950
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335415
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335416
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335417
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335418
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335420
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335421
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1335422
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1358938
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1361305
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1361306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1361307
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1362666
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1773.json