Issued:: 2014-10-14
Updated:: 2014-10-14

RHBA-2014:1630 - Red Hat OpenShift Enterprise 2.1 jenkins-plugin-openshift bug fix update

Synopsis

Red Hat OpenShift Enterprise 2.1 jenkins-plugin-openshift bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated jenkins-plugin-openshift and openshift-origin-cartridge-jenkins packages that fix a bug are now available for Red Hat OpenShift Enterprise 2.1.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This update fixes the following bug:

Changes to the httpd and mod_ssl packages in Red Hat Enterprise Linux 6.6 caused certain ciphers' key sizes offered during TLS/SSL handshaking to be larger than the same ciphers' key sizes in previous versions. These larger key sizes are not supported by the current release of openjdk-1.7.0 and cause an exception during TLS/SSL handshaking. On OpenShift Enterprise deployments which had been updated to Red Hat Enterprise Linux 6.6, Jenkins builds failed because the Jenkins plug-in could not negotiate an SSL connection with the broker REST API endpoint.

If an updated OpenJDK package newer than java-1.7.0-openjdk-1.7.0.65-2.5.1.2 is available, then the openjdk-1.7.0 package must be updated. On systems where the update is either unavailable or otherwise cannot be installed, this bug fix provides the updated Jenkins cartridge and dependencies to allow the problematic cipher to be disabled. Users can take advantage of this by checking out the Jenkins gear repository and adding the "disable_bad_ciphers_yes" marker file. As a result, Jenkins builds work as before. It is important to note that disabling the problematic cipher degrades the security of the REST API connections from the Jenkins gear, and as soon as possible the OpenJDK package must be updated and the marker file removed from all active Jenkins gears. (BZ#1127667)

All OpenShift Enterprise users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See the OpenShift Enterprise 2.1 Release Notes, which will be updated shortly for this advisory, for important instructions on how to fully apply this asynchronous errata update:

This content is not included.https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/2/html-single/2.1_Release_Notes/index.html#chap-Asynchronous_Errata_Updates

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/site/articles/11258.

Affected Products

Product	Version	Arch
Red Hat OpenShift Enterprise Application Node	2.1	x86_64

Updated Packages

jenkins-plugin-openshift-0.6.40.1-0.el6op.x86_64.rpm
jenkins-plugin-openshift-0.6.40.1-0.el6op.src.rpm
openshift-origin-cartridge-jenkins-1.20.3.5-1.el6op.src.rpm
openshift-origin-cartridge-jenkins-1.20.3.5-1.el6op.noarch.rpm
jenkins-1.565.3-1.el6op.src.rpm
jenkins-1.565.3-1.el6op.noarch.rpm

Fixes

This content is not included.BZ - 1127667

CVEs

(none)

References

(none)

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.