- Issued:
- 2018-08-13
- Updated:
- 2018-08-13
RHBA-2018:2383 - Update Data Grid 7.1 and 7.2 OpenShift Images to Fix CVE-2018-10897
Synopsis
Update Data Grid 7.1 and 7.2 OpenShift Images to Fix CVE-2018-10897
Type/Severity
Bug Fix Advisory None
Topic
This errata fixes CVE-2018-10897 ("yum-utils: reposync: improper path validation may lead to directory traversal").
This errata applies to the Red Hat JBoss Data Grid 7.1 for OpenShift image, Red Hat JBoss Data Grid 7.2 for OpenShift image, and Red Hat JBoss Data Grid 7.1 Client for OpenShift image. These images are supported on Red Hat OpenShift Container Platform versions 3.9 and 3.10.
Description
The JBoss Data Grid 7.1 OpenShift image, JBoss Data Grid 7.2 OpenShift image, and JBoss Data Grid 7.1 Client for OpenShift image require a fix for CVE-2018-10897 ("yum-utils: reposync: improper path validation may lead to directory traversal").
Solution
On your master host(s), log in to the CLI as a cluster administrator or other user that has project administrator access to the global "openshift" project. For example, to log in with the default system:admin user, run the following command:
$ oc login -u system:admin
Run the following command to update the image streams in the "openshift" project:
$ for is in jboss-datagrid71-openshift:1.3
jboss-datagrid72-openshift:1.0
jboss-datagrid71-client-openshift:1.0 ;
do
oc -n openshift import-image ${is}
done
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift Container Platform | 3.9 | x86_64 |
| Red Hat OpenShift Container Platform | 3.10 | x86_64 |
Fixes
(none)
CVEs
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.