- Issued:
- 2017-03-06
- Updated:
- 2017-03-06
RHSA-2017:0448 - Important: ansible and openshift-ansible security and bug fix update
Synopsis
Important: ansible and openshift-ansible security and bug fix update
Type/Severity
Security Advisory Important
Topic
An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3, and Red Hat OpenShift Container Platform 3.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
Security Fix(es):
- An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. (CVE-2016-9587)
Bug Fix(es):
Space precludes documenting all of the non-security bug fixes in this advisory. See the relevant OpenShift Container Platform Release Notes linked to in the References section, which will be updated shortly for this release.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:
yum update atomic-openshift-utils
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift Container Platform | 3.4 | x86_64 |
| Red Hat OpenShift Container Platform | 3.3 | x86_64 |
| Red Hat OpenShift Container Platform | 3.2 | x86_64 |
Updated Packages
- openshift-ansible-docs-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
- openshift-ansible-filter-plugins-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- openshift-ansible-lookup-plugins-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- openshift-ansible-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-roles-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- atomic-openshift-utils-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- ansible-2.2.1.0-2.el7.noarch.rpm
- openshift-ansible-docs-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- openshift-ansible-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
- openshift-ansible-callback-plugins-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- openshift-ansible-filter-plugins-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-3.4.67-1.git.0.14a0b4d.el7.src.rpm
- openshift-ansible-playbooks-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
- openshift-ansible-playbooks-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-roles-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-playbooks-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- openshift-ansible-roles-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
- ansible-2.2.1.0-2.el7.src.rpm
- openshift-ansible-callback-plugins-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-docs-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-3.4.67-1.git.0.14a0b4d.el7.noarch.rpm
- atomic-openshift-utils-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
- openshift-ansible-3.3.67-1.git.0.7c5da0c.el7.src.rpm
- openshift-ansible-lookup-plugins-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
- openshift-ansible-3.2.53-1.git.0.2fefc17.el7.src.rpm
- atomic-openshift-utils-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-lookup-plugins-3.3.67-1.git.0.7c5da0c.el7.noarch.rpm
- openshift-ansible-filter-plugins-3.2.53-1.git.0.2fefc17.el7.noarch.rpm
Fixes
- This content is not included.BZ - 1379189
- This content is not included.BZ - 1388016
- This content is not included.BZ - 1389263
- This content is not included.BZ - 1393000
- This content is not included.BZ - 1404378
- This content is not included.BZ - 1414276
- This content is not included.BZ - 1415067
- This content is not included.BZ - 1416926
- This content is not included.BZ - 1416927
- This content is not included.BZ - 1417680
- This content is not included.BZ - 1417681
- This content is not included.BZ - 1417682
- This content is not included.BZ - 1419493
- This content is not included.BZ - 1419533
- This content is not included.BZ - 1419654
- This content is not included.BZ - 1420393
- This content is not included.BZ - 1420395
- This content is not included.BZ - 1421053
- This content is not included.BZ - 1421059
- This content is not included.BZ - 1421061
- This content is not included.BZ - 1421860
- This content is not included.BZ - 1422361
- This content is not included.BZ - 1426705
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- This page is not included, but the link has been rewritten to point to the nearest parent document.This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html
- This page is not included, but the link has been rewritten to point to the nearest parent document.This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html
- This page is not included, but the link has been rewritten to point to the nearest parent document.This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.