Executive Summary

Summary
Title ansible and openshift-ansible security and bug fix update
Informations
Name RHSA-2017:0448 First vendor Publication 2017-03-06
Vendor RedHat Last vendor Modification 2017-03-06
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3, and Red Hat OpenShift Container Platform 3.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 3.2 - noarch Red Hat OpenShift Container Platform 3.3 - noarch Red Hat OpenShift Container Platform 3.4 - noarch

3. Description:

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.

Security Fix(es):

* An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. (CVE-2016-9587)

Bug Fix(es):

Space precludes documenting all of the non-security bug fixes in this advisory. See the relevant OpenShift Container Platform Release Notes linked to in the References section, which will be updated shortly for this release.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:

# yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1379189 - [3.2] ansible sometimes gets UNREACHABLE error after iptables restarted 1388016 - [3.3] The insecure-registry address was removed during upgrade 1389263 - [3.4] the summary of json report should include total/ok number after certificate expiry check 1393000 - [3.3] Ansible upgrade from 3.2 to 3.3 fails 1404378 - CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller 1414276 - [3.3] Installer is failing when `ansible_user` is set to Windows Login which requires dom\user format 1415067 - [3.2]Installer should persist net.ipv4.ip_forward 1416926 - [3.3] ansible sometimes gets UNREACHABLE error after iptables restarted 1416927 - [3.4] ansible sometimes gets UNREACHABLE error after iptables restarted 1417680 - [3.2] Backport openshift_certificate_expiry role 1417681 - [3.4] Backport openshift_certificate_expiry role 1417682 - [3.3] Backport openshift_certificate_expiry role 1419493 - [3.4] Installer pulls in 3.3 registry-console image 1419533 - [3.2]Installation on node failed when creating node config 1419654 - [3.4] Containerized advanced installation fails due to missing CA certificate /etc/origin/master/ca.crt 1420393 - [3.4] conntrack executable not found on $PATH during cluster horizontal run 1420395 - [3.3] conntrack executable not found on $PATH during cluster horizontal run 1421053 - [quick installer 3.4] quick installer failed due to a python method failure 1421059 - [quick installer 3.2]quick installer failed due to a python method failure 1421061 - [quick installer 3.3]quick installer failed due to a python method failure 1421860 - [3.4] Metrics Resolution of Heapster Image Should be 30s to Match cAdvisor 1422361 - [3.4] Advanced installer fails if python-six not available 1426705 - [3.4] Installer is failing when `ansible_user` is set to Windows Login which requires dom\user format

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2017-0448.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 6
Application 1

Nessus® Vulnerability Scanner

Date Description
2017-11-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1259.nasl - Type : ACT_GATHER_INFO
2017-03-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0515.nasl - Type : ACT_GATHER_INFO
2017-02-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0260.nasl - Type : ACT_GATHER_INFO
2017-02-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-77.nasl - Type : ACT_GATHER_INFO
2017-01-26 Name : The remote Fedora host is missing a security update.
File : fedora_2017-418398ce60.nasl - Type : ACT_GATHER_INFO
2017-01-26 Name : The remote Fedora host is missing a security update.
File : fedora_2017-cb88734094.nasl - Type : ACT_GATHER_INFO
2017-01-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a93c3287d8fd11e6be5c001fbc0f280f.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-06-06 17:21:18
  • Multiple Updates
2018-04-26 09:21:22
  • Multiple Updates
2017-03-06 21:24:57
  • First insertion