RHSA-2016:0489
Vulnerability from csaf_redhat
Published
2016-03-22 16:49
Modified
2024-11-22 09:45
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Enterprise release 2.2.9, which fixes several
security issues, several bugs, and introduces feature enhancements, is
now available.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issue is addressed with this release:
It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Enterprise release 2.2.9, which fixes several \nsecurity issues, several bugs, and introduces feature enhancements, is \nnow available.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release:\n\nIt was found that ActiveMQ did not safely handle user supplied data \nwhen deserializing objects. A remote attacker could use this flaw to \nexecute arbitrary code with the permissions of the ActiveMQ \napplication. (CVE-2015-5254)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, \nCVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, \nCVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, \nCVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.9, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:0489", url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1111456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1111456", }, { category: "external", summary: "1140816", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1140816", }, { category: "external", summary: "1160934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1160934", }, { category: "external", summary: "1168480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168480", }, { category: "external", summary: "1169690", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169690", }, { category: "external", summary: "1265423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265423", }, { category: "external", summary: "1265811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265811", }, { category: "external", summary: "1279584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279584", }, { category: "external", summary: "1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "1283372", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283372", }, { category: "external", summary: "1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "1294513", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1294513", }, { category: "external", summary: "1299014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299014", }, { category: "external", summary: "1299095", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299095", }, { category: "external", summary: "1302787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1302787", }, { category: "external", summary: "1305688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1305688", }, { category: "external", summary: "1307174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307174", }, { category: "external", summary: "1307175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307175", }, { category: "external", summary: "1308716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308716", }, { category: "external", summary: "1308718", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308718", }, { category: "external", summary: "1308720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308720", }, { category: "external", summary: "1308722", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308722", }, { category: "external", summary: "1308739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308739", }, { category: "external", summary: "1310247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310247", }, { category: "external", summary: "1310266", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310266", }, { category: "external", summary: "1310841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310841", }, { category: "external", summary: "1314535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314535", }, { category: "external", summary: "1314546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314546", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0489.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T09:45:53+00:00", generator: { date: "2024-11-22T09:45:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:0489", initial_release_date: "2016-03-22T16:49:04+00:00", revision_history: [ { date: "2016-03-22T16:49:04+00:00", number: "1", summary: "Initial version", }, { date: "2016-03-22T16:49:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:45:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product: { name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Node 2.2", product: { name: "Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Client 2.2", product: { name: "Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_id: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade@2.2.9-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.src", product: { name: "rhc-0:1.38.6.1-1.el6op.src", product_id: "rhc-0:1.38.6.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "php-0:5.3.3-46.el6_7.1.src", product: { name: "php-0:5.3.3-46.el6_7.1.src", product_id: "php-0:5.3.3-46.el6_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.3.3-46.el6_7.1?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.src", product: { name: "jenkins-0:1.625.3-1.el6op.src", product_id: "jenkins-0:1.625.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-release@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-node@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-yum-validator@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-broker@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.noarch", product: { name: "rhc-0:1.38.6.1-1.el6op.noarch", product_id: "rhc-0:1.38.6.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.noarch", product: { name: "jenkins-0:1.625.3-1.el6op.noarch", product_id: "jenkins-0:1.625.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-intl@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-process@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-fpm@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq-client@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", }, product_reference: "rhc-0:1.38.6.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", }, product_reference: "rhc-0:1.38.6.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", }, product_reference: "jenkins-0:1.625.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", }, product_reference: "jenkins-0:1.625.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-0:5.3.3-46.el6_7.1.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", }, product_reference: "php-0:5.3.3-46.el6_7.1.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-devel-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-imap-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-intl-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-process-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5317", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282359", }, ], notes: [ { category: "description", text: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5317", }, { category: "external", summary: "RHBZ#1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5317", url: "https://www.cve.org/CVERecord?id=CVE-2015-5317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "exploit_status", date: "2023-05-12T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", }, { cve: "CVE-2015-5318", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282361", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5318", }, { category: "external", summary: "RHBZ#1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5318", url: "https://www.cve.org/CVERecord?id=CVE-2015-5318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", }, { cve: "CVE-2015-5319", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282362", }, ], notes: [ { category: "description", text: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5319", }, { category: "external", summary: "RHBZ#1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5319", url: "https://www.cve.org/CVERecord?id=CVE-2015-5319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", }, { cve: "CVE-2015-5320", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282363", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5320", }, { category: "external", summary: "RHBZ#1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5320", url: "https://www.cve.org/CVERecord?id=CVE-2015-5320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", }, { cve: "CVE-2015-5321", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282364", }, ], notes: [ { category: "description", text: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Information disclosure via sidepanel (SECURITY-192)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5321", }, { category: "external", summary: "RHBZ#1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5321", url: "https://www.cve.org/CVERecord?id=CVE-2015-5321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Information disclosure via sidepanel (SECURITY-192)", }, { cve: "CVE-2015-5322", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282365", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Local file inclusion vulnerability (SECURITY-195)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5322", }, { category: "external", summary: "RHBZ#1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5322", url: "https://www.cve.org/CVERecord?id=CVE-2015-5322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Local file inclusion vulnerability (SECURITY-195)", }, { cve: "CVE-2015-5323", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282366", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: API tokens of other users available to admins (SECURITY-200)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5323", }, { category: "external", summary: "RHBZ#1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5323", url: "https://www.cve.org/CVERecord?id=CVE-2015-5323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: API tokens of other users available to admins (SECURITY-200)", }, { cve: "CVE-2015-5324", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282367", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5324", }, { category: "external", summary: "RHBZ#1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5324", url: "https://www.cve.org/CVERecord?id=CVE-2015-5324", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", }, { cve: "CVE-2015-5325", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282368", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5325", }, { category: "external", summary: "RHBZ#1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5325", url: "https://www.cve.org/CVERecord?id=CVE-2015-5325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", }, { cve: "CVE-2015-5326", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282369", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5326", }, { category: "external", summary: "RHBZ#1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5326", url: "https://www.cve.org/CVERecord?id=CVE-2015-5326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", }, { cve: "CVE-2015-7537", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291795", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7537", }, { category: "external", summary: "RHBZ#1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7537", url: "https://www.cve.org/CVERecord?id=CVE-2015-7537", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", }, { cve: "CVE-2015-7538", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291797", }, ], notes: [ { category: "description", text: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF protection ineffective (SECURITY-233)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7538", }, { category: "external", summary: "RHBZ#1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7538", url: "https://www.cve.org/CVERecord?id=CVE-2015-7538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF protection ineffective (SECURITY-233)", }, { cve: "CVE-2015-7539", discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291798", }, ], notes: [ { category: "description", text: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7539", }, { category: "external", summary: "RHBZ#1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7539", url: "https://www.cve.org/CVERecord?id=CVE-2015-7539", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", }, { cve: "CVE-2015-8103", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282371", }, ], notes: [ { category: "description", text: "The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the \"Groovy variant in 'ysoserial'\".", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8103", }, { category: "external", summary: "RHBZ#1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8103", url: "https://www.cve.org/CVERecord?id=CVE-2015-8103", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.