csaf_redhat - rhsa-2016

rhsa-2016_1853

Vulnerability from csaf_redhat

Published

2016-09-12 17:33

Modified

2024-11-22 10:15

Summary

Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security update and bug fix update

Notes

Topic

An update for atomic-openshift and heapster is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * When processing an archive file that contains an archive entry with type 1 (hardlink) but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data. (CVE-2016-5418) Red Hat would like to thank Insomnia Security for reporting this issue. This update also fixes the following bugs: * Previously, pods that had a resource request of 0 and specified limits were classified as BestEffort when they should have been classified as Burstable. This bug fix ensures that those pods are correctly classified as Burstable.(BZ#1357475) * Future versions of docker will require containerized installations of OpenShift Container Platform to mount /var/lib/origin with the `rslave` flag. New installations of OpenShift Container Platform 3.2 have this value set. However, upgrades from 3.1 did not properly set this value. This bug fix ensures that this flag is now set during upgrades, ensuring that OpenShift Container Platform works properly under future versions of docker. (BZ#1358197) * The PersistentVolumeLabel admission plug-in is now enabled by default. This plug-in labels AWS and GCE volumes with their zone so the scheduler can limit the nodes for a pod to only those in the same zone as the persistent volumes being used by the pod. (BZ#1365600) * Previously, heapster incorrectly generated error messages indicating that it "Failed to find node". This bug fix corrects that error and ensures that erroneous warnings are generated.(BZ#1366367) * The deployment controllers' resync interval can now be configured. The previously hard-coded 2-minute default is the likely cause of performance regressions when thousands of deploymentconfigs are present in the system. Increase the resync interval by setting deploymentControllerResyncMinute in /etc/origin/master/master-config.yaml.(BZ#1366381) * Previously, AWS-related environment variables were removed from /etc/sysconfig/atomic-openshift-master files during an upgrade if these values were not included in the advanced installer's inventory file. This bug fix ensures that these variables are now preserved during upgrades. (BZ#1370641) * Previously, updates to the containerized atomic-openshift-node service were not properly reloaded during upgrades. This bug fix corrects this error and ensures that the service is reloaded during upgrades. (BZ#1371708) * Previously the installer did not properly configure an environment for flannel when openshift_use_flannel was set to `true`. This bug fix corrects those errors and the installer will now correctly deploy environments using flannel. (BZ#1372026)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for atomic-openshift and heapster is now available for Red Hat OpenShift Enterprise 3.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing Platform-\nas-a-Service (PaaS) solution designed for on-premise or private cloud \ndeployments.\n\nSecurity Fix(es):\n\n* When processing an archive file that contains an archive entry with type 1 (hardlink) but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data. (CVE-2016-5418)\n\nRed Hat would like to thank Insomnia Security for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, pods that had a resource request of 0 and specified limits were classified as BestEffort when they should have been classified as Burstable. This bug fix ensures that those pods are correctly classified as Burstable.(BZ#1357475)\n\n* Future versions of docker will require containerized installations of OpenShift Container Platform to mount /var/lib/origin with the `rslave` flag. New installations of OpenShift Container Platform 3.2 have this value set. However, upgrades from 3.1 did not properly set this value. This bug fix ensures that this flag is now set during upgrades, ensuring that OpenShift Container Platform works properly under future versions of docker. (BZ#1358197)\n\n* The PersistentVolumeLabel admission plug-in is now enabled by default. This plug-in labels AWS and GCE volumes with their zone so the scheduler can limit the nodes for a pod to only those in the same zone as the persistent volumes being used by the pod. (BZ#1365600)\n\n* Previously, heapster incorrectly generated error messages indicating that it \"Failed to find node\". This bug fix corrects that error and ensures that erroneous warnings are generated.(BZ#1366367)\n\n* The deployment controllers\u0027 resync interval can now be configured. The previously hard-coded 2-minute default is the likely cause of performance regressions when thousands of deploymentconfigs are present in the system. Increase the resync interval by setting deploymentControllerResyncMinute in /etc/origin/master/master-config.yaml.(BZ#1366381)\n\n* Previously, AWS-related environment variables were removed from /etc/sysconfig/atomic-openshift-master files during an upgrade if these values were not included in the advanced installer\u0027s inventory file. This bug fix ensures that these variables are now preserved during upgrades. (BZ#1370641)\n\n* Previously, updates to the containerized atomic-openshift-node service were not properly reloaded during upgrades. This bug fix corrects this error and ensures that the service is reloaded during upgrades. (BZ#1371708)\n\n* Previously the installer did not properly configure an environment for flannel when openshift_use_flannel was set to `true`. This bug fix corrects those errors and the installer will now correctly deploy environments using flannel. (BZ#1372026)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:1853",
        "url": "https://access.redhat.com/errata/RHSA-2016:1853"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1357475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357475"
      },
      {
        "category": "external",
        "summary": "1358197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358197"
      },
      {
        "category": "external",
        "summary": "1362601",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601"
      },
      {
        "category": "external",
        "summary": "1365600",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365600"
      },
      {
        "category": "external",
        "summary": "1366367",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366367"
      },
      {
        "category": "external",
        "summary": "1366381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366381"
      },
      {
        "category": "external",
        "summary": "1370641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370641"
      },
      {
        "category": "external",
        "summary": "1371708",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371708"
      },
      {
        "category": "external",
        "summary": "1372026",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372026"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1853.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security update and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T10:15:42+00:00",
      "generator": {
        "date": "2024-11-22T10:15:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2016:1853",
      "initial_release_date": "2016-09-12T17:33:15+00:00",
      "revision_history": [
        {
          "date": "2016-09-12T17:33:15+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-09-12T17:33:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T10:15:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.2",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.2",
                  "product_id": "7Server-RH7-RHOSE-3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.2::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "heapster-0:1.1.0-1.beta2.el7.1.x86_64",
                "product": {
                  "name": "heapster-0:1.1.0-1.beta2.el7.1.x86_64",
                  "product_id": "heapster-0:1.1.0-1.beta2.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/heapster@1.1.0-1.beta2.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-recycle@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.2.1.15-1.git.0.d84be7f.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "heapster-0:1.1.0-1.beta2.el7.1.src",
                "product": {
                  "name": "heapster-0:1.1.0-1.beta2.el7.1.src",
                  "product_id": "heapster-0:1.1.0-1.beta2.el7.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/heapster@1.1.0-1.beta2.el7.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
                  "product_id": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.15-1.git.0.d84be7f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
                  "product_id": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.2.28-1.git.0.5a85fc5.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                "product": {
                  "name": "openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_id": "openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.2.28-1.git.0.5a85fc5.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "heapster-0:1.1.0-1.beta2.el7.1.src as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.src"
        },
        "product_reference": "heapster-0:1.1.0-1.beta2.el7.1.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "heapster-0:1.1.0-1.beta2.el7.1.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.x86_64"
        },
        "product_reference": "heapster-0:1.1.0-1.beta2.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Insomnia Security"
          ]
        }
      ],
      "cve": "CVE-2016-5418",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-07-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1362601"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive\u0027s file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.src",
          "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.x86_64",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
          "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5418"
        },
        {
          "category": "external",
          "summary": "RHBZ#1362601",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5418"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5418",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5418"
        },
        {
          "category": "external",
          "summary": "http://seclists.org/oss-sec/2016/q3/255",
          "url": "http://seclists.org/oss-sec/2016/q3/255"
        }
      ],
      "release_date": "2016-09-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-09-12T17:33:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe following images are included in this errata :\nopenshift3/openvswitch:v3.2.1.15\nopenshift3/ose-pod:v3.2.1.15\nopenshift3/ose:v3.2.1.15\nopenshift3/ose-docker-registry:v3.2.1.15\nopenshift3/ose-keepalived-ipfailover:v3.2.1.15\nopenshift3/ose-recycler:v3.2.1.15\nopenshift3/ose-f5-router:v3.2.1.15\nopenshift3/ose-deployer:v3.2.1.15\nopenshift3/node:v3.2.1.15\nopenshift3/ose-sti-builder:v3.2.1.15\nopenshift3/ose-docker-builder:v3.2.1.15\nopenshift3/ose-haproxy-router:v3.2.1.15\nopenshift3/metrics-heapster:3.2.1-4",
          "product_ids": [
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.src",
            "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.x86_64",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1853"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.src",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-utils-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.src",
            "7Server-RH7-RHOSE-3.2:heapster-0:1.1.0-1.beta2.el7.1.x86_64",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-0:3.2.28-1.git.0.5a85fc5.el7.src",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-docs-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-filter-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-lookup-plugins-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-playbooks-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:openshift-ansible-roles-0:3.2.28-1.git.0.5a85fc5.el7.noarch",
            "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.15-1.git.0.d84be7f.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite"
    }
  ]
}

cve-2016-5418

Vulnerability from cvelistv5

Published

2016-09-21 14:00

Modified

2024-08-06 01:00

Severity ?

Summary

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1362601	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1852	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1853	vendor-advisory, x_refsource_REDHAT
	https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1844.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f	x_refsource_MISC
	https://github.com/libarchive/libarchive/issues/746	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1850.html	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/201701-03	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/93165	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2016/08/09/2	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601"
          },
          {
            "name": "RHSA-2016:1852",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1852"
          },
          {
            "name": "RHSA-2016:1853",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1853"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9"
          },
          {
            "name": "RHSA-2016:1844",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/libarchive/libarchive/issues/746"
          },
          {
            "name": "RHSA-2016:1850",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1850.html"
          },
          {
            "name": "GLSA-201701-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-03"
          },
          {
            "name": "93165",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93165"
          },
          {
            "name": "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/08/09/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601"
        },
        {
          "name": "RHSA-2016:1852",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1852"
        },
        {
          "name": "RHSA-2016:1853",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1853"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9"
        },
        {
          "name": "RHSA-2016:1844",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/libarchive/libarchive/issues/746"
        },
        {
          "name": "RHSA-2016:1850",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1850.html"
        },
        {
          "name": "GLSA-201701-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-03"
        },
        {
          "name": "93165",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93165"
        },
        {
          "name": "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/08/09/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-5418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601"
            },
            {
              "name": "RHSA-2016:1852",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1852"
            },
            {
              "name": "RHSA-2016:1853",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1853"
            },
            {
              "name": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
              "refsource": "CONFIRM",
              "url": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9"
            },
            {
              "name": "RHSA-2016:1844",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
              "refsource": "MISC",
              "url": "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f"
            },
            {
              "name": "https://github.com/libarchive/libarchive/issues/746",
              "refsource": "CONFIRM",
              "url": "https://github.com/libarchive/libarchive/issues/746"
            },
            {
              "name": "RHSA-2016:1850",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1850.html"
            },
            {
              "name": "GLSA-201701-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-03"
            },
            {
              "name": "93165",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93165"
            },
            {
              "name": "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/08/09/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5418",
    "datePublished": "2016-09-21T14:00:00",
    "dateReserved": "2016-06-10T00:00:00",
    "dateUpdated": "2024-08-06T01:00:59.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted