The openshift-origin-broker package provides the OpenShift Broker service
that manages all user logins, DNS name resolution, application states, and
general orchestration of the applications.
The rubygem-openshift-origin-auth-remote-user package provides the remote
user authentication plug-in.
A flaw was found in the way openshift-origin-broker handled authentication
requests via the remote user authentication plug-in. A remote attacker able
to submit a request to openshift-origin-broker could set the X-Remote-User
header, and send the request to a passthrough trigger, resulting in a
bypass of the authentication checks to gain access to any OpenShift user
account on the system. (CVE-2014-0188)
All users of Red Hat OpenShift Enterprise 1.2.7 are advised to upgrade to
these updated packages, which contain a backported patch to correct this
issue. After installing the updated packages, restart the httpd daemon for
this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | rubygem-openshift-origin-auth-remote-user | < 1.8.4-1.el6op | rubygem-openshift-origin-auth-remote-user-1.8.4-1.el6op.noarch.rpm |
RedHat | 6 | src | rubygem-openshift-origin-auth-remote-user | < 1.8.4-1.el6op | rubygem-openshift-origin-auth-remote-user-1.8.4-1.el6op.src.rpm |
RedHat | 6 | src | openshift-origin-broker | < 1.5.9-1.el6op | openshift-origin-broker-1.5.9-1.el6op.src.rpm |
RedHat | 6 | noarch | openshift-origin-broker | < 1.5.9-1.el6op | openshift-origin-broker-1.5.9-1.el6op.noarch.rpm |