RedHatRHSA-2014:0423(RHSA-2014:0423) Critical: openshift-origin-broker security update
0.006 Low
EPSS
Percentile
79.1%
The openshift-origin-broker package provides the OpenShift Broker service
that manages all user logins, DNS name resolution, application states, and
general orchestration of the applications.
The rubygem-openshift-origin-auth-remote-user package provides the remote
user authentication plug-in.
A flaw was found in the way openshift-origin-broker handled authentication
requests via the remote user authentication plug-in. A remote attacker able
to submit a request to openshift-origin-broker could set the X-Remote-User
header, and send the request to a passthrough trigger, resulting in a
bypass of the authentication checks to gain access to any OpenShift user
account on the system. (CVE-2014-0188)
All users of Red Hat OpenShift Enterprise 2.0.5 are advised to upgrade to
these updated packages, which contain a backported patch to correct this
issue. After installing the updated packages, restart the httpd daemon for
this update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | src | openshift-origin-broker | < 1.15.3.5-1.el6op | openshift-origin-broker-1.15.3.5-1.el6op.src.rpm |
| RedHat | 6 | noarch | openshift-origin-broker | < 1.15.3.5-1.el6op | openshift-origin-broker-1.15.3.5-1.el6op.noarch.rpm |
| RedHat | 6 | src | rubygem-openshift-origin-auth-remote-user | < 1.17.4-1.el6op | rubygem-openshift-origin-auth-remote-user-1.17.4-1.el6op.src.rpm |
| RedHat | 6 | noarch | rubygem-openshift-origin-auth-remote-user | < 1.17.4-1.el6op | rubygem-openshift-origin-auth-remote-user-1.17.4-1.el6op.noarch.rpm |
Related
