The rubygem-openshift-origin-node package provides basic OpenShift node
functionality.
A command injection flaw was found in rubygem-openshift-origin-node.
A remote, authenticated user permitted to install cartridges via the web
interface could use this flaw to execute arbitrary code with root
privileges on the Red Hat OpenShift node server. (CVE-2014-3496)
This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team.
All rubygem-openshift-origin-node users are advised to upgrade to this
updated package, which contains a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | rubygem-openshift-origin-node | < 1.9.14.8-1.el6op | rubygem-openshift-origin-node-1.9.14.8-1.el6op.src.rpm |
RedHat | 6 | noarch | rubygem-openshift-origin-node | < 1.9.14.8-1.el6op | rubygem-openshift-origin-node-1.9.14.8-1.el6op.noarch.rpm |