(RHSA-2015:2615) Moderate: openshift security update

OpenShift Enterprise by Red Hat is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

It was found that OpenShift’s API back end did not verify requests for
pod log locations, allowing a pod on a Node to request logs for any
other pod on that Node. A remote attacker could use this flaw to view
sensitive information via pod logs that they would normally not have
access to. (CVE-2015-7528)

This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.

To use the latest ‘openshift3/ose:v3.1.0.4’ image with the ID
“d4caa301790e” simply run the following command:

docker pull registry.access.redhat.com/openshift3/ose:v3.1.0.4

and then restart any containers based on this image.

All OpenShift Enterprise 3.0 and 3.1 users are advised to upgrade to
these updated images, which correct this issue.