OpenShift Enterprise by Red Hat is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issue is addressed with this release:
It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.