Bug 1321990

Summary: Update openshift openvswitch images for CVE-2016-2074
Product: OpenShift Container Platform Reporter: Troy Dawson <tdawson>
Component: NetworkingAssignee: Troy Dawson <tdawson>
Status: CLOSED DUPLICATE QA Contact: Meng Bo <bmeng>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: aos-bugs, yadu
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-04 15:06:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Troy Dawson 2016-03-29 14:15:35 UTC 
It has been determined that OpenShift 3.1 is not vulnerable to CVE-2016-2074
https://bugzilla.redhat.com/show_bug.cgi?id=1318553

We will still update openvswitch in OpenShift, as part of our ongoing efforts to keep OpenShift as secure and hardened as possible.
Comment 1 Troy Dawson 2016-03-29 14:19:17 UTC 
I think I worded my original entry poorly.
We are not updating openvswitch from 2.4.0 to 2.5.0.
We are updating to a patched version of 2.4.0.  Only the security vulnerability was patched.
Comment 2 Troy Dawson 2016-03-29 14:26:22 UTC 
We will be updating to openvswitch-2.4.0-2.el7_2
Comment 4 Yan Du 2016-03-30 09:58:58 UTC 
Already update to openvswitch-2.4.0-2.el7_2

# rpm -qa openvswitch
openvswitch-2.4.0-2.el7_2.x86_64

# rpm -qa | grep node
tuned-profiles-atomic-openshift-node-3.1.1.6-4.git.32.adf8ec9.el7aos.x86_64
atomic-openshift-node-3.1.1.6-4.git.32.adf8ec9.el7aos.x86_64

Covered some basic regression testing, pod/svc/route all work well. Move bug to verified.
Comment 6 Troy Dawson 2016-04-04 15:06:23 UTC 

*** This bug has been marked as a duplicate of bug 1323321 ***