Bug 1297910 (CVE-2016-1905) - CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control
Summary: CVE-2016-1905 Kubernetes api server: patch operation should use patched objec...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-1905
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1298116 (view as bug list)
Depends On: 1297917 1297918
Blocks: 1297922 1298133
TreeView+ depends on / blocked
 
Reported: 2016-01-12 18:37 UTC by Kurt Seifried
Modified: 2019-09-29 13:41 UTC (History)
13 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-03-22 04:37:05 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0070 0 normal SHIPPED_LIVE Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update 2016-01-27 00:12:41 UTC
Red Hat Product Errata RHSA-2016:0351 0 normal SHIPPED_LIVE Moderate: kubernetes security update 2016-03-03 21:22:22 UTC

Description Kurt Seifried 2016-01-12 18:37:03 UTC 
Kubernetes api server: patch operation should use patched object to check 
admission control

External reference:
https://github.com/kubernetes/kubernetes/issues/19479
Comment 2 Kurt Seifried 2016-01-13 18:38:04 UTC 
Upstream patch:

https://github.com/deads2k/kubernetes/commit/d1e258afcf837cf70522c2950bb0aef593da9c3e
Comment 3 Kurt Seifried 2016-01-13 18:38:31 UTC 
*** Bug 1298116 has been marked as a duplicate of this bug. ***
Comment 5 errata-xmlrpc 2016-01-26 19:20:53 UTC 
This issue has been addressed in the following products:

  RHEL 7 Version of OpenShift Enterprise 3.1

Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070
Comment 6 errata-xmlrpc 2016-03-03 16:22:54 UTC 
This issue has been addressed in the following products:

  RHEL 7 Version of OpenShift Enterprise 3.0

Via RHSA-2016:0351 https://access.redhat.com/errata/RHSA-2016:0351
Note You need to log in before you can comment on or make changes to this bug.