[Bug 1298128] New: openshift-origin: kubernetes: Building configuration to a strategy not allowed by policy

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1298128

            Bug ID: 1298128
           Summary: openshift-origin: kubernetes: Building configuration
                    to a strategy not allowed by policy
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: ama...@redhat.com
                CC: abhgu...@redhat.com, dmcph...@redhat.com,
                    epa...@redhat.com, golang@lists.fedoraproject.org,
                    jca...@redhat.com, jchal...@redhat.com,
                    jia...@redhat.com, joker...@redhat.com,
                    kseifr...@redhat.com, lme...@redhat.com,
                    mmcco...@redhat.com, nhor...@redhat.com,
                    tiwil...@redhat.com, vba...@redhat.com



It was found that it is allowed to modify a build to use a restricted strategy
so that it escalates privileges when built.

Upstream Bug:

https://github.com/openshift/origin/issues/6556

Upstream patch:

https://github.com/openshift/origin/pull/6576

CVE request:

http://seclists.org/oss-sec/2016/q1/79

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
golang mailing list
golang@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/golang@lists.fedoraproject.org