Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHBA-2017:1129 - Bug Fix Advisory
Issued:
2017-04-26
Updated:
2017-04-26

RHBA-2017:1129 - Bug Fix Advisory

  • Overview
  • Updated Packages

Synopsis

OpenShift Container Platform 3.5, 3.4, 3.3, and 3.2 bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform releases 3.5.5.8, 3.4.1.18, 3.3.1.20, and 3.2.1.31 are now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.5.5.8, 3.4.1.18, 3.3.1.20, and 3.2.1.31. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2017:1130

This update fixes the following bugs:

  • Manifest verification did not pay attention to non-local layers. Therefore, verification failed if pull-through was enabled. This bug fix uses pull-through to verify remote layers. Manifest verification is now successful. (BZ#1411161)
  • The master API investigated the wrong object to determine the Docker image reference of a new image stream mapping when the referenced image already existed. Therefore, the created image stream tag contained misleading information about the image's location. It pointed to the original image stream. With this bug fix, the master API now properly determines the Docker image reference for new image stream mappings. (BZ#1427441)
  • When quickly and repeatedly adding and deleting a route with same name in a namespace, the router pod panics with an error of "invalid state transition: Deleted -> ADDED". Now, adding the objects UID to the event queue key generation function addresses the issue. (BZ#1429823)
  • When searching images eligible for pruning, a logic error was identified in how weak and strong references are. Some images having both strong and weak references in the pruning graph could be removed during pruning. This bug fix corrected the logic responsible for finding which images have strong references. Pruning now correctly recognizes and prunes images. (BZ#1433721)
  • Builds that quickly progress from running to complete did not trigger the logic that sets the build start time. Builds would miss the build start time. Now, if a build completes without having the start time set, the start time is set equal to the completion time. (BZ#1436395)
  • When the RestrictUsersAdmission admission control plug-in is enforcing role binding restrictions and examines a role binding with a service account subject, the plug-in requires that the subject have an explicit namespace that matches some role binding restriction in order to be admitted. When an application template contains a role binding with a service account subject, typically the subject's namespace is left blank in the template so that the namespace will be defaulted to the namespace in which the role binding is created. This happens only after admission control is performed. Role binding restrictions cannot match against role bindings, so the plug-in rejects these role bindings. The plug-in now treats a blank namespace in a service account subject as implicitly matching the namespace of the role binding restriction and admits the role bindings. (BZ#1439859)
  • With the serial policy, the failure of a build was not triggering the logic to check for the next build to run. After a failed build, a delay of up to two minutes could occur before the next build would start, when using a serial build policy. This bug fix ensures the next build is triggered immediately after a build fails. Now, the next build starts immediately after a build fails (or otherwise completes). (BZ#1440147)
  • OpenShift Container Platform (OCP) logic for persistent volume attach/detach logic on AWS queried status of each attach/detach operation using separate API calls for each persistent volume. OCP could run out of AWS API call quota and be throttled by AWS. As a result, attach/detach operations could slow when multiple volumes were attached/detached at the same time. With this bug fix, OCP uses bulk query to determine status of all attach/detach operations at once. Attaching and detaching volumes is now faster. (BZ#1441748)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 3.5, see the following documentation, which will be updated shortly for release 3.5.5.8, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_5_release_notes.html

For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

For OpenShift Container Platform 3.3, see the following documentation, which will be updated shortly for release 3.3.1.20, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html

For OpenShift Container Platform 3.2, see the following documentation, which will be updated shortly for release 3.2.1.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

  • Red Hat OpenShift Container Platform 3.5 x86_64
  • Red Hat OpenShift Container Platform 3.4 x86_64
  • Red Hat OpenShift Container Platform 3.3 x86_64

Fixes

  • BZ - 1371375 - Race condition during aws ebs/cinder volume detach and delete
  • BZ - 1397293 - It takes too long to show log entries on Kibana with journald log driver after scale up ES
  • BZ - 1411161 - [3.3] Fail to push built image to registry due to "manifest blob unknown: blob unknown to registry" without define output image via oc new-build
  • BZ - 1415112 - [3.5] [networking_public_407] the router configuration not reloaded after the namespace label changed
  • BZ - 1426511 - Failed to fit node if nodeselector sepecified when upgrade logging stacks via ansible
  • BZ - 1427441 - [3.4][Backport] ImageStream references same image in another project
  • BZ - 1429823 - [3.5.x] Observed a panic: "Invalid state transition: DELETED -> ADDED" (Invalid state transition: DELETED -> ADDED) - default router
  • BZ - 1433721 - Missing images, streams and tags for running PODs and DCs
  • BZ - 1436395 - Some build failures do not show STARTED value
  • BZ - 1439859 - cannot create jenkins pipeline buildConfig when no jenkins server preinstall
  • BZ - 1440147 - Failed builds delay start of next build + don't have a completion time
  • BZ - 1440977 - [3.4] Router hangs on deadlock
  • BZ - 1441748 - AWS quota problems in Openshift 3.5
  • BZ - 1442859 - [3.3] Router hangs on deadlock
  • BZ - 1442860 - [3.5] Router hangs on deadlock
  • BZ - 1443665 - [3.4] HAProxy router's request buffer is too small

CVEs

(none)

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.5

SRPM
atomic-openshift-3.5.5.8-1.git.0.1a85a97.el7.src.rpm SHA-256: 783a96714c40d22b07b4b2e5e0b0251dd66e690fe5752f108ce6e29e6b383337
python-ruamel-ordereddict-0.4.9-3.el7.src.rpm SHA-256: 5b9cbf5c337e1e6c37d808fcfac6dedcee00638fb4549b13a23344e8169a3800
python-typing-3.5.2.2-2.el7.src.rpm SHA-256: a8ea79d773276eef0d7a3a081e70cd6832410cbc697f4d7552e2941a721d020b
x86_64
atomic-openshift-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: f92cce0365ddbbf504a822caf2c89e584b87909e820b4ed643bfddd7d4100a63
atomic-openshift-clients-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: fba16d879046f3e0862d5463b41fe2b1035872d986c1e60e6c0e86e2a20a366d
atomic-openshift-clients-redistributable-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: 68d4c2f7f84517988925e1441c57eaf22f1872518d4975a8654f63d72a3673a5
atomic-openshift-docker-excluder-3.5.5.8-1.git.0.1a85a97.el7.noarch.rpm SHA-256: 80d1499fa6d4cfcc49d9a5bdc8345ce209049e0f6c15204cffd0bbc076beb356
atomic-openshift-dockerregistry-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: 71edbe12a7f1d8ff22f7ac6c619c400e6c80942e142f97e574ff995a5354155a
atomic-openshift-excluder-3.5.5.8-1.git.0.1a85a97.el7.noarch.rpm SHA-256: 5c7e34ece324eca2d4be02fccfce54bb84efaf67a65fe198cf7b45fcdd630783
atomic-openshift-master-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: bc4ad80d4c213811e084eff40f0b18c62586339d803676bf83919dcb201fe173
atomic-openshift-node-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: 15f9aa4ae2618fa8cfd9cb7154c4814308d95f26d2ed8e38cd5ae3234602d811
atomic-openshift-pod-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: 082569fcf75faaf936ebeba9006bbafd84d96a59b08f6f7b832ff535c02006f5
atomic-openshift-sdn-ovs-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: 05f350719a4649dc87113088dde92b4c15fb468044238049e446e356f0e9c099
atomic-openshift-tests-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: f1f585fe403d0e787d711bb855ce4fc868fe1d96957d0b07f6a5e495356f6efc
python2-ruamel-ordereddict-0.4.9-3.el7.x86_64.rpm SHA-256: e8ee94dac65e3a3661f746bc133ff072de128c466d29e95f6ad6a3a1ea1a50fd
python2-typing-3.5.2.2-2.el7.noarch.rpm SHA-256: acde81560aa4f44cff60f0b64b8e801ef86354af6c3fae7e62a5aaec39bb86e8
tuned-profiles-atomic-openshift-node-3.5.5.8-1.git.0.1a85a97.el7.x86_64.rpm SHA-256: d128d52f4b815c86da6db6f3ce4e95ada834dc3330a9038d276cb2eae6324f52

Red Hat OpenShift Container Platform 3.4

SRPM
atomic-openshift-3.4.1.18-1.git.0.0f9d380.el7.src.rpm SHA-256: 9254c3d00a6d7a2bdbf9dceefdf84c315e5460922fed95b5584d9c9251f4d6b0
python-ruamel-ordereddict-0.4.9-3.el7.src.rpm SHA-256: 5b9cbf5c337e1e6c37d808fcfac6dedcee00638fb4549b13a23344e8169a3800
python-typing-3.5.2.2-2.el7.src.rpm SHA-256: a8ea79d773276eef0d7a3a081e70cd6832410cbc697f4d7552e2941a721d020b
x86_64
atomic-openshift-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: bcdd11967fc312e2fb1dc77c09cdd73508c995a8a2e4453f4fe3f635e69e4934
atomic-openshift-clients-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: 4b0eeda982308dafe6c91219ad6492c95897d99b0e12937e7468eeb17dd6b0b9
atomic-openshift-clients-redistributable-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: 35a46cca1741db0417c9fcd4ea97d875fcbcb8c8eb331727dad35f2658b74256
atomic-openshift-docker-excluder-3.4.1.18-1.git.0.0f9d380.el7.noarch.rpm SHA-256: 00a96da2fc81775e072b3a7d061f10c481aaf529ba44b8368396f1d334408f6a
atomic-openshift-dockerregistry-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: 6670e37afdcc3753387bc3c539366f43f2730b709995cb5d93fa9a9dd90604ad
atomic-openshift-excluder-3.4.1.18-1.git.0.0f9d380.el7.noarch.rpm SHA-256: f238ea3d60fbdf204c2cce9a091fda4b71a4bb635675a7ed6b35e6c85b971b75
atomic-openshift-master-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: 2ab1c75d94ce225f48572914c43301f33e32c9f0b7b5697d894a21f32f14e902
atomic-openshift-node-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: dad8c30bb9c85a99c233d120b3de68c7583d725e38276a60912a6e78f57083e0
atomic-openshift-pod-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: ff95458cd5ca16c5b7a02f33330705bdd4ee7172245c039ad4914757d756645f
atomic-openshift-sdn-ovs-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: ff2d8cfe535fa29a6880f7bf49d2f0b44500762b006e8855b78ce73c27f5fc7b
atomic-openshift-tests-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: 020f1327bfe7ca131ea78fc1423bfdde24c0a6b8b28f311ef38abfb656f70a62
python-ruamel-ordereddict-debuginfo-0.4.9-3.el7.x86_64.rpm SHA-256: 4cc73545d6b684ba25b18c0536447a920b04cf8f9da21996c6e6593cba0a1ad2
python2-ruamel-ordereddict-0.4.9-3.el7.x86_64.rpm SHA-256: e8ee94dac65e3a3661f746bc133ff072de128c466d29e95f6ad6a3a1ea1a50fd
python2-typing-3.5.2.2-2.el7.noarch.rpm SHA-256: acde81560aa4f44cff60f0b64b8e801ef86354af6c3fae7e62a5aaec39bb86e8
tuned-profiles-atomic-openshift-node-3.4.1.18-1.git.0.0f9d380.el7.x86_64.rpm SHA-256: 5aab216c0680f87c3be428a2a6760248ac819b6b73cedaca4ba2b33347f28c5b

Red Hat OpenShift Container Platform 3.3

SRPM
atomic-openshift-3.3.1.20-1.git.0.71967e4.el7.src.rpm SHA-256: 7c8ae7ee4ae499c5aef58231e0439cae5eb84483f07b3a09b77c819c8d09bf92
x86_64
atomic-openshift-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 26f963e6abecea044943f899277eddbf15eb61265ce8aec9beda4d8821b08f25
atomic-openshift-clients-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 9a0207d4f7717dfc3be9060ff7d33ee3db8c45896bb17be7435e1cbbc8c606b7
atomic-openshift-clients-redistributable-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 58d31f276cf5ec282aa39bc8e5442ddddc8387ff20506ef8b0848f34f62c1d22
atomic-openshift-docker-excluder-3.3.1.20-1.git.0.71967e4.el7.noarch.rpm SHA-256: 3b548ffa2d0636a62b0001606041d3512ab26b38094d159a716c999a331f6ab0
atomic-openshift-dockerregistry-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 49ae1bf1e54853813baf925ed3e4d9579744b011aca7065b0d9bff16b8e8c24e
atomic-openshift-excluder-3.3.1.20-1.git.0.71967e4.el7.noarch.rpm SHA-256: c296cd204263a11d5f54b8fadeb6965501bbab9d1669a2d699db181b052ecad5
atomic-openshift-master-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: d0ef1c8d694f6e81b7e26d9339b97265c999b0ea873eb5856fe18ff1d2a2df5b
atomic-openshift-node-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 970846a066e6d4f54927cbc441cc870d78f9cc25388f269442c299589c730b56
atomic-openshift-pod-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 1457aaeaa42633bed8ff28eef2517327321f976d8e09782a8f4f9154a0abccba
atomic-openshift-sdn-ovs-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: cd1b776da95b41431168de0708aea4875c21cd085243085a70400c5e2daa053f
atomic-openshift-tests-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: e7ac5ecaf04ea3fd0dd1e0f588a3b71b1ced9e13609625537dddd661cc51c1e8
tuned-profiles-atomic-openshift-node-3.3.1.20-1.git.0.71967e4.el7.x86_64.rpm SHA-256: 742f9da84e49124e7fedf19125b58459fb9cbcb75e60b83c78c22d4a3a333660

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility