Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHBA-2017:2642 - Bug Fix Advisory
Issued:
2017-09-08
Updated:
2017-09-08

RHBA-2017:2642 - Bug Fix Advisory

  • Overview
  • Updated Packages

Synopsis

OpenShift Container Platform 3.6.1 bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform releases 3.6.1 are now available with updates to packages and images that fix several bugs and add various enhancements.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHEA-2017:2644

This update fixes the following bugs:

  • When the atomic-openshift-node service got restarted, all processes in its control group are terminated, including the glusterfs-mounted points. Each glusterfs volume in OpenShift corresponds to one mounted point. If all mounting points are lost, so are all of the volumes. Set the control group mode to terminate only the main process and leave the remaining glusterfs mounting points untouched. When the atomic-openshift-node service is restarted, no glusterfs mounting point is terminated.

(BZ#1423640)

  • A route can front up to four services that handle the requests. The load balancing strategy governs which endpoint gets each request. When round-robin is chosen, the portion of the requests that each

service handles is governed by the weight assigned to the service. Each endpoint in the service gets a fraction of the service's requests. (BZ#1473736)

  • When fluentd was reading from the journald and the output buffer queue wass full, the fluentd log was filled up with KubeClient messages. This is a bug in the fluentd filter_kubernetes_metadata plug-in. Ignore fluentd log messages from Kubeclient::Common::WatchNotice. (BZ#1476731)
  • Previously, the Copy Service Labels link in the Create Route form did not correctly copy the labels from the service to the new route. It has been fixed to copy the selected service's labels.

(BZ#1477933)

  • Permissions on directories injected as a build input via the image source input mechanism have user-only access permissions. Therefore, the resulting application image cannot access the content when run as a random user ID. With this bug fix, the directories will be injected with group permissions, which will allow the user access to the container. (BZ#1479130)
  • Kibana nodejs runtime was not the same as the version distributed by Elastic. With this bug fix, the versioning is updated. (BZ#1479928)
  • Previously, the ScaleIO volume plug-in was missing in OpenShift Container Platform. With this bug fix, it is now fully enabled. (BZ#1482273)
  • Namespaces that use reserved names and were not created by infrastructure components should be blocked, as they will cause the upgrade to fail. (BZ#1484958)

This update includes the following enhancement:

  • There is now the ability to set reference policy with `oc import-image`. Set reference policy using the `--reference-policy` flag when invoking `oc import-image`. When importing all tags (using the `--all` flag), all tags will get passed to reference policy, including overwriting the already present one. (BZ#1420976)

All OpenShift Container Platform 3.6 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 3.5, see the following documentation, which will be updated shortly for release 3.5.5.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html

For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.44, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

  • Red Hat OpenShift Container Platform 3.6 x86_64

Fixes

  • BZ - 1420976 - - [platformmanagement_public_852]RreferencePolicy: Source/Local options parameters should be added to 'oc import-image' also
  • BZ - 1423640 - Restart of atomic-openshift-node service terminates pod glusterfs mount
  • BZ - 1473736 - A/B deployment seems to round-robin across all pods in multiple services, instead of proportional routing to services
  • BZ - 1476731 - fluentd log is filled up with KubeClient messages when using journal and output queue is full
  • BZ - 1477223 - Ordinary user can not view their newly created pods' metrics within their project in web console, at the same time, their old pods' metrics data is still visible
  • BZ - 1477933 - Copy Service Labels on route creating page does not work
  • BZ - 1479130 - Directory permissions are incorrect when using Image Source input
  • BZ - 1479928 - Kibana nodejs runtime is not the same as the version distributed by Elastic
  • BZ - 1481251 - [3.6] Regression or change in how kubelet pull credentials are defined?
  • BZ - 1482273 - Missing scaleio volume plugin in openshift
  • BZ - 1484958 - namespaces that use reserved names and were not created by infrastructure components should be blocked

CVEs

  • CVE-2017-1000085
  • CVE-2017-1000089
  • CVE-2017-1000092
  • CVE-2017-1000096

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.6

SRPM
atomic-openshift-3.6.173.0.21-1.git.0.f95b0e7.el7.src.rpm SHA-256: 4ed928534b0f0946035d48d11d0d591b127dd6a2686cf14ee3f1987849919d6b
fluentd-0.12.39-2.el7.src.rpm SHA-256: 00767bd3a2fe9c2b2b50091b47170f595b0587fc25ed48040b90c10d542bdac0
jenkins-2-plugins-3.7.1502412812-1.el7.src.rpm SHA-256: a497044614dc4fb679bef07badd45b14a54327fbbb1f04f65d89e582bab4a6e4
kibana-4.6.4-3.el7.src.rpm SHA-256: e25728de3859311efbc7a3d1a2f07979fcab830f680756ac4b8f468ed0f1a2a5
rubygem-cool.io-1.5.1-1.el7.src.rpm SHA-256: 80c4850d381cd5e3a8a4c3a798810bf1c6d1201ac290e28f4aa42d5ea48742f0
rubygem-excon-0.58.0-1.el7.src.rpm SHA-256: 63428f95cf0f9bb39ba056ea2fd0fcfbff866326265837e60de1b871312d93c5
rubygem-faraday-0.13.0-1.el7.src.rpm SHA-256: 433198f24de59cfb612dd2159851a1c73ca6d451ca6d37a553f82b7d0bd15cb5
rubygem-fluent-plugin-kubernetes_metadata_filter-0.29.0-1.el7.src.rpm SHA-256: 886f8bbb20781435750df8052839dd96f57d68efd3a129fa05c1621ac32a5069
rubygem-fluent-plugin-viaq_data_model-0.0.5-1.el7.src.rpm SHA-256: eb262472cc353db83b93f470e80cccbd3e0f8bcdaaa1a43abd7dabac84870138
rubygem-i18n-0.8.6-1.el7.src.rpm SHA-256: 40784e1f25cb39521f75a31c131cde2f767a0d7a6ee96ab762adb0e1b23f68a9
rubygem-systemd-journal-1.3.0-1.el7.src.rpm SHA-256: 9789eee1754ad68324cbef95473522c1153b468fe0f3ba761752466fa705a9ef
x86_64
atomic-openshift-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 2343edeb8b6ffcc97d80a57fa9b769ddaee14ec938de945a6a8cbb01137e8e8d
atomic-openshift-clients-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: ce109bf14d2fb1348c50bd9a587e4582504d398665d5812f5ad239e07295ad60
atomic-openshift-clients-redistributable-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: ec3665c3ca73c874b26631bb412e0f0294ffe5ff583baa1aed5897c79091a6c8
atomic-openshift-cluster-capacity-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: bd613e4fc86d412dd7584e534683cf2504925ef111915021b9504eaf877c3808
atomic-openshift-docker-excluder-3.6.173.0.21-1.git.0.f95b0e7.el7.noarch.rpm SHA-256: 5b6916115483b41cd2233ceb19798f9de8b3ed9209120080a756ad429ebc3636
atomic-openshift-dockerregistry-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: f67fb4814cf2a0e197c60656c9c0e927d553382861ac85d606b677b30378df1a
atomic-openshift-excluder-3.6.173.0.21-1.git.0.f95b0e7.el7.noarch.rpm SHA-256: 895d82eb00d37beeb5c7f4c9eb0828e104626dbc977e71c7d3a97122ab485798
atomic-openshift-federation-services-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: c0c56ffd3dd4d11d0c5ada609054e39c3b972bb336c7d8c1cb9f4732501e150c
atomic-openshift-master-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 5d2acb6eaf9f80bcce9a94ad6e2eb03137175c1ab7e9b110d0b3f95d784769f4
atomic-openshift-node-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 6d65015dd37477eee762441b6e251174cb9b0f43c8f87be3ce9fce34663628c3
atomic-openshift-pod-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 8bad2ff969b9f60617e78d5b0931cfe665f9818374b7adadfcb9aba7809d19d5
atomic-openshift-sdn-ovs-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 4ce35093482417929605e9c75b559c57c272bb2fbf1faf338496fe65610149b2
atomic-openshift-service-catalog-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 61b5538e620f84c77f66db73bdf03d5bba1cfd77487ee27f31bb2b806edc931a
atomic-openshift-tests-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 2801876a62b938bd2fa129b4f18cfca54188cb763c9ea273e7603fff048a2517
fluentd-0.12.39-2.el7.noarch.rpm SHA-256: 94e6853a11be28c07e5897f4d9703271fa4610799b39900e15df8b61902c97e7
fluentd-doc-0.12.39-2.el7.noarch.rpm SHA-256: f9685024e83f88e0ac7021271259234105bf256809530ce51ede6e19ebebee3a
kibana-4.6.4-3.el7.x86_64.rpm SHA-256: 8c08070fe6b7459daf4860fc7c08a65edd4f3f6666b666a1f58a4ca76d773d4b
kibana-debuginfo-4.6.4-3.el7.x86_64.rpm SHA-256: 41a1a797a355d9d211747c6260fffcd1f6e831c81492b3868ee0189d24b62b3f
rubygem-cool.io-1.5.1-1.el7.x86_64.rpm SHA-256: 5ebd38ffc86c456c51ce1534fee8d18152da24152a96e6305d10b5dd59e48874
rubygem-cool.io-debuginfo-1.5.1-1.el7.x86_64.rpm SHA-256: 5d76b2337eb8b03d6ce77fbe5d84389d9cac3dcad1126c81526cedc4262f26d6
rubygem-cool.io-doc-1.5.1-1.el7.noarch.rpm SHA-256: 8c9628a7c5d0df5e39caa63feb68eff989ed82b030a5f5e1ce9e8d6bb22fde88
rubygem-excon-0.58.0-1.el7.noarch.rpm SHA-256: 13e137eb10bfb5315a3d272ec851125fe502380e3b0339ef754c94dc19888e40
rubygem-excon-doc-0.58.0-1.el7.noarch.rpm SHA-256: 57412d8460409372e1ad54e97933cfa1777df4293a38fac83d3fc3deaea767d6
rubygem-faraday-0.13.0-1.el7.noarch.rpm SHA-256: 793d53a7894deb1a29048e739cca9f1baf0b751f622d06f4c92fbb5d0d38dc2c
rubygem-faraday-doc-0.13.0-1.el7.noarch.rpm SHA-256: 332336fdaf5a538c043f9bb1c0bbe0212aa922b9f6d0d8e59f51d96e6654ebec
rubygem-fluent-plugin-kubernetes_metadata_filter-0.29.0-1.el7.noarch.rpm SHA-256: 930952f07c0c7108d7c9f04712a27ab817b7a359f36331c215a4ee7e963c83db
rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0.29.0-1.el7.noarch.rpm SHA-256: c60d04a4a3374465281c3b5cb6a7cbf1b6ca487b616391ceca46a1c467e4362d
rubygem-fluent-plugin-viaq_data_model-0.0.5-1.el7.noarch.rpm SHA-256: f43cb9d747ee1b7a1191381f70fc8a090010688e3902441f77de35d10454de3e
rubygem-fluent-plugin-viaq_data_model-doc-0.0.5-1.el7.noarch.rpm SHA-256: 4c518b89b31601a125a415c87d9a5f16eeefd20919ce1f6134e6798d9d02d847
rubygem-i18n-0.8.6-1.el7.noarch.rpm SHA-256: 07e90d56705e47009688dd0470cab06756227b7396187c26d6c3cc7be734c15b
rubygem-i18n-doc-0.8.6-1.el7.noarch.rpm SHA-256: 824d425881c989a749a44d142cfc810d048edebabc2901e80dcb874775020745
rubygem-systemd-journal-1.3.0-1.el7.noarch.rpm SHA-256: 7168882610d840c80dfb9a978299a354d57d2cd26844ef85b0143e7f039eb0f8
rubygem-systemd-journal-doc-1.3.0-1.el7.noarch.rpm SHA-256: caca6df412c6455967b322977d393707e09c643bb21f8248aea290e31d9f2728
tuned-profiles-atomic-openshift-node-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm SHA-256: 0c233037c22eebd8346ed5d53af61cc0e1c46255880301f067cfac8bdfd79467

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility