Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:0475 - Security Advisory
Issued:
2018-03-12
Updated:
2018-03-12

RHSA-2018:0475 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat OpenShift Container Platform security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Container Platform 3.7, 3.6, 3.5, 3.4, and 3.3.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Container Platform by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for this release. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:0476

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.

Security Fix(es):

  • kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath (CVE-2017-1002101)
  • pod: Malicious containers can delete any file from the node (CVE-2017-1002102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.7 x86_64
  • Red Hat OpenShift Container Platform 3.6 x86_64
  • Red Hat OpenShift Container Platform 3.5 x86_64
  • Red Hat OpenShift Container Platform 3.4 x86_64
  • Red Hat OpenShift Container Platform 3.3 x86_64

Fixes

  • BZ - 1525130 - CVE-2017-1002101 kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath
  • BZ - 1551818 - CVE-2017-1002102 pod: Malicious containers can delete any file from the node
  • BZ - 1554174 - atomic-openshift-docker-excluder allows docker-1.13 on OpenShift 3.7

CVEs

  • CVE-2017-1002101
  • CVE-2017-1002102

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.7

SRPM
atomic-openshift-3.7.23-1.git.5.83efd71.el7.src.rpm SHA-256: 4f8c6f97efc8bd8e93b5408b19eba633c35ad8a69921827c552247225514d55f
x86_64
atomic-openshift-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: b24ffcdacdc644d8aa8050ed6dbb0d6e63770619ef3b5e635a81827956578bdf
atomic-openshift-clients-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 0bfb67321931797d059b70731ec34b1f2ebeb11bd8ba8497b86ef2362b3a157d
atomic-openshift-clients-redistributable-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: f627c65b40ead98c7ae9eb35cdcd2e64d81933de7e3003bad70b7cc8d9a9351b
atomic-openshift-cluster-capacity-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 5b5ca130c2a478388e2a36abfc7d528c326f66c5d086c4b4195c5a8976fd5bde
atomic-openshift-docker-excluder-3.7.23-1.git.5.83efd71.el7.noarch.rpm SHA-256: f63c4600fed10abd48331cbb4bb4e4b00d6f206ea9f11099de22ca453eae52fe
atomic-openshift-dockerregistry-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: adf6d8a3af5814cdd6f022b7d2d65cae2bfb63a0bf3943202b999d40e0673e70
atomic-openshift-excluder-3.7.23-1.git.5.83efd71.el7.noarch.rpm SHA-256: 9b979347a33679ab3c2cabbb67ca056e793590b713bdd4a40e8f2be226495ed9
atomic-openshift-federation-services-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: fb76b10b8ee639370a543872d6cec6badef38d614096652125bf0f0f8e82aa69
atomic-openshift-master-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 4a8e1395dacf6060ae40eb8e8810f85a1d3a44ea0647d3db27107af66bb65b45
atomic-openshift-node-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: cb43862edb405e9e93dc7338b1045d3b54d43f441a5f44023129a1414810a2f4
atomic-openshift-pod-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 187229adc2f4e54f14cebad669080573bae3f61d1ad4840ed68a13a213c30999
atomic-openshift-sdn-ovs-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 03f0851f37caafa4122df4e3e51c1f9e547de64ac703fd83e107aad73433bf9c
atomic-openshift-service-catalog-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: a0483c8893238230c53e141cc344e60a5e54ecb10f4cabcb686b5041a2412491
atomic-openshift-template-service-broker-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 786c8b808a72f29a55ef7ec89f09806c6f4a875448de7a4054969abf84d62b1b
atomic-openshift-tests-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 09429ea355fb45efa92f718dac9b80add73cc2295c48f3f751d2ac9aab536c09
tuned-profiles-atomic-openshift-node-3.7.23-1.git.5.83efd71.el7.x86_64.rpm SHA-256: 4f08ab309b0848f8f2436ef207a71427f000d40a99019bceda768a8d7a11aefb

Red Hat OpenShift Container Platform 3.6

SRPM
atomic-openshift-3.6.173.0.96-1.git.4.e6301f8.el7.src.rpm SHA-256: 6463997425fecc5975ea547b57528e64e2d215516f2528fbbf2ac8178d8daed2
x86_64
atomic-openshift-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 359f72feb2759d588cc533035ea30c74a6a14f95c0b6ac43647f537f45d77061
atomic-openshift-clients-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: e176b8a8c1e45456bd64d307c06e910642b7b801b024a38cc101ca8a855cda0b
atomic-openshift-clients-redistributable-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 46d05a7cc6f38ad4aa11bb862b07c83cde48544ea162c14b638f7ec4d075c123
atomic-openshift-cluster-capacity-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: ac00ae735f5c39012e8b6b000ef828b9044cc2c1c927316d81003d0cbf29d756
atomic-openshift-docker-excluder-3.6.173.0.96-1.git.4.e6301f8.el7.noarch.rpm SHA-256: 801cdc971dadb2a64242f6a4903530b378f5f4bf9153ac2ac13f3d257a5e2fd3
atomic-openshift-dockerregistry-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: b1f5edd552eeee9b87a66ce012fb23b9cb5c3f01375c0e889b6b06367e16f812
atomic-openshift-excluder-3.6.173.0.96-1.git.4.e6301f8.el7.noarch.rpm SHA-256: f6c4d263af05f274e2acbd95695c64e602ed1b1d78227fdda69c5037d508631a
atomic-openshift-federation-services-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: f9a4586a56b9ea4e838a5eec3fdba24c05e3f99620f6e2e09ce0ebd1f4da6710
atomic-openshift-master-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 8733bcb87f8e36e1a09b489c74740a27a4f731ea47d8861fb970a0bafd63b7fa
atomic-openshift-node-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 53dd730234a214289db3ab337abcfd71f73f2854d9a213882871244ca03763ca
atomic-openshift-pod-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 715aa7bf149d84b0e6a683aee37e115b7319602a34e721e4f73ada3bc21d7d97
atomic-openshift-sdn-ovs-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 7eec31fd5af51ac11442142df8188b988c4e72f7888c6c8bd4d2a6cc9d8dac43
atomic-openshift-service-catalog-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: e538dc19630f959f61a40b9c8d4ca2814fed1e337597b83b3543df2f54328a8e
atomic-openshift-tests-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: 6ac5db54d3981851907657edbb8b883584645d13f06e9d975eee58cec10efdd5
tuned-profiles-atomic-openshift-node-3.6.173.0.96-1.git.4.e6301f8.el7.x86_64.rpm SHA-256: b6c63d3293a11af940c60af8a8d3853cf887c04a20d112c9e04b52279934f9f2

Red Hat OpenShift Container Platform 3.5

SRPM
atomic-openshift-3.5.5.31.48-1.git.4.ff6153e.el7.src.rpm SHA-256: 4b22ee927dbf8d593bd8ba1191b312148d8f67b9e87bfe486e0c9a2fc2ea6062
x86_64
atomic-openshift-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: c35efa642d67e64cbeb53f81c8e1028c6980b3171c29609f05d6d50a1de7dacd
atomic-openshift-clients-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 9d3d329fb7db8b1217e5e7b06528d7888d6b63c24cc123e250f580600f953e8c
atomic-openshift-clients-redistributable-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 37f017e35548bb0dba9621f6106bc802438b1c9d82c2a5875cd52098bf45c3c9
atomic-openshift-docker-excluder-3.5.5.31.48-1.git.4.ff6153e.el7.noarch.rpm SHA-256: d1f731f4cc00b41c2bbf8e39d0a96d39f3f1b7df33bd036a8122af82097210bb
atomic-openshift-dockerregistry-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 0261ac5231b261918af758d3abf082f469f686b575307330b1ebe0863bbd8a98
atomic-openshift-excluder-3.5.5.31.48-1.git.4.ff6153e.el7.noarch.rpm SHA-256: 2ac11113be4c75c4dea43a6fc01a9674aa6f5a091e3f6de8adea5e5f4a7586ab
atomic-openshift-master-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 922057708299c4d7c28179b661695c8dc01d42b4b8066c727f92732f68315c82
atomic-openshift-node-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 7cd9e28bc1c336eb1ad8ecad83a77d4a6edfd6be43b35d599400daec98d03d45
atomic-openshift-pod-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 96988602eb8a31947cefad439491f1f8bd7317efa67da86ffcaf8bfa06e63c3b
atomic-openshift-sdn-ovs-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 8d863b28359f0489d7f7afd4d0ff0364659c4811c84229aa964b6e9c3bfe6d16
atomic-openshift-tests-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 268636d84b75f26649144e8d8c74ec4c199b7fcc55ed11dde43c0736c1e2ee1c
tuned-profiles-atomic-openshift-node-3.5.5.31.48-1.git.4.ff6153e.el7.x86_64.rpm SHA-256: 247aec7a1cab78ef68e8cdf6f9550292a517273b50a3f2aef5cb12a0b583646f

Red Hat OpenShift Container Platform 3.4

SRPM
atomic-openshift-3.4.1.44.38-1.git.4.bb8df08.el7.src.rpm SHA-256: ccb73cade2d9b28421087b77ff1992e90611c3d26af5b5aab63f1b7ff0765bd5
x86_64
atomic-openshift-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: d16ab8c36641608c63e72031b6cc80a12eab0ced40c6db8f612a582dd254db54
atomic-openshift-clients-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: b37c96cb83817f3f18484372a48ff8f08d0816c1005db724e3ae1e93cd8db895
atomic-openshift-clients-redistributable-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: f17c0ff75d667d99134f63bf1b0d106d0f813e291a9f7830933e9e1407501503
atomic-openshift-docker-excluder-3.4.1.44.38-1.git.4.bb8df08.el7.noarch.rpm SHA-256: 07074e84ab44d08d54c9a51fa6d6edffb053c3cf3687a34fd8cdff1a76cf961f
atomic-openshift-dockerregistry-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: a91c1dfb9705067ed1cac4737ca4dc35a46a14b7186d85e9e84d51ec14bd5815
atomic-openshift-excluder-3.4.1.44.38-1.git.4.bb8df08.el7.noarch.rpm SHA-256: 85b50c5adf61d5513e7d32120795de4a323d5786d46eaddc6b29bb59e8f2a3d7
atomic-openshift-master-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: ed60f2e3ecbb25b39679851822d84e290729e3666637684b2a523e83efa885d0
atomic-openshift-node-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: daa2cc0c240fbfe28bc71273c3b0390d6c4efffdf88885ee0ecf4a4c4169c944
atomic-openshift-pod-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: 6f4c2fa3d115ef6e423cc6219ee6b20e38de2ecced2af99782cb3e06d9c259c4
atomic-openshift-sdn-ovs-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: af6bc6726a766f905f28a1ecde50dd962970945d33c1f4c58ed3f1775babad51
atomic-openshift-tests-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: 077c3850c4033df802cc20537f457c7a376589f48724eacd76edc2f0c25b50d4
tuned-profiles-atomic-openshift-node-3.4.1.44.38-1.git.4.bb8df08.el7.x86_64.rpm SHA-256: 9909ddc9d010bb99e6362ff1dac0d253a8e122badea169854c47269e76d23f01

Red Hat OpenShift Container Platform 3.3

SRPM
atomic-openshift-3.3.1.46.11-1.git.4.e236015.el7.src.rpm SHA-256: 435f1005206c5090c38bfea43b16cf4c0f7e9f8f20920b1c87acc68b9fe80dbf
x86_64
atomic-openshift-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 5bca62e7168fc9fd480cfdcfdbcd206fa5eb8ce06f854007e129f85a9565da40
atomic-openshift-clients-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 06a6fe04dfa12102fe9c412150659566f11d77ba274def2bd1ef8ceed72e29f5
atomic-openshift-clients-redistributable-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: a70f8a73fa6dc5bd95281b6a72732aba22c11c3f9704a245e3f994ce8c4d0845
atomic-openshift-docker-excluder-3.3.1.46.11-1.git.4.e236015.el7.noarch.rpm SHA-256: 2b72dcdcdf864396453dc6475d81c3724922c212b054abce40125ac535b349f2
atomic-openshift-dockerregistry-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 12bd09da403ab90c6e68fcb4165e5154c9721c722512a8266f3a4b31481e6838
atomic-openshift-excluder-3.3.1.46.11-1.git.4.e236015.el7.noarch.rpm SHA-256: 07ce00cea45dbc3840d3ef153ee8b692cf78d21874eeda1c3c9bea028b6ef27d
atomic-openshift-master-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 79da37cf7d0feabdbe7401fcf83bb647e836313cc1cd1979378732207ffe4765
atomic-openshift-node-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: e95d9c4fb7a93072289957ebabd00252811d562098b9a0c688d4232c69d83efc
atomic-openshift-pod-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 293871ee35d9072a14cf875fc36a64ba3aa798a0e19ec703d11aa48b138ec2ec
atomic-openshift-sdn-ovs-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 4d4c179af56f76b582b14cd236d0da16ba0af84f5138dc228af354be364e6025
atomic-openshift-tests-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 4d94b515b809e82390200901070374dbbad0f91e75238b99ef219926eea1a6fc
tuned-profiles-atomic-openshift-node-3.3.1.46.11-1.git.4.e236015.el7.x86_64.rpm SHA-256: 44ba2f13eaa37d9c627407e3e3b1a762e63fc7bbc9ea40db5bffedbe46afc0b1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility