Red Hat Product Errata RHSA-2018:2654 - Security Advisory

Issued:: 2018-09-26
Updated:: 2018-09-26

RHSA-2018:2654 - Security Advisory

Overview
Updated Packages

Synopsis

Important: OpenShift Container Platform 3.6 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Container Platform release 3.6.173.0.130 is now available with updates to packages that fix one security issue and several bugs.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.173.0.130. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:2655

This update fixes the following bug:

atomic-openshift: oc patch with json causes masterapi service crash (CVE-2018-14632)

All OpenShift Container Platform 3.6 users are advised to upgrade to these updated packages.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Lars Haugan for reporting this issue.

Bug Fix(es):

Retries have been added to shared-resource-viewer update
logic avoiding problems with object contention. (BZ#1507119)
Certificate expiry playbook run error (BZ#1509859)
Running metrics playbook for cleanup with Ansible 2.2.3 fails about field 'args' including invalid value (BZ#1550680)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See the following documentation, which will be updated shortly for release 3.6.173.0.130, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.6/release_notes/ocp_3_6_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

Red Hat OpenShift Container Platform 3.6 x86_64

Fixes

BZ - 1507119 - oc apply and replace terminate upgrades if a resource update is contentious
BZ - 1509859 - Certificate expiry playbook run error
BZ - 1550680 - Running metrics playbook for cleanup with Ansible 2.2.3 fails about field 'args' including invalid value
BZ - 1625885 - CVE-2018-14632 atomic-openshift: oc patch with json causes masterapi service crash

CVEs

CVE-2018-14632

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.6

SRPM
atomic-openshift-3.6.173.0.130-1.git.0.8d78a39.el7.src.rpm	SHA-256: 2a5784bfd6f5a0699b13212daac550aa6e068d864e1ddb0499de29409f8767c6
openshift-ansible-3.6.173.0.130-1.git.0.22ddff9.el7.src.rpm	SHA-256: 3871eddfb926ebaa2fd69289148a03d237182b899922f7fb6c946f363a97855d
python-paramiko-2.1.1-4.el7.src.rpm	SHA-256: 43ba21a7cbfc99918164c9dee8e2c2ece5915b421834a00474d2bfbeb3d748b7
x86_64
atomic-openshift-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: b9c04c9e3570d295f6e84d9635636715c9eb418b75ed945b99e5de7d75f00fdd
atomic-openshift-clients-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: 73216df5abfdc0c16eacdecb71c9d942a4311ab2362d7259fbc06a69843b35d1
atomic-openshift-clients-redistributable-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: 46aaad0b1605e1ad87c3a5f67773ae6483fae06ed5da445f39162bb50024aa99
atomic-openshift-cluster-capacity-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: f8fe30bb38a872fd317e9d38c1b435a2933abfeb1560fbbf1e99b2a2d5566d6f
atomic-openshift-docker-excluder-3.6.173.0.130-1.git.0.8d78a39.el7.noarch.rpm	SHA-256: 8234c714fa3242df5109f2a5f61190d6288059c0b7e94e0218771bd80c49b888
atomic-openshift-dockerregistry-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: db61e376f8a37511dd78a4d2c9c4bcf030995bd4935e2904420fa6baf6ae91ab
atomic-openshift-excluder-3.6.173.0.130-1.git.0.8d78a39.el7.noarch.rpm	SHA-256: 688849b02c5fadb937bac572cba24ef9f09a4750e42a3fa1ede364e5e901e780
atomic-openshift-federation-services-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: 7fbd2755819be2cfc91e6c4f1ee2bb53f49bd5abed302560fcdbcf57fec084a8
atomic-openshift-master-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: a29a0859b7ece169a34f77d9a2706dd8dfd626c2b55bc8e2fb8c5e82b4d961ae
atomic-openshift-node-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: 0a0be070019db07c84f8ae647baf079a4299bac9edd9eb940fdf8372ec27da8b
atomic-openshift-pod-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: 0c5bb9eb6a2f4efee34104d4caf8b7fb3bb363403268fc714c8abbe4cb477933
atomic-openshift-sdn-ovs-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: fa97610f6e2583beb0feeae6d6749b1df1f6da2e908516164b60d4d434a491d6
atomic-openshift-service-catalog-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: e819cb457cecbdb0e113bc637be72f075aa130583f49be8e7733be4eb7a5704c
atomic-openshift-tests-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: 5a587fc7e683d3cf842c187f255a19371c1c540b9dbcd75f86186644bd885174
atomic-openshift-utils-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: d025615bae2424fc234203272b2a99b6c7c8d9fbfbe535179f0c869154ef95ce
openshift-ansible-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: 9d40f0fae71092f12ef8f6e8b18473840f3a5db88848e57cf3983aebae3ac285
openshift-ansible-callback-plugins-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: 73612a4be98e1fee1a4ef77e4901e43008b2ab727676699649a6566401a89e35
openshift-ansible-docs-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: c93da4514aa5284af196c2ff62ede15f3d035c36ffd0d84ea56294ce57777487
openshift-ansible-filter-plugins-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: 5fceb687867a251fe4850791d6451c32c6feef3d83b5207c8c80aab9ed7f11d3
openshift-ansible-lookup-plugins-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: d7edfbbddad5b75c5b0596116489802e65e12c4a6b8fb2bae1004593edf933af
openshift-ansible-playbooks-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: ead7980f0dcc1168596c00490b2beafe86318d57e8970ae38f5061300539a8ee
openshift-ansible-roles-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.rpm	SHA-256: 192a72873c837276ef99b99526220d0530014f5e6d4dbd96db23314e56ce1ba7
python-paramiko-2.1.1-4.el7.noarch.rpm	SHA-256: 461375b1b458818f5b5893aefac09fbf39cd651c081e63479915b8ffa33a72cc
python-paramiko-doc-2.1.1-4.el7.noarch.rpm	SHA-256: 4abfc94c371f6fb64761ad9616522bfbab10091dc60cc0513f2496b70a883d36
tuned-profiles-atomic-openshift-node-3.6.173.0.130-1.git.0.8d78a39.el7.x86_64.rpm	SHA-256: fa32a39a70dc03cf5d22ca2fa6fcc5281db5b0553e738120c5c158fb65736a24

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories