Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Solution Engine
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2018:2908 - Security Advisory
Issued:
2018-11-20
Updated:
2018-11-20

RHSA-2018:2908 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 3.9 security update

Type/Severity

Security Advisory: Critical

Topic

An update is now available for Red Hat OpenShift Container Platform 3.9.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security fix(es):

  • A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)
  • atomic-openshift: oc patch with json causes masterapi service crash (CVE-2018-14632)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Lars Haugan for reporting CVE-2018-14632.

Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:

https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.51. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:2907

All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.9 x86_64

Fixes

  • BZ - 1607150 - UI Timeout causing IE 11 to automatically log out
  • BZ - 1625885 - CVE-2018-14632 atomic-openshift: oc patch with json causes masterapi service crash
  • BZ - 1626281 - [3.9] fluentd pods are running with error logs which makes fill up disk very quickly.
  • BZ - 1628371 - [3.9] Fluentd pods failed to start after an update to 3.9.41 when deny_execmem=1 on nodes
  • BZ - 1628799 - [3.9] Fluentd pod crashes with "undefined symbol: rbffi_Closure_Alloc"
  • BZ - 1629001 - openshift_hosted_manage_registry and openshift_hosted_manage_router are not respected upon upgrade
  • BZ - 1631087 - Cannot see basic audit log
  • BZ - 1632130 - [3.9] Fluentd cannot handle S2I Logs
  • BZ - 1633767 - [3.9] Storage upgrade fails on loaded HA cluster: the server doesn't have a resource type \"clusterservicebrokers\" and ERROR: logging before flag.Parse
  • BZ - 1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

CVEs

  • CVE-2018-14632
  • CVE-2018-1002105

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/security/vulnerabilities/3716411
  • https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    Red Hat OpenShift Container Platform 3.9

    SRPM
    atomic-openshift-3.9.51-1.git.0.dc3a40b.el7.src.rpm SHA-256: 83b565bc84a5ab20759cb41e7cd2767f33adbb5cdcd317914d08c49937f2a82c
    atomic-openshift-web-console-3.9.51-1.git.268.c379530.el7.src.rpm SHA-256: 26ea8833b875fe8cb65f68acf162570e0bc8711fc33700070035c74f7da23cdd
    fluentd-0.12.43-3.el7.src.rpm SHA-256: f198f2b8d1ee6c187fac1895fc747dcc325a187dc18c0acce1c89c933168a8a8
    golang-github-prometheus-node_exporter-3.9.51-1.git.1060.2055e02.el7.src.rpm SHA-256: d2d8c93bf7368097ecc7f6f27318facc8a40e78f29a06992d7a0c5a4cd20e77c
    openshift-ansible-3.9.51-1.git.0.c4968ca.el7.src.rpm SHA-256: eed04227b5ff6f1040ebb1b932268428e89b67c99eac900277fa8c61492481d6
    openshift-elasticsearch-plugin-2.4.4.23__redhat_1-3.el7.src.rpm SHA-256: 4775973002372e1006fb13e1a3b0ab908a0381cecb80f80cf0136d3f13baa0dd
    rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.3-2.el7.src.rpm SHA-256: a82f2e5d400643a95cad8bf3a45bff576eb2ef09f47eef945b6d930b99e59e51
    x86_64
    atomic-openshift-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 74f0d3e35bf9eb9d6a18a6f91906b37f519a0f17e9e034ab03ed479802529a32
    atomic-openshift-clients-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 935283ea579adda49eca4510b480219acb1e69bbd83ad4e67bef185981edd58b
    atomic-openshift-clients-redistributable-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: f7b59bd0b3709c6412856ede5a26dbca622d318bd187d1d04e8eefe79253a60e
    atomic-openshift-cluster-capacity-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 81e4f752a945e924426cc5b89edecbbae29983a593188abaad6c30c3e7a7f615
    atomic-openshift-docker-excluder-3.9.51-1.git.0.dc3a40b.el7.noarch.rpm SHA-256: 37e4adcd9b008153ac6b165039b1b2925ec47c73c93a85d5646956bbb57ab024
    atomic-openshift-dockerregistry-3.9.51-1.git.353.7685923.el7.x86_64.rpm SHA-256: 60963e75da87f5966d7871f3c55236df238375394571667f35177a708867d7d0
    atomic-openshift-excluder-3.9.51-1.git.0.dc3a40b.el7.noarch.rpm SHA-256: 52938485d474e1b9dda7d032259002b148308fd38ec3f9d22efc76a5bc0568b0
    atomic-openshift-federation-services-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: f707a30b70e2e8260c754a7d3f8a1250532a97f6281c6b14c8a7a0256f297a8b
    atomic-openshift-master-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 7fb1bbc4af7d8c2f7a94a43ae5cb7f91c28ed2a02f3e30c17106b1bfc287a481
    atomic-openshift-node-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: ba672b4435fd7739dc801753304a151168d9e376fd2ef9610782180cb641b8dc
    atomic-openshift-pod-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 00cdce2272f5b1613143883877cc4f49924938cd64772be47c9ac1da99f6a94c
    atomic-openshift-sdn-ovs-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: ff7368d254cd3a28201fb7cea725f0f4b641635a830096cbc55ea42cffa02d04
    atomic-openshift-service-catalog-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: fa0bcf5b21925e4977d1320cd34251285f38bfd6abc13b33c69ad34d2eb7e141
    atomic-openshift-template-service-broker-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 62bb9df12b1d289dcceed53916fbe9852efd782f85466281f842f21adbc398ac
    atomic-openshift-tests-3.9.51-1.git.0.dc3a40b.el7.x86_64.rpm SHA-256: 15e9146473c0ad522c12de402b3aebf96327c75902e260cbf41dbdc5f3c7da3c
    atomic-openshift-utils-3.9.51-1.git.0.c4968ca.el7.noarch.rpm SHA-256: 33854dc26361e45f4b1f3817c93e57da13d4b1a744f27f464f715ed8cd7add94
    atomic-openshift-web-console-3.9.51-1.git.268.c379530.el7.x86_64.rpm SHA-256: 64ec68dc9f7c4be87a5ac5799fb1ecd69e9feb9f78e5ba7aad6910d2df908d35
    fluentd-0.12.43-3.el7.x86_64.rpm SHA-256: 8c18aff35b5ac432c125dc2f8c95e9366ef2edc48f590abdaf3b5c35284c8398
    fluentd-debuginfo-0.12.43-3.el7.x86_64.rpm SHA-256: e2abae61c06b3f1f3f5d9a4e53e40ee6f0c74c08fc186f34b88561ebde28ad06
    fluentd-doc-0.12.43-3.el7.noarch.rpm SHA-256: a68ebea5a5330dec375e61e40687cbe0cbbc229400b4fbae8e70e62a757261e2
    openshift-ansible-3.9.51-1.git.0.c4968ca.el7.noarch.rpm SHA-256: de8ff3c5976ba1784d25556e43f2aff7c92686ff589d20843841552fc5c60ff8
    openshift-ansible-docs-3.9.51-1.git.0.c4968ca.el7.noarch.rpm SHA-256: 0dead51a0a14d809c552058249a903d6d6b02015ffd7f59062063463f1cd25a3
    openshift-ansible-playbooks-3.9.51-1.git.0.c4968ca.el7.noarch.rpm SHA-256: ad4abaddc9f954ced5abb37fa140937f86e7fec1e876cec3e210a451ae38b750
    openshift-ansible-roles-3.9.51-1.git.0.c4968ca.el7.noarch.rpm SHA-256: 4f19f7d33ad47d3290d27d28df1211bdc39abfd4136893b8270e6fd5bbe12dc8
    openshift-elasticsearch-plugin-2.4.4.23__redhat_1-3.el7.noarch.rpm SHA-256: fb23bc2a50e3a9b062a452e1260cf2f6699603c63bfed56d759ff2ca71f47c18
    prometheus-node-exporter-3.9.51-1.git.1060.2055e02.el7.x86_64.rpm SHA-256: aac2591fd43dbd20f7df010e42baa5ecdf4550b934cecb701b521d7d40c56e91
    rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.3-2.el7.noarch.rpm SHA-256: a071f8cbe76e6836df858df023b0b383d4e85c6f78cc7e1ae4e7b218990e7807
    rubygem-fluent-plugin-kubernetes_metadata_filter-doc-1.0.3-2.el7.noarch.rpm SHA-256: 2edcbf26eec7d230aad47897b749df0af24d79160c66efa11049b04fc38f8357

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook