Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3549 - Security Advisory
Issued:
2018-11-20
Updated:
2018-11-20

RHSA-2018:3549 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 3.10 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Container Platform 3.10.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.10 x86_64
  • Red Hat OpenShift Container Platform for Power 3.10 ppc64le

Fixes

  • BZ - 1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

CVEs

  • CVE-2018-1002105

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/security/vulnerabilities/3716411
  • https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.10

SRPM
atomic-enterprise-service-catalog-3.10.72-1.git.1450.7d3f435.el7.src.rpm SHA-256: 6a24e900f8f2f50dcba20201eeffe2f1e623204b5b5e40e43e087a9c3439274c
atomic-openshift-3.10.72-1.git.0.3cb2fdc.el7.src.rpm SHA-256: 7754e31f0ea085bdb24d9cecfed9c4836c330e2752a57e650a74aeb52d05d9b6
atomic-openshift-descheduler-3.10.72-1.git.299.953c1c8.el7.src.rpm SHA-256: 2278db753a0234408f4562a2dd14bcbfe428efae3d1fef2c69a7bac98106e2f0
atomic-openshift-dockerregistry-3.10.72-1.git.390.186ec4f.el7.src.rpm SHA-256: cdd0110015802d08fae623a166123a839f51721d5ea15f930a468b8c5b167241
atomic-openshift-node-problem-detector-3.10.72-1.git.252.fa9e8ae.el7.src.rpm SHA-256: c1a8dacfe792e709c328bb43fd27e3479634324ec2f8ac99c4a006a1a8426670
atomic-openshift-web-console-3.10.72-1.git.395.d23c438.el7.src.rpm SHA-256: 1fcde6914b8352215672f88e277f06cafba9e1623f65d89981b6fdf421425dc0
golang-github-prometheus-node_exporter-3.10.72-1.git.1060.64daa26.el7.src.rpm SHA-256: b1339815c5477e8631faa34578608e3c73b37527aa34b1effc85d8e6c5d18c64
openshift-ansible-3.10.73-1.git.0.8b65cea.el7.src.rpm SHA-256: 63edebbd938b62ba1d2518c51980160cb0eafc63fb259c5a421bdee522ccc124
openshift-enterprise-cluster-capacity-3.10.72-1.git.380.0fd53e8.el7.src.rpm SHA-256: 7e55499871bb0889dfe1d5dab040d32d38dc05da42c4fbd86b5a689d3c1ddbf1
openshift-monitor-project-lifecycle-3.10.72-1.git.59.5358725.el7.src.rpm SHA-256: ee1cc9397d631fe3d86cee73747f21013d074d9b169932bfdd138484e0d7a096
openshift-monitor-sample-app-3.10.72-1.git.5.de405bc.el7.src.rpm SHA-256: b2fa5329cb4855509bc3ba6f5b8010d7cf70efcfc953070932507019fb7fd1bd
x86_64
atomic-enterprise-service-catalog-3.10.72-1.git.1450.7d3f435.el7.x86_64.rpm SHA-256: 48269816d1fd13d83b4747c93ee41910934761dbba7a421ec88b721f2184f38b
atomic-enterprise-service-catalog-svcat-3.10.72-1.git.1450.7d3f435.el7.x86_64.rpm SHA-256: 0ea9d7c9ed77b8a50f4e8bf8ac8310aa14c1a5c8e6fd4d00b6ece4fa454d2bec
atomic-openshift-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 861c7f1d7e96fe7e5a56e4cd88042005b16ab6832e73bcbcb10fdb4e154b30d0
atomic-openshift-clients-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: d601460ea7f36b2c4375ddd5534936fc76809e6883fe480a029d3096cfc12a86
atomic-openshift-clients-redistributable-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 077cb0883d80a2aa3e00b4a6f81195e83c83793cc4454853a0c6ff4131b0db8c
atomic-openshift-descheduler-3.10.72-1.git.299.953c1c8.el7.x86_64.rpm SHA-256: f9075b6d64437c247dfddb3c764f7b6cb9499a06b8a428c94c377cbc6d030d96
atomic-openshift-docker-excluder-3.10.72-1.git.0.3cb2fdc.el7.noarch.rpm SHA-256: 8d9a2239534ab0850ca35fc6dced8c64b8bf8a6a36abbcd2bb37ab795c9d7a84
atomic-openshift-dockerregistry-3.10.72-1.git.390.186ec4f.el7.x86_64.rpm SHA-256: 795fb690141d87a169c048994160365149775f71b9c7a407ae9e639482a430f9
atomic-openshift-excluder-3.10.72-1.git.0.3cb2fdc.el7.noarch.rpm SHA-256: 3b156fa311a6aa6c16ab4599c45ceda7a17e683a2679aa969d474a458a448e36
atomic-openshift-hyperkube-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: e9d895f0ed4b15f8621362da711ba0dceb2fde9346cb9e37fc9cf8a893e98deb
atomic-openshift-hypershift-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 95fff1d622dfa789314c0ea131fca2e60a7c42e5cdc0f440fd9eb8d98c00f752
atomic-openshift-master-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 872cc28ea8bffdd49634b8a47b13e1409cf538f711cc780276183f5c35637544
atomic-openshift-node-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 0f3f4aa16a7070477aa08275ab380b96c775348455b144bc68360e8e9a6d45da
atomic-openshift-node-problem-detector-3.10.72-1.git.252.fa9e8ae.el7.x86_64.rpm SHA-256: f47aaf2965f46c2f9b772eb615ff7980ca4cf48fa568b8afdde7df49027e8562
atomic-openshift-pod-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 044c3cb16b84af05290ecf610ed8e3bec470b579823e43443948c8b5e54dff4f
atomic-openshift-sdn-ovs-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 1a54f97409c077597a49d23a195390fa6249af5cb2ee2d606c1df123838b1be3
atomic-openshift-template-service-broker-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 4b0421dea90e2a2ca96f92b530c9b474ef5f91a2e3480c2493854c3bb7499ea5
atomic-openshift-tests-3.10.72-1.git.0.3cb2fdc.el7.x86_64.rpm SHA-256: 6740a55a3a6bea20c9e16c7abc0f388d99a104d3acb7f84234b75a30e31b5362
atomic-openshift-web-console-3.10.72-1.git.395.d23c438.el7.x86_64.rpm SHA-256: ee6c23e0e31c8422b9d8a16dd59f6c6fd5dec7cbe8a1855fa165c4a7c15f9895
openshift-ansible-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: e2a7fffcc250a155e5827fa48fe38306c4d54a42bcbea06df378c4eb53616b9b
openshift-ansible-docs-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: 06b163a6df88c83ab588ac54c1a248560aa0ae75e0108a5d7683d1bcff5bf3be
openshift-ansible-playbooks-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: 8d4b25919fec86246d8e62c6b582fa8023439f67e8c84fdb7f7daae5253f9553
openshift-ansible-roles-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: 865a6f963c2db6f60ca55d071872aec70df150f412ea8296f5905b5c83933796
openshift-enterprise-cluster-capacity-3.10.72-1.git.380.0fd53e8.el7.x86_64.rpm SHA-256: 8127c3cc91d0c6e75caf3716dace234f88a4b55623f0ae8a76099916ac3253bf
openshift-monitor-project-lifecycle-3.10.72-1.git.59.5358725.el7.x86_64.rpm SHA-256: 257a027826ea12c40534ab701e40e63e207939501193b38028e9e4daccc8eee8
openshift-monitor-sample-app-3.10.72-1.git.5.de405bc.el7.x86_64.rpm SHA-256: c1b981779aad76c1a2082958071848a2dc07ce54217808b8364c53c8ca069028
prometheus-node-exporter-3.10.72-1.git.1060.64daa26.el7.x86_64.rpm SHA-256: 16f36a5d62df5c740f5a1e9b0bebba7f13e61c9442106859d6e560bf8773106e

Red Hat OpenShift Container Platform for Power 3.10

SRPM
atomic-enterprise-service-catalog-3.10.72-1.git.1450.7d3f435.el7.src.rpm SHA-256: 6a24e900f8f2f50dcba20201eeffe2f1e623204b5b5e40e43e087a9c3439274c
atomic-openshift-3.10.72-1.git.0.3cb2fdc.el7.src.rpm SHA-256: 7754e31f0ea085bdb24d9cecfed9c4836c330e2752a57e650a74aeb52d05d9b6
atomic-openshift-descheduler-3.10.72-1.git.299.953c1c8.el7.src.rpm SHA-256: 2278db753a0234408f4562a2dd14bcbfe428efae3d1fef2c69a7bac98106e2f0
atomic-openshift-dockerregistry-3.10.72-1.git.390.186ec4f.el7.src.rpm SHA-256: cdd0110015802d08fae623a166123a839f51721d5ea15f930a468b8c5b167241
atomic-openshift-node-problem-detector-3.10.72-1.git.252.fa9e8ae.el7.src.rpm SHA-256: c1a8dacfe792e709c328bb43fd27e3479634324ec2f8ac99c4a006a1a8426670
atomic-openshift-web-console-3.10.72-1.git.395.d23c438.el7.src.rpm SHA-256: 1fcde6914b8352215672f88e277f06cafba9e1623f65d89981b6fdf421425dc0
golang-github-prometheus-node_exporter-3.10.72-1.git.1060.64daa26.el7.src.rpm SHA-256: b1339815c5477e8631faa34578608e3c73b37527aa34b1effc85d8e6c5d18c64
openshift-ansible-3.10.73-1.git.0.8b65cea.el7.src.rpm SHA-256: 63edebbd938b62ba1d2518c51980160cb0eafc63fb259c5a421bdee522ccc124
openshift-enterprise-cluster-capacity-3.10.72-1.git.380.0fd53e8.el7.src.rpm SHA-256: 7e55499871bb0889dfe1d5dab040d32d38dc05da42c4fbd86b5a689d3c1ddbf1
openshift-monitor-project-lifecycle-3.10.72-1.git.59.5358725.el7.src.rpm SHA-256: ee1cc9397d631fe3d86cee73747f21013d074d9b169932bfdd138484e0d7a096
openshift-monitor-sample-app-3.10.72-1.git.5.de405bc.el7.src.rpm SHA-256: b2fa5329cb4855509bc3ba6f5b8010d7cf70efcfc953070932507019fb7fd1bd
ppc64le
atomic-enterprise-service-catalog-3.10.72-1.git.1450.7d3f435.el7.ppc64le.rpm SHA-256: bd9c42d70dcf4c2cc09d15bf918311ca58098ba569017ad2cd5c9d416d78556f
atomic-enterprise-service-catalog-svcat-3.10.72-1.git.1450.7d3f435.el7.ppc64le.rpm SHA-256: f9a76caeee7f731d6ac414d8f74331ed7c1c364f7aafda72f32096e2dec795b4
atomic-openshift-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: ae0ec3a4fb6c447d2c1175d58bb6478432159c99532ba0522d467ae650849229
atomic-openshift-clients-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: 3db63a16efe9891c1029bccf834cc4cf64bf61736f1ce57e88d544339f708a0f
atomic-openshift-descheduler-3.10.72-1.git.299.953c1c8.el7.ppc64le.rpm SHA-256: d0644fd36b128683652cecc2e4445cc0acb22602afe7fd881e5280eefd3de9a2
atomic-openshift-docker-excluder-3.10.72-1.git.0.3cb2fdc.el7.noarch.rpm SHA-256: 8d9a2239534ab0850ca35fc6dced8c64b8bf8a6a36abbcd2bb37ab795c9d7a84
atomic-openshift-dockerregistry-3.10.72-1.git.390.186ec4f.el7.ppc64le.rpm SHA-256: 8377cf1066339d33320fdb1d7a73a097958e7836547c04691fe6d213525335a1
atomic-openshift-excluder-3.10.72-1.git.0.3cb2fdc.el7.noarch.rpm SHA-256: 3b156fa311a6aa6c16ab4599c45ceda7a17e683a2679aa969d474a458a448e36
atomic-openshift-hyperkube-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: 2755f1a0c84822335d789e3eb23a9cd500758b0f923c9290b6bcce1a36853e4b
atomic-openshift-hypershift-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: d13bde0a49b42f4814831eed462a2c0ea221f4c3ad380c1f92f0ad167f057f2d
atomic-openshift-master-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: dce1fa054e40a8a1aee50f65530f0cb67df44a447111ff4fc04988d915550e31
atomic-openshift-node-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: 1181a36e9f996e0040b4300b9bcd6afa61d6ac3a3d7a79f077c73dda86480b62
atomic-openshift-node-problem-detector-3.10.72-1.git.252.fa9e8ae.el7.ppc64le.rpm SHA-256: c8ad06c74853d56b5b01a3661c3d422956f57ac7e2c3f7fcef7c0e8aac7cc6b5
atomic-openshift-pod-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: 65127d84539bc31d69ec06e1eb8b9e91918ee81b1fbb34c60a89e1c06a9f35dc
atomic-openshift-sdn-ovs-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: 90ed9fec13cc7bd9ff3d80a1af6c1a2db89cfe7d1480d8555c8d75eb81bd701b
atomic-openshift-template-service-broker-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: cf0cbe540a335da6e128f39cdb613457f64938c9e158db00432a0c94e1933d38
atomic-openshift-tests-3.10.72-1.git.0.3cb2fdc.el7.ppc64le.rpm SHA-256: ce8cca5305c14ae950445a1701249286a0a0cf0e529d3a0874ff2ef150a1eebf
atomic-openshift-web-console-3.10.72-1.git.395.d23c438.el7.ppc64le.rpm SHA-256: ec406bddae7e4a85564c4b2354e56334746fbfd580cf5571cf97e87e78c408c5
openshift-ansible-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: e2a7fffcc250a155e5827fa48fe38306c4d54a42bcbea06df378c4eb53616b9b
openshift-ansible-docs-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: 06b163a6df88c83ab588ac54c1a248560aa0ae75e0108a5d7683d1bcff5bf3be
openshift-ansible-playbooks-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: 8d4b25919fec86246d8e62c6b582fa8023439f67e8c84fdb7f7daae5253f9553
openshift-ansible-roles-3.10.73-1.git.0.8b65cea.el7.noarch.rpm SHA-256: 865a6f963c2db6f60ca55d071872aec70df150f412ea8296f5905b5c83933796
openshift-enterprise-cluster-capacity-3.10.72-1.git.380.0fd53e8.el7.ppc64le.rpm SHA-256: cefa9cf9bd2322bab56cbafdaa72f66c817f1a2f5259c65ff3bcded7e75022ac
openshift-monitor-project-lifecycle-3.10.72-1.git.59.5358725.el7.ppc64le.rpm SHA-256: e063e34846e8347d62ad495cf7dea7e50303b47485bdc8b83390f2ac7f1cd38f
openshift-monitor-sample-app-3.10.72-1.git.5.de405bc.el7.ppc64le.rpm SHA-256: c8218bf7b27a14481d974b838a6a68af9f0724ee8d207e29a33a619c067ee5e7
prometheus-node-exporter-3.10.72-1.git.1060.64daa26.el7.ppc64le.rpm SHA-256: 86af71a268ee576f315ac857d3fb679115490e84eef46dd82386b7a669c18743

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility