Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3598 - Security Advisory
Issued:
2018-12-03
Updated:
2018-12-03

RHSA-2018:3598 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 3.6 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Container Platform release 3.6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.6 x86_64

Fixes

  • BZ - 1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses
  • BZ - 1650020 - hawkular-metrics pod failed to become ready, infinispan configuration is not right

CVEs

  • CVE-2018-1002105

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/security/vulnerabilities/3716411
  • https://docs.openshift.com/container-platform/3.6/release_notes/ocp_3_6_release_notes.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.6

SRPM
atomic-openshift-3.6.173.0.140-1.git.0.9686d52.el7.src.rpm SHA-256: 4304ba4ac9ff15b647eb219ad446558c4c88125460805fcc7fb4bd505d798e59
openshift-ansible-3.6.173.0.140-1.git.0.0ccb19b.el7.src.rpm SHA-256: 0a064b04881b6057005c98af186cba5908f268788166b2f4c66f3c118296935c
x86_64
atomic-openshift-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 35edb3fc3808bd4ccd5307d3a7edc1ddc447831544fedf1424d97ab1c332823b
atomic-openshift-clients-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 5434ef87ac30ed9ea77f87e77b1e3c8b13eacc4232e169f32bf37eb64d721a8c
atomic-openshift-clients-redistributable-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: a99ee3bb3504a04d9c75048a651e0a495564be7e87cb5bfde6355ab6fd89dd9d
atomic-openshift-cluster-capacity-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: b64d1d43ee91f67083a26fdc89b0bf60ce653a1aef4d8237483895c0162013c7
atomic-openshift-docker-excluder-3.6.173.0.140-1.git.0.9686d52.el7.noarch.rpm SHA-256: 5016b1682d6cb0668c00ab0a756d2f17e431cb61132d62911561c1e61b452332
atomic-openshift-dockerregistry-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 89e879dcf04c2051612fa159cb6a2579b4432d21eab337233c2ff142e95b9ce0
atomic-openshift-excluder-3.6.173.0.140-1.git.0.9686d52.el7.noarch.rpm SHA-256: 04da82b31c4cf84ddd2e2b7c706324a684ae1cbd86160c24daf4ee5ae5ae76bb
atomic-openshift-federation-services-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 35bc12cf1d751a017e64f37f54f4ede6c25c0d829fbe180c0a5f45bdef632010
atomic-openshift-master-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: a68397a86c250a0a399d8e38f10cff353fe303fd536e89994a94f9293f3c1172
atomic-openshift-node-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: cc9262570bd2ac2a19bb7e26b68afddc932df889061fdc3c8ee62faf7b426104
atomic-openshift-pod-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 57256747f7f919a8b2ae9eea91f274c97456cedc10f7a52bf1a76472ae44d7cb
atomic-openshift-sdn-ovs-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: c687bee50424ad131be2dae29a2b788a625275ff0dabe8a67b3c9214fb40a305
atomic-openshift-service-catalog-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 9b4428b70d92b732e3166c621d9984cce80406675d89209de1460cec0bc1ed9d
atomic-openshift-tests-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 7d2a6fc8359c1464e11cdbdd6ea0e65c88fca297ce45f9f601151593b610c46b
atomic-openshift-utils-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: 9ed4966dce9a22081a845da5d483d5bb4d95c80bc259db4d8629af4a093e2165
openshift-ansible-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: c1a76da13038e5807d4b2305420e9f5f51aead8f08c16840052ce4ca1fb139a0
openshift-ansible-callback-plugins-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: d62fe6937ff10d7effe2da3eb30642f771fb582295ae908cab18360e12996619
openshift-ansible-docs-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: 8c3fd61d92e6cf4605f0c88a152af72407a4a22abd6801318778e9be3532e7b8
openshift-ansible-filter-plugins-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: 534b2f198004a2e869d6ebd15e34b753a6346dab1ad6cfeb1f2b18a00858f9eb
openshift-ansible-lookup-plugins-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: ec0800c60f01263bc47f589e043115855feb4b953d9d613c4bd04064102594a4
openshift-ansible-playbooks-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: 157acc207627cdcfc061fa792b8a1066083412da4cca18618afb73c738e10064
openshift-ansible-roles-3.6.173.0.140-1.git.0.0ccb19b.el7.noarch.rpm SHA-256: aba0d091d6279377bfe1c9d47f40f695e5f3d04e77f03ea41d9627f7bb056fd7
tuned-profiles-atomic-openshift-node-3.6.173.0.140-1.git.0.9686d52.el7.x86_64.rpm SHA-256: 7c6316ba2f4aceff0289418e66a12cc9dbe76dd6975e9860a62beef05684c337

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility