Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Troubleshoot a product issue
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Troubleshoot a product issue
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Troubleshoot a product issue
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2018:3624 - Security Advisory
Issued:
2018-12-03
Updated:
2018-12-03

RHSA-2018:3624 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 3.5 security update

Type/Severity

Security Advisory: Critical

Topic

An update is now available for Red Hat OpenShift Container Platform release 3.5.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):

  • A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)

Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:

https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html

All OpenShift Container Platform 3.5 users are advised to upgrade to these updated packages and images.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.5 x86_64

Fixes

  • BZ - 1563329 - Mounting socket files from subPaths fail
  • BZ - 1568292 - [3.5]Failed to prevent s2i builder images from running as root
  • BZ - 1573956 - Kibana page displays "OPENSHIFT ORIGIN" in OCP
  • BZ - 1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

CVEs

  • CVE-2018-1002105

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    Red Hat OpenShift Container Platform 3.5

    SRPM
    atomic-openshift-3.5.5.31.80-1.git.0.c4a0780.el7.src.rpm SHA-256: 7305ac62ec81580183e4283d2ff408b996c2147e2aec041ecf51d1af15a6e624
    cockpit-160-3.el7.src.rpm SHA-256: 233162ebfd038e8a741b4c869bc18b5faae18c687510d0e75d230c8028d2de39
    openshift-ansible-3.5.175-1.git.0.1274ebe.el7.src.rpm SHA-256: b5aa5984996e387868eb759f485af2f4bf4ac95bde742689a96aa0336c93045c
    x86_64
    atomic-openshift-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 340bd15598b7e2313f3c210791a4978a71ef25eb0c6afe676f374a8ed73210a5
    atomic-openshift-clients-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 4f12cf2863cabf0ca3ccdd2d7adf10986dd577bedff8fad580c6c0e5728013d3
    atomic-openshift-clients-redistributable-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 949df334b6549d68368823b87dca41889d4fefbf614e5b26cb4693be1ebc3a46
    atomic-openshift-docker-excluder-3.5.5.31.80-1.git.0.c4a0780.el7.noarch.rpm SHA-256: 508b0e271e2204e22c384e945d007666be4477825b2f9fb78a0dc77cbb592b72
    atomic-openshift-dockerregistry-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 0deb0019eb1e5672338b7397e65b77b4687cbfa0b43b6ee0ae1453020d34d978
    atomic-openshift-excluder-3.5.5.31.80-1.git.0.c4a0780.el7.noarch.rpm SHA-256: ddb8d74b76b9c8f9812f17567abe059816bf274edd86b67b3bb2f33cf8b61406
    atomic-openshift-master-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 175b694bdc1478cc0f69c9c5f7e5db338d84a00c6b4e4336c15ed162f4d71fee
    atomic-openshift-node-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 19da9eb28bb97a2f65cd76adae5395b48a5d808d497beafc260fca65361453ce
    atomic-openshift-pod-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: ad92d50fe78d4f5e2bc6a34da77f2db355ccc708b257e6cf7925086d1ab34939
    atomic-openshift-sdn-ovs-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: a84f0a7be807da54e2203d14fafca7729eaec6e744337ab5cc2f77622be345f8
    atomic-openshift-tests-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: b8b40fdf7d3101999daa6ea641b227fcf30f06f2ecae094a9f991063eb5b49c8
    atomic-openshift-utils-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: acc020d1fb49f4501bb9b136fac9c49d2e3ff1f85f00bd9605434dd51df03d7a
    cockpit-debuginfo-160-3.el7.x86_64.rpm SHA-256: c41aae9ab3ee457abf48852d2dcd31f1e44290ea91f3dfebdba558f6780b9bea
    cockpit-kubernetes-160-3.el7.x86_64.rpm SHA-256: eebac62069aeceddbf3b2a99d01892053629e1d051761d9ffa17a799f97eecea
    openshift-ansible-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: 39b5a22bd1378b430df8e72b3dc796e5cb87c5f9cb949c698dd011fd169245e1
    openshift-ansible-callback-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: 7af37ffe13de98defdd5e87a4d072e98c1e9ae6f4398979c45c94e05434f8540
    openshift-ansible-docs-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: bf69dc4d13309dd67be6ab68d85de56451e61a46a59837c201ae73e9ae694f5a
    openshift-ansible-filter-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: 7e32bf3dad8b318236273e3391111c832b4b15d94efbd143568a5ded8ecf15f3
    openshift-ansible-lookup-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: afa02b93909cefd084f38925ac56e525213a1fd2ad0c8b03bff1cb836d1d1999
    openshift-ansible-playbooks-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: 8e398acae74012628ec6aeba3bc1fb9771914b33275e546db4b5c967fa6c2423
    openshift-ansible-roles-3.5.175-1.git.0.1274ebe.el7.noarch.rpm SHA-256: 2119bc3e8f5a43ff2c25e535344c09c54801a94233ee8920cf84a7ef672a5a3f
    tuned-profiles-atomic-openshift-node-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm SHA-256: 788c95d0c443c087f327e65b7a7e6df9825e9f57e7eddfbee6d353a6bb8f1666

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com
    • cloud.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook