Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3752 - Security Advisory
Issued:
2018-12-03
Updated:
2018-12-03

RHSA-2018:3752 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 3.4 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Container Platform release 3.4.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.4. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:3751

All OpenShift Container Platform 3.4 users are advised to upgrade to these updated packages and images.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.4 x86_64

Fixes

  • BZ - 1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

CVEs

  • CVE-2018-1002105

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/errata/RHBA-2018:0114
  • https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.4

SRPM
atomic-openshift-3.4.1.44.57-1.git.0.a631031.el7.src.rpm SHA-256: dc47c0bb2fb43018948d851786cf70febff189a69484cd6f66492d8eb67ba7ed
openshift-ansible-3.4.172-1.git.0.33fe526.el7.src.rpm SHA-256: b56993fea9ec9a9099b1bbdee4bcc3a12ef3bf474a22df0470662fda466f579a
x86_64
atomic-openshift-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: ab700ed05cd118528b1f7b68db518a24f4b95428b47954fa702590ea16a60d45
atomic-openshift-clients-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: 8bb955ac73c6f1c2ce60a61fd06a5460e807a3ae839ebb5077a699b3d8d85d38
atomic-openshift-clients-redistributable-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: 22c1ed3ae5962eeb761396a5dbeca1adca268389a3b29bc798e98d4af330c4e4
atomic-openshift-docker-excluder-3.4.1.44.57-1.git.0.a631031.el7.noarch.rpm SHA-256: ab3ced776c2cf2827228f2de583d2d31b4386eb4915eeb74771fe83851e1d5f8
atomic-openshift-dockerregistry-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: daedc785aa620a001bbfa77778b4a88eb3afd5a73275f3deadbb8b2bb3708d1d
atomic-openshift-excluder-3.4.1.44.57-1.git.0.a631031.el7.noarch.rpm SHA-256: 6f7d4c7470812fc0c61a32e0d0944efdecf36c7b46e60ddaaee6832e8f230e7b
atomic-openshift-master-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: d176a3bad6ee9b236f7022d79d86eda2d2f367a05742a0b992e8135aefdbc803
atomic-openshift-node-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: bbbb4eaf24ba6a530d950cc93e19405e48a490362e32ba9e19ba776fb4e1f156
atomic-openshift-pod-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: d4fac9bcec190da3e3cb0ca7667c84d8ab6505a864c4154a8d0de42181ff6a39
atomic-openshift-sdn-ovs-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: 3254d2c468cac7c0097c593040aa62770582d61d7ca0c02692d28ae66f9397bc
atomic-openshift-tests-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: 621e92ade1493a5fc7a1a1a27b56badbacfe02670dcb2e4ec94e92a6d72af860
atomic-openshift-utils-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: 0a8f788a21b7b612c4ee4afdc00e9484189f8918f7eb49a656935bb722d3c8af
openshift-ansible-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: 7db34d3fe41d7b58c0ddf6c94ce2666c5c25aac966fd47d6fb590f4683d7d44f
openshift-ansible-callback-plugins-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: ccf78764b49b7d301b03bbaf0825b53916f20bfea12f285f65bd87d82f324ca9
openshift-ansible-docs-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: 10eca54a32b6bee8b712514f253de57d542b56c8014152a716b297bd3cc404a8
openshift-ansible-filter-plugins-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: 4d4e42652ae461ff4d00d3ffa5d3c8877f77eae81e43f5a426b4c917d38a6b65
openshift-ansible-lookup-plugins-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: 4514f968636804a432296ea13b3c021d0eea0330ec7de4dac28ecda77c17fd26
openshift-ansible-playbooks-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: 9ca34df71e94a0b59c5589f9af24a99f43dea4ea2870c127924e8c644fae465a
openshift-ansible-roles-3.4.172-1.git.0.33fe526.el7.noarch.rpm SHA-256: a4251c8a95e3caa606a995aedda1b9655b9ff4347a48765b79486a96948bb552
tuned-profiles-atomic-openshift-node-3.4.1.44.57-1.git.0.a631031.el7.x86_64.rpm SHA-256: b6ee4105a2b597042b7c96c0faeb965e5609a7958464cc6dcd6810235be8cb0d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility