Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3754 - Security Advisory
Issued:
2018-12-03
Updated:
2018-12-03

RHSA-2018:3754 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 3.3 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Container Platform release 3.3.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.3. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:3753

https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html

All OpenShift Container Platform 3.3 users are advised to upgrade to these updated packages and images.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 3.3 x86_64

Fixes

  • BZ - 1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

CVEs

  • CVE-2018-1002105

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/errata/RHBA-2018:0114
  • https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.3

SRPM
atomic-openshift-3.3.1.46.45-1.git.0.2ce596e.el7.src.rpm SHA-256: cb2b5cc471e5fd551a5b77eb534741f4c93ea4bb3e0be663361a49f0cab6cc81
openshift-ansible-3.3.149-1.git.0.3859ddb.el7.src.rpm SHA-256: 2439c133017779c9dc2dcafccba9a1270386bb73b09d0730b4e5be6b55581a84
x86_64
atomic-openshift-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: 4ae5bf6577701d6887e995c6124112b597ed637cee9f31540da0b98f8984604d
atomic-openshift-clients-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: b794befffb91d2811190567eb554f719d8fa55dea1c985b444ce9c9b2ed18cf2
atomic-openshift-clients-redistributable-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: 2d5b06a91d7cacbbceda0458c39f00406ffefc6b11e1983d089562ad3c24e367
atomic-openshift-docker-excluder-3.3.1.46.45-1.git.0.2ce596e.el7.noarch.rpm SHA-256: 630e840bb9f656a4f513980c7833b4915c6953c74de4d128f6accff66aaf9206
atomic-openshift-dockerregistry-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: 206153449cdb947bd3981e1ee265e342b48f37da1d637d6cf36c2b6cde6f1ad5
atomic-openshift-excluder-3.3.1.46.45-1.git.0.2ce596e.el7.noarch.rpm SHA-256: 88d12d2c2dd860a8fd1d43687e4e2a50b3250df24d672216950cc610e714728d
atomic-openshift-master-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: 895d3ecc53681af08c691ffa890f3567ffd43ccdab29ed70250f2fe23aa2004f
atomic-openshift-node-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: cd75dd190ba55384861a7051126e47aba919c832f71cf5db256a63a1dd5f629e
atomic-openshift-pod-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: b52184506d6fbdf80efa018880ec8257cd6aa53548835ebaeb51a93cdf0b967e
atomic-openshift-sdn-ovs-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: e34751ade15406d465f37d1337d8b15d248ca52163d817f845ddb881a7470fee
atomic-openshift-tests-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: b3967495a2d26bc01925ab8db0b759dc12e073c02f77db4f9ece03cd43a4c403
atomic-openshift-utils-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: 661f9f237441c2adbda10c9181da49c64f24b86bf29d049d9b6838810bfcf1fd
openshift-ansible-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: e36b6e6c5c01ee9ede42bd012e830a2d9fc0960cc42f1a828911d31e82fbde76
openshift-ansible-callback-plugins-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: cf3f8e84d9a359202675591a150e22ff81d55987d728b583b696a31db27b432b
openshift-ansible-docs-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: 2643602e3e9497646f211e802ea1bf6121b45d844d8b6f7dd42002a8d1b61589
openshift-ansible-filter-plugins-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: f36ad0e25e8d323768189215d1bd5823d5d95a1263b8f5f196b04d1c64f39af3
openshift-ansible-lookup-plugins-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: 305594e415d4ce31641d5dfa0b7475bff73d27f567f0ade0b3b0e08ff2ac4e51
openshift-ansible-playbooks-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: b3b939dc4e892b1d9dace431960ee482600628017653aea69f1429ff9f379709
openshift-ansible-roles-3.3.149-1.git.0.3859ddb.el7.noarch.rpm SHA-256: 13898366cff43cf731dc823c7b54f1c57da8b3d332a559307d0a15caab3f212f
tuned-profiles-atomic-openshift-node-3.3.1.46.45-1.git.0.2ce596e.el7.x86_64.rpm SHA-256: 24bb69c799432d898dfb384a5cc63e90d4bfa067568699d3c201678ac8c36d18

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility