Red Hat Product Errata RHSA-2019:0408 - Security Advisory

Issued:: 2019-02-26
Updated:: 2019-02-26

RHSA-2019:0408 - Security Advisory

Overview
Updated Packages

Synopsis

Important: OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736)

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See the following documentation for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update.

For OpenShift Container Platform 3.4:

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

For OpenShift Container Platform 3.5:

https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html

For OpenShift Container Platform 3.6:

https://docs.openshift.com/container-platform/3.6/release_notes/ocp_3_6_release_notes.html

For OpenShift Container Platform 3.7:

https://docs.openshift.com/container-platform/3.7/release_notes/ocp_3_7_release_notes.html

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.

Affected Products

Red Hat OpenShift Container Platform 3.7 x86_64
Red Hat OpenShift Container Platform 3.6 x86_64
Red Hat OpenShift Container Platform 3.5 x86_64
Red Hat OpenShift Container Platform 3.4 x86_64

Fixes

BZ - 1664908 - CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem

CVEs

CVE-2019-5736

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.7

SRPM
docker-1.12.6-79.git5680db5.el7.src.rpm	SHA-256: a0a4cd2d8ccc558721f910ac354209b71c947dfd6653224870b8f8d5a96e83fb
x86_64
docker-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 69ccf4d0f95797a92567aae15cf2d056f2140bc5b274b6fad981e3d58434c13f
docker-client-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7dad64397f9d45d49fb1a9e43b4208693ce19d8de9eb78249dde2c71c4c5f5e0
docker-common-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7ba81b7e43836284526a239d9e3b1c5e0d8f6f56eda8b6399db5a670e36a4628
docker-debuginfo-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 9ec1132a0350a1e407c240104b5871ca78f97cd53d60ce9596287143b92eb546
docker-logrotate-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 85c30a2628d0ed44bbb3959948615f28f8d2c7543ce9d49b5e6d7702d61b0480
docker-lvm-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c23669a117646c5689cbd6d391585034b393218e04b720157eafe09d917ba46c
docker-novolume-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 55c6e8534da2718e5583f8ee7a204b26e6e00671f278fa8243eeecc4dd3465ea
docker-rhel-push-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c67d7dc12b3e553065efa7146e00af982a46a63a0a9281c816fabf67d01b1c5c
docker-unit-test-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: baf94cce6b178e5a5496b3a33e69f387e669fdb6d10d035d8552106b449ecac7
docker-v1.10-migrator-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: ddb69734f04c096577b72abdecb7605664bd423aaa839b3ee23a5b8e38ab2123

Red Hat OpenShift Container Platform 3.6

SRPM
docker-1.12.6-79.git5680db5.el7.src.rpm	SHA-256: a0a4cd2d8ccc558721f910ac354209b71c947dfd6653224870b8f8d5a96e83fb
x86_64
docker-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 69ccf4d0f95797a92567aae15cf2d056f2140bc5b274b6fad981e3d58434c13f
docker-client-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7dad64397f9d45d49fb1a9e43b4208693ce19d8de9eb78249dde2c71c4c5f5e0
docker-common-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7ba81b7e43836284526a239d9e3b1c5e0d8f6f56eda8b6399db5a670e36a4628
docker-debuginfo-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 9ec1132a0350a1e407c240104b5871ca78f97cd53d60ce9596287143b92eb546
docker-logrotate-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 85c30a2628d0ed44bbb3959948615f28f8d2c7543ce9d49b5e6d7702d61b0480
docker-lvm-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c23669a117646c5689cbd6d391585034b393218e04b720157eafe09d917ba46c
docker-novolume-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 55c6e8534da2718e5583f8ee7a204b26e6e00671f278fa8243eeecc4dd3465ea
docker-rhel-push-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c67d7dc12b3e553065efa7146e00af982a46a63a0a9281c816fabf67d01b1c5c
docker-unit-test-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: baf94cce6b178e5a5496b3a33e69f387e669fdb6d10d035d8552106b449ecac7
docker-v1.10-migrator-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: ddb69734f04c096577b72abdecb7605664bd423aaa839b3ee23a5b8e38ab2123

Red Hat OpenShift Container Platform 3.5

SRPM
docker-1.12.6-79.git5680db5.el7.src.rpm	SHA-256: a0a4cd2d8ccc558721f910ac354209b71c947dfd6653224870b8f8d5a96e83fb
x86_64
docker-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 69ccf4d0f95797a92567aae15cf2d056f2140bc5b274b6fad981e3d58434c13f
docker-client-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7dad64397f9d45d49fb1a9e43b4208693ce19d8de9eb78249dde2c71c4c5f5e0
docker-common-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7ba81b7e43836284526a239d9e3b1c5e0d8f6f56eda8b6399db5a670e36a4628
docker-debuginfo-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 9ec1132a0350a1e407c240104b5871ca78f97cd53d60ce9596287143b92eb546
docker-logrotate-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 85c30a2628d0ed44bbb3959948615f28f8d2c7543ce9d49b5e6d7702d61b0480
docker-lvm-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c23669a117646c5689cbd6d391585034b393218e04b720157eafe09d917ba46c
docker-novolume-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 55c6e8534da2718e5583f8ee7a204b26e6e00671f278fa8243eeecc4dd3465ea
docker-rhel-push-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c67d7dc12b3e553065efa7146e00af982a46a63a0a9281c816fabf67d01b1c5c
docker-unit-test-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: baf94cce6b178e5a5496b3a33e69f387e669fdb6d10d035d8552106b449ecac7
docker-v1.10-migrator-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: ddb69734f04c096577b72abdecb7605664bd423aaa839b3ee23a5b8e38ab2123

Red Hat OpenShift Container Platform 3.4

SRPM
docker-1.12.6-79.git5680db5.el7.src.rpm	SHA-256: a0a4cd2d8ccc558721f910ac354209b71c947dfd6653224870b8f8d5a96e83fb
x86_64
docker-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 69ccf4d0f95797a92567aae15cf2d056f2140bc5b274b6fad981e3d58434c13f
docker-client-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7dad64397f9d45d49fb1a9e43b4208693ce19d8de9eb78249dde2c71c4c5f5e0
docker-common-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 7ba81b7e43836284526a239d9e3b1c5e0d8f6f56eda8b6399db5a670e36a4628
docker-debuginfo-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 9ec1132a0350a1e407c240104b5871ca78f97cd53d60ce9596287143b92eb546
docker-logrotate-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 85c30a2628d0ed44bbb3959948615f28f8d2c7543ce9d49b5e6d7702d61b0480
docker-lvm-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c23669a117646c5689cbd6d391585034b393218e04b720157eafe09d917ba46c
docker-novolume-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: 55c6e8534da2718e5583f8ee7a204b26e6e00671f278fa8243eeecc4dd3465ea
docker-rhel-push-plugin-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: c67d7dc12b3e553065efa7146e00af982a46a63a0a9281c816fabf67d01b1c5c
docker-unit-test-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: baf94cce6b178e5a5496b3a33e69f387e669fdb6d10d035d8552106b449ecac7
docker-v1.10-migrator-1.12.6-79.git5680db5.el7.x86_64.rpm	SHA-256: ddb69734f04c096577b72abdecb7605664bd423aaa839b3ee23a5b8e38ab2123

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories