Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:1851 - Security Advisory
Issued:
2019-07-24
Updated:
2019-07-24

RHSA-2019:1851 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 3.11 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for atomic-openshift and jenkins-2-plugins is now available for
Red Hat OpenShift Container Platform 3.11.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • web-console: XSS in OAuth server /oauth/token/request endpoint

(CVE-2019-3876)

  • jenkins-plugin-token-macro: XML External Entity processing the ${XML}

macro (CVE-2019-10337)

  • kube-apiserver: DoS with crafted patch of type json-patch

(CVE-2019-1002100)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Solution

For OpenShift Container Platform 3.11 see the following documentation for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

Affected Products

  • Red Hat OpenShift Container Platform 3.11 x86_64
  • Red Hat OpenShift Container Platform for Power 3.11 ppc64le

Fixes

  • BZ - 1683190 - CVE-2019-1002100 kube-apiserver: DoS with crafted patch of type json-patch
  • BZ - 1691107 - CVE-2019-3876 web-console: XSS in OAuth server /oauth/token/request endpoint
  • BZ - 1719782 - CVE-2019-10337 jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro

CVEs

  • CVE-2019-3876
  • CVE-2019-10337
  • CVE-2019-1002100

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.11

SRPM
atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.src.rpm SHA-256: 4244b38c2fc9a614ffc2e3a0be7150dc0f49bb85fc7f06c4819b6c7e52062150
jenkins-2-plugins-3.11.1560870549-1.el7.src.rpm SHA-256: bf60efb7b56c0a108f6738e5403b870d3f8169eda2d222c037cceadb9379b5bf
x86_64
atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 188719691472b4d3e5387a3565f08c6098b282049602227deb0f55f15f743461
atomic-openshift-clients-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 62c6d18fee2edeb903ecbcb24ee7ac3e6d684a5e5083d5874e4422c0bef00d50
atomic-openshift-clients-redistributable-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 28b714a5225a58518a480faf4255ab4867335f2049b22f3d061d07b266277272
atomic-openshift-docker-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm SHA-256: 84305bbf4f0b3a47b018721d07cd747faaaa64340b7a38d725bdf7f9e887cae8
atomic-openshift-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm SHA-256: 61931b04d9f17285780bd73062e0b6a9c4acd73758281a5572a285a9a70e9eca
atomic-openshift-hyperkube-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 3bdb2d24f78840d1bd10f030c7d4fd0f4f3e67bbde9dd83c5fd65668cd238c4d
atomic-openshift-hypershift-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: e09a72a6668209df2345e5977e08be74fb29031a5b6ec6f657acfcfb6ffd94d7
atomic-openshift-master-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: b9f5d0aae0fbf6ef0f83b6574f772bf34ffc952a35b923305a2bfc04ce168b6e
atomic-openshift-node-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 6e573972a630a017f8177ea0d69680492579167e384c5970135635b3f573e121
atomic-openshift-pod-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: b681edf20fff1f8a53ab38de2245c158b8e4639f24ab578e089bccc41ad8e423
atomic-openshift-sdn-ovs-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: bea04ca5ac35287e9626e2258191804d03d6cc0e0691c8a73d8b7a79dcd0ea75
atomic-openshift-template-service-broker-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 59707ad35e1dc19723a96aecb0b0c222373cc316c5fa8fa1b1dbeb9fe6c5895f
atomic-openshift-tests-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm SHA-256: 13304132121e3b58292d834387f138d9aa598aa1177547db9ba243fa1f1e6f80
jenkins-2-plugins-3.11.1560870549-1.el7.noarch.rpm SHA-256: 5d483a8c5b93f0288cd06ffe2638cd41cbd971520e15a41eb24c2f861700c40c

Red Hat OpenShift Container Platform for Power 3.11

SRPM
atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.src.rpm SHA-256: 4244b38c2fc9a614ffc2e3a0be7150dc0f49bb85fc7f06c4819b6c7e52062150
jenkins-2-plugins-3.11.1560870549-1.el7.src.rpm SHA-256: bf60efb7b56c0a108f6738e5403b870d3f8169eda2d222c037cceadb9379b5bf
ppc64le
atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: ed4ede83cfefee0b864414696ba254ed1be6cd19cf333f3ab8636809dcaa17f6
atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: ed4ede83cfefee0b864414696ba254ed1be6cd19cf333f3ab8636809dcaa17f6
atomic-openshift-clients-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 5641fc57930941fd0877677e02874528621ab240ee86ad059d006019f3e0613e
atomic-openshift-clients-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 5641fc57930941fd0877677e02874528621ab240ee86ad059d006019f3e0613e
atomic-openshift-docker-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm SHA-256: 84305bbf4f0b3a47b018721d07cd747faaaa64340b7a38d725bdf7f9e887cae8
atomic-openshift-docker-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm SHA-256: 84305bbf4f0b3a47b018721d07cd747faaaa64340b7a38d725bdf7f9e887cae8
atomic-openshift-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm SHA-256: 61931b04d9f17285780bd73062e0b6a9c4acd73758281a5572a285a9a70e9eca
atomic-openshift-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm SHA-256: 61931b04d9f17285780bd73062e0b6a9c4acd73758281a5572a285a9a70e9eca
atomic-openshift-hyperkube-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 17586f62ae3f83f117881c186c59f25d57ba4e91ba915d3f5d4de7afd29febe8
atomic-openshift-hyperkube-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 17586f62ae3f83f117881c186c59f25d57ba4e91ba915d3f5d4de7afd29febe8
atomic-openshift-hypershift-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 84f648bcd424bdddf9a4d61ef299aef4b54a1797b86e33d06b72022e761b6308
atomic-openshift-hypershift-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 84f648bcd424bdddf9a4d61ef299aef4b54a1797b86e33d06b72022e761b6308
atomic-openshift-master-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: f5a134d889a3af73f246ceb9c906c84da0ead235241b64396e045471bec62218
atomic-openshift-master-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: f5a134d889a3af73f246ceb9c906c84da0ead235241b64396e045471bec62218
atomic-openshift-node-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 094b53cc8bd976d1ac3c804e6ac271005b013921de53078857bc1eff906bc377
atomic-openshift-node-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 094b53cc8bd976d1ac3c804e6ac271005b013921de53078857bc1eff906bc377
atomic-openshift-pod-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: e84debcc4cfe29dd1acd80c003ddd131d0e38d3016b36033423c4284c476b1eb
atomic-openshift-pod-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: e84debcc4cfe29dd1acd80c003ddd131d0e38d3016b36033423c4284c476b1eb
atomic-openshift-sdn-ovs-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 4b01fabd6cf1dadcd441df2bacbce1539ad56c86cdd1875bca01fafe55e8a42f
atomic-openshift-sdn-ovs-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: 4b01fabd6cf1dadcd441df2bacbce1539ad56c86cdd1875bca01fafe55e8a42f
atomic-openshift-template-service-broker-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: ffa0d5b74468e973825ee64d2acca6888a586d7f58d64236c20f4434059018ef
atomic-openshift-template-service-broker-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: ffa0d5b74468e973825ee64d2acca6888a586d7f58d64236c20f4434059018ef
atomic-openshift-tests-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: fd67d23fdb7ecbf0ce347cbb5788dab912dfa72629fa9ed1d41cde34a9b2ef3a
atomic-openshift-tests-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm SHA-256: fd67d23fdb7ecbf0ce347cbb5788dab912dfa72629fa9ed1d41cde34a9b2ef3a
jenkins-2-plugins-3.11.1560870549-1.el7.noarch.rpm SHA-256: 5d483a8c5b93f0288cd06ffe2638cd41cbd971520e15a41eb24c2f861700c40c
jenkins-2-plugins-3.11.1560870549-1.el7.noarch.rpm SHA-256: 5d483a8c5b93f0288cd06ffe2638cd41cbd971520e15a41eb24c2f861700c40c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility