Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2019:3905 - Security Advisory
Issued:
2019-11-18
Updated:
2019-11-18

RHSA-2019:3905 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 3.11 atomic-openshift security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for atomic-openshift is now available for Red Hat OpenShift
Container Platform 3.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.154.

Security Fix(es):

  • kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service (CVE-2019-11253)
  • kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For OpenShift Container Platform 3.11, see the following documentation, which
will be updated shortly for release 3.11.154, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

Affected Products

  • Red Hat OpenShift Container Platform 3.11 x86_64
  • Red Hat OpenShift Container Platform for Power 3.11 ppc64le

Fixes

  • BZ - 1753495 - CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
  • BZ - 1757701 - CVE-2019-11253 kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service

CVEs

  • CVE-2019-11251
  • CVE-2019-11253

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 3.11

SRPM
atomic-openshift-3.11.154-1.git.0.7a097ad.el7.src.rpm SHA-256: 933e2624ae0410dd063c54fa4913c2876001e45a766a32d0a7e55a688937a09e
x86_64
atomic-openshift-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 95f6acc835c18641d1a4c1f783d501311b6f10d4638ac98a6c84adebdc3da1fd
atomic-openshift-clients-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: a50b8d08814dbaadc2f0c5e18d153afc61a9f71a59cd2cc1f60e56eaf443216f
atomic-openshift-clients-redistributable-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 9b2cb45cb78e99fff8e43af036be68614320f3432eb394e966623422d8c265a8
atomic-openshift-docker-excluder-3.11.154-1.git.0.7a097ad.el7.noarch.rpm SHA-256: b3d8721ca59d16141152c74aaa8dce9c8f3dd35dac989f160f0c14f04b3f5cae
atomic-openshift-excluder-3.11.154-1.git.0.7a097ad.el7.noarch.rpm SHA-256: b8e82663a71f06dc06ca7254566176cfe790fb5a07c46d5fea127e2400cfb20c
atomic-openshift-hyperkube-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 2f28584d2f800d3b90b72fcff34a4fd0ad2b95b106e0c11e810e59b1fd183e52
atomic-openshift-hypershift-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 9a0d3a4b148d68c05c470d72fcad9106443419b21ad7812a059eb878e697b3f0
atomic-openshift-master-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: f20edbf6f6017a885b215bda377bccdca8f056b3964f963e5d98694482ae1a56
atomic-openshift-node-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 253e36383d8ceb5562200c21dba50f5bb6dd1784890be104cc74fcc96fbec9a9
atomic-openshift-pod-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 68b84e42106eadb82cbcdd0d9f630ea8b0e2e5e1bb74f64a928f07770577db5b
atomic-openshift-sdn-ovs-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: aff70b57a53fa6a9206837d94677824cf2e693f1530f98868bd882c311fda864
atomic-openshift-template-service-broker-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: faf0dceea0bed5b83e94f5fb9d480982cb93cbaafc804a8c9ee5b004bdacef4c
atomic-openshift-tests-3.11.154-1.git.0.7a097ad.el7.x86_64.rpm SHA-256: 9f4daedb5d2f28863986c03888fa73dfab5ebf251f2c8d214fd5b889bfc030f8

Red Hat OpenShift Container Platform for Power 3.11

SRPM
atomic-openshift-3.11.154-1.git.0.7a097ad.el7.src.rpm SHA-256: 933e2624ae0410dd063c54fa4913c2876001e45a766a32d0a7e55a688937a09e
ppc64le
atomic-openshift-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 0ae922d044d00d17d2068a3699c7e9ceda22a50d7e48951f237783180f2bc62a
atomic-openshift-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 0ae922d044d00d17d2068a3699c7e9ceda22a50d7e48951f237783180f2bc62a
atomic-openshift-clients-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 03da3b8f543d2a18470a6a601086ac62c8c8e2f776da69d0b96ed421fbd88f0f
atomic-openshift-clients-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 03da3b8f543d2a18470a6a601086ac62c8c8e2f776da69d0b96ed421fbd88f0f
atomic-openshift-docker-excluder-3.11.154-1.git.0.7a097ad.el7.noarch.rpm SHA-256: b3d8721ca59d16141152c74aaa8dce9c8f3dd35dac989f160f0c14f04b3f5cae
atomic-openshift-docker-excluder-3.11.154-1.git.0.7a097ad.el7.noarch.rpm SHA-256: b3d8721ca59d16141152c74aaa8dce9c8f3dd35dac989f160f0c14f04b3f5cae
atomic-openshift-excluder-3.11.154-1.git.0.7a097ad.el7.noarch.rpm SHA-256: b8e82663a71f06dc06ca7254566176cfe790fb5a07c46d5fea127e2400cfb20c
atomic-openshift-excluder-3.11.154-1.git.0.7a097ad.el7.noarch.rpm SHA-256: b8e82663a71f06dc06ca7254566176cfe790fb5a07c46d5fea127e2400cfb20c
atomic-openshift-hyperkube-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 13edb9956aaf36b45e394a71ff5871a68df4ce3547581f00b1a64caa3223ed95
atomic-openshift-hyperkube-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 13edb9956aaf36b45e394a71ff5871a68df4ce3547581f00b1a64caa3223ed95
atomic-openshift-hypershift-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 2731ad1bdbead7e2554269ae7f8202d8854112ca38aede5fe8a9b8b393e5c2d4
atomic-openshift-hypershift-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 2731ad1bdbead7e2554269ae7f8202d8854112ca38aede5fe8a9b8b393e5c2d4
atomic-openshift-master-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: c02bd80face9a46d02ff885499302d28255db6ee0912d908e70ba65bf66dc2dc
atomic-openshift-master-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: c02bd80face9a46d02ff885499302d28255db6ee0912d908e70ba65bf66dc2dc
atomic-openshift-node-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: c7c2288a8d2881552f4800bdf4b5eafa780b64c44e55a54034e27ea5e3fa3edb
atomic-openshift-node-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: c7c2288a8d2881552f4800bdf4b5eafa780b64c44e55a54034e27ea5e3fa3edb
atomic-openshift-pod-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: de4482aa7d62123f054102dbd23fc815ca94a13e4d62ef6ac12624dcff7c75a5
atomic-openshift-pod-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: de4482aa7d62123f054102dbd23fc815ca94a13e4d62ef6ac12624dcff7c75a5
atomic-openshift-sdn-ovs-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 6cfcbd15e61b845686281040f4dcc1555c8a95d9617a04c210fe5b7b845f5c63
atomic-openshift-sdn-ovs-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 6cfcbd15e61b845686281040f4dcc1555c8a95d9617a04c210fe5b7b845f5c63
atomic-openshift-template-service-broker-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 2c0c769467a37ccbf9257b73c7f0325e75aa278cfff83448d169b795dd1a6cb7
atomic-openshift-template-service-broker-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: 2c0c769467a37ccbf9257b73c7f0325e75aa278cfff83448d169b795dd1a6cb7
atomic-openshift-tests-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: f680baa05742d033ccad154a1f0ee3fe6acc1302c64d0dc700a6ade49f8a9699
atomic-openshift-tests-3.11.154-1.git.0.7a097ad.el7.ppc64le.rpm SHA-256: f680baa05742d033ccad154a1f0ee3fe6acc1302c64d0dc700a6ade49f8a9699

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter