Red Hat OpenShift 3.5 RHSA-2018-3624-01 Critical Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: OpenShift Container Platform 3.5 security update
Advisory ID:       RHSA-2018:3624-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3624
Issue date:        2018-12-03
CVE Names:         CVE-2018-1002105 
====================================================================
1. Summary:

An update is now available for Red Hat OpenShift Container Platform release
3.5.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 3.5 - noarch, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):

* A privilege escalation vulnerability exists in OpenShift Container
Platform 3.x which allows for compromise of pods running on a compute node
to which a pod is scheduled with normal user privilege. This access could
include access to all secrets, pods, environment variables, running
pod/container processes, and persistent volumes, including in privileged
containers. Additionally, on versions 3.6 and higher of OpenShift Container
Platform, this vulnerability allows cluster-admin level access to any API
hosted by an aggregated API server. This includes the ‘servicecatalog’ API
which is installed by default in 3.7 and later. Cluster-admin level access
to the service catalog allows creation of brokered services by an
unauthenticated user with escalated privileges in any namespace and on any
node. This could lead to an attacker being allowed to deploy malicious
code, or alter existing services. (CVE-2018-1002105)

Space precludes documenting all of the bug fixes and enhancements in this
advisory. See the following Release Notes documentation for details about
these changes:

ease_notes.html

All OpenShift Container Platform 3.5 users are advised to upgrade to these
updated packages and images.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1563329 - Mounting socket files from subPaths fail
1568292 - [3.5]Failed to prevent s2i builder images from running as root
1573956 - Kibana page displays "OPENSHIFT ORIGIN" in OCP
1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

6. Package List:

Red Hat OpenShift Container Platform 3.5:

Source:
atomic-openshift-3.5.5.31.80-1.git.0.c4a0780.el7.src.rpm
cockpit-160-3.el7.src.rpm
openshift-ansible-3.5.175-1.git.0.1274ebe.el7.src.rpm

noarch:
atomic-openshift-docker-excluder-3.5.5.31.80-1.git.0.c4a0780.el7.noarch.rpm
atomic-openshift-excluder-3.5.5.31.80-1.git.0.c4a0780.el7.noarch.rpm
atomic-openshift-utils-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-callback-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-docs-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-filter-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-playbooks-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
openshift-ansible-roles-3.5.175-1.git.0.1274ebe.el7.noarch.rpm

x86_64:
atomic-openshift-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-clients-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-clients-redistributable-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-dockerregistry-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-master-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-node-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-pod-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-sdn-ovs-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
atomic-openshift-tests-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm
cockpit-debuginfo-160-3.el7.x86_64.rpm
cockpit-kubernetes-160-3.el7.x86_64.rpm
tuned-profiles-atomic-openshift-node-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2018-1002105
https://access.redhat.com/security/updates/classification#critical
https://docs.redhat.com/en/documentation/openshift_container_platform/3.5/html/release_notes/release-notes-ocp-3-5-release-notes

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXAVpTNzjgjWX9erEAQgbvRAAjLwkonIPikx7ofM1DZ40aI0AwSrMhRK1
pGPx+rriDE5AndP+ElQJvGxVGW3311f41onUgwHlKsur29KjLRxxHTddQvA/IN1X
1RmuCMKtJkOIczqw/wu/n0qm4BXZzekrcSbzIeRXz0cwD7qt3VZZDrhnJh1io7Tw
3SHLi3kTyYcudPFKFAcSfuy1jDW1dG0zOMzA2CuwMuwEN0KhPCrS8co37g9lMfaJ
dPGgj69BpPqQhOXHF2mHIbzvR4GTAF21eusAgDdDWxPBhZIxlSkem/WqMkpXKahc
38oAzgPZd88yuiKTG+/JHrVFHu4Hlhgl14fU33XqPADpk0+QnDf22N8z82ez1utt
d04lZzS48srqy8t18vPR8WnRA2Ftoze+7j+PZK01m1yVoKW7Eue8JnnTWfuavgiR
bZdxYQE4wQrTKrhKRPdsk6mP11h1jdxjZ1sDXiUsYMKtBBMy9r5SX3UhbgSlqIgx
ER6vdh6m7bWfUZGorVRN5mjWZi1eKIfk/4bHFVcXMdXm0BxM4QTwZRNZ7RO/JB2i
DIJgv19fsIjYuM/kOzD85HW3c7Ti0sbW/VLQsdtykyHqDi3HeJXoGV4cXR2KqK8l
HWhLDvCiTmYTqcUNmdoYARG3lKU8ax8S9qjzQIj8nDCZsW3SZLXaG+O/uVZaXkTu
fY0if+mXW4w=ON+p
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat OpenShift 3.5 RHSA-2018-3624-01 Critical Privilege Escalation

red hat

December 3, 2018

An update is now available for Red Hat OpenShift Container Platform release 3.5

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es):
* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:
ease_notes.html
All OpenShift Container Platform 3.5 users are advised to upgrade to these updated packages and images.

Topics Covered

security advisory privilege escalation critical update Red Hat OpenShift container platform

References

https://access.redhat.com/security/cve/CVE-2018-1002105 https://access.redhat.com/security/updates/classification#critical https://docs.redhat.com/en/documentation/openshift_container_platform/3.5/html/release_notes/release-notes-ocp-3-5-release-notes

Package List

Red Hat OpenShift Container Platform 3.5:
Source: atomic-openshift-3.5.5.31.80-1.git.0.c4a0780.el7.src.rpm cockpit-160-3.el7.src.rpm openshift-ansible-3.5.175-1.git.0.1274ebe.el7.src.rpm
noarch: atomic-openshift-docker-excluder-3.5.5.31.80-1.git.0.c4a0780.el7.noarch.rpm atomic-openshift-excluder-3.5.5.31.80-1.git.0.c4a0780.el7.noarch.rpm atomic-openshift-utils-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-callback-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-docs-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-filter-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-lookup-plugins-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-playbooks-3.5.175-1.git.0.1274ebe.el7.noarch.rpm openshift-ansible-roles-3.5.175-1.git.0.1274ebe.el7.noarch.rpm
x86_64: atomic-openshift-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm atomic-openshift-clients-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm atomic-openshift-dockerregistry-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm atomic-openshift-master-3.5.5.31.80-1.git.0.c4a0780.el7.x86_64.rpm

Read the Full Advisory

Severity

critical

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2018:3624-01

Product: Red Hat OpenShift Enterprise

Advisory URL: https://access.redhat.com/errata/RHSA-2018:3624

Issue date: 2018-12-03

Topic

An update is now available for Red Hat OpenShift Container Platform release3.5.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory privilege escalation critical update Red Hat OpenShift container platform

Relevant Releases Architectures

Red Hat OpenShift Container Platform 3.5 - noarch, x86_64

Bugs Fixed

1563329 - Mounting socket files from subPaths fail

1568292 - [3.5]Failed to prevent s2i builder images from running as root

1573956 - Kibana page displays "OPENSHIFT ORIGIN" in OCP

1648138 - CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat OpenShift 3.5 RHSA-2018-3624-01 Critical Privilege Escalation

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat OpenShift 3.5 RHSA-2018-3624-01 Critical Privilege Escalation

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat OpenShift 3.5 RHSA-2018-3624-01 Critical Privilege Escalation

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat OpenShift 3.5 RHSA-2018-3624-01 Critical Privilege Escalation

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!