Red Hat recently announced information about CVE-2018-1111, a vulnerability in the integration between Network Manager and DHCP present in Red Hat Enterprise Linux.
OpenShift Online and Dedicated run on top of RHEL and as such have the vulnerable package installed. However, because each cluster is contained within individual private networks all of the common ways to exploit this flaw are effectively removed.
Regardless, due to the severity of the vulnerability all OpenShift cluster nodes were patched starting on the morning of May 15th once the updated packages were publically released. Remediation for all nodes finished within 24 hours, following the preferred maintenance window for each cluster.
For more information, please refer to the vulnerability article available at https://access.redhat.com/security/vulnerabilities/3442151.
Red Hat OpenShift SRE Team