On December 3rd, 2018, the Kubernetes Product Security team released information about a vulnerability in kubernetes. We’ve addressed this at a corporate level in these postings detailing the flaws. This issue is assigned CVE-2018-1002105 and given a security impact of Critical by Red Hat Product Security. Red Hat OpenShift is built upon kubernetes and as such these bugs were also present in Red Hat OpenShift Container Platform, Red Hat OpenShift Online and Red Hat OpenShift Dedicated.
Additional information about this can be found in the Red Hat Security Vulnerability article here: https://access.redhat.com/security/vulnerabilities/3716411
OpenShift Online (Starter, Pro and openshift.io) clusters were all upgraded prior to the security announcement, and are no longer affected by the published vulnerability.
OpenShift Dedicated customers have been notified separately regarding the remediation of their clusters.
If you have any questions, please open a case through the Red Hat support portal.
— Red Hat OpenShift SRE