Subscribe to our blog

What OpenShift Online customers should know about the recent Kubernetes bugs

December 4, 2018Dave Baker
Security 

Tags:Topics

On December 3rd, 2018, the Kubernetes Product Security team released information about a vulnerability in kubernetes.  We've addressed this at a corporate level in these postings detailing the flaws. This issue is assigned  CVE-2018-1002105 and given a security impact of Critical by Red Hat Product Security.  Red Hat OpenShift is built upon kubernetes and as such these bugs were also present in Red Hat OpenShift Container Platform, Red Hat OpenShift Online and Red Hat OpenShift Dedicated.

Additional information about this can be found in the Red Hat Security Vulnerability article here:  https://access.redhat.com/security/vulnerabilities/3716411

OpenShift Online

OpenShift Online (Starter, Pro and openshift.io) clusters were all upgraded prior to the security announcement, and are no longer affected by the published vulnerability.

OpenShift Dedicated

OpenShift Dedicated customers have been notified separately regarding the remediation of their clusters.

If you have any questions, please open a case through the Red Hat support portal.

Support links:

https://access.redhat.com/support

https://access.redhat.com/support/contact/technicalSupport/

-- Red Hat OpenShift SRE

 

About the author

Dave Baker, Principal Product Security Engineer, Red Hat

Dave Baker

Principal Product Security Engineer

Dave Baker has been with Red Hat since 2017.  He's currently working as a Design Architect in the Secure Engineering team within Product Security, and has spent the last years in various security related roles helping to protect Red Hat OpenShift Container Platform and many other products.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

More like this

Blog post

4 use cases for AI in cyber security

Blog post

Learn about trends and best practices from top security experts at Red Hat and NIST's Cybersecurity Open Forum

Original shows

Technically Speaking | Episode 22 | A new software supply chain security recipe

Original shows

Technically Speaking | Episode 18 | WebAssembly breaks away from the browser

Browse by channel

Explore all channels
automation icon

Automation

The latest on IT automation that spans tech, teams, and environments
AI icon

Artificial intelligence

Explore the platforms and partners building a faster path for AI
open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud
security icon

Security

Explore how we reduce risks across environments and technologies
edge icon

Edge computing

Updates on the solutions that simplify infrastructure at the edge
Infrastructure icon

Infrastructure

Stay up to date on the world’s leading enterprise Linux platform
application development icon

Applications

The latest on our solutions to the toughest application challenges
Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech