Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1102 (GCVE-0-2018-1102)
Vulnerability from cvelistv5 – Published: 2018-04-30 19:00 – Updated: 2024-08-05 03:51
VLAI?
EPSS
Summary
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | atomic-openshift |
Affected:
as shipped with Openshift Enterprise 3.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"name": "RHSA-2018:1241",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"name": "RHSA-2018:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"name": "RHSA-2019:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"name": "RHSA-2018:1237",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"name": "RHSA-2018:1227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"name": "RHSA-2018:1243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"name": "RHSA-2018:1231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"name": "RHSA-2018:1229",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"name": "RHSA-2018:1239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "atomic-openshift",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "as shipped with Openshift Enterprise 3.x"
}
]
}
],
"datePublic": "2018-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:1235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"name": "RHSA-2018:1241",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"name": "RHSA-2018:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"name": "RHSA-2019:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"name": "RHSA-2018:1237",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"name": "RHSA-2018:1227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"name": "RHSA-2018:1243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"name": "RHSA-2018:1231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"name": "RHSA-2018:1229",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"name": "RHSA-2018:1239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1102",
"datePublished": "2018-04-30T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:49.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"45690263-84D9-45A1-8C30-3ED2F0F11F47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"F8E35FAB-695F-44DA-945D-60B47C1F200B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"F33CEF04-05FA-444C-BB14-F3E3434AF61F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"84C890EC-229B-458B-AEF7-EA03C6248A25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"E1056A33-690E-4120-821F-52B9705CB84B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"4B196A82-385B-492A-8927-723CB8690CCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"2D9724B7-D99B-4376-B1B5-5CE5F336D767\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"2C73555F-B229-4946-B27B-E0FADA31625F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"A8F8362B-DA49-439F-ADA1-B5BA443F91F7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado un error en la funci\\u00f3n source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validaci\\u00f3n incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios.\"}]",
"id": "CVE-2018-1102",
"lastModified": "2024-11-21T03:59:11.153",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-04-30T19:29:00.217",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2018:1227\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1229\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1231\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1233\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1235\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1237\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1239\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1241\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1243\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0036\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1562246\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1241\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1243\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1562246\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1102\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-04-30T19:29:00.217\",\"lastModified\":\"2024-11-21T03:59:11.153\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un error en la funci\u00f3n source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validaci\u00f3n incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"45690263-84D9-45A1-8C30-3ED2F0F11F47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F8E35FAB-695F-44DA-945D-60B47C1F200B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F33CEF04-05FA-444C-BB14-F3E3434AF61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"84C890EC-229B-458B-AEF7-EA03C6248A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"E1056A33-690E-4120-821F-52B9705CB84B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"4B196A82-385B-492A-8927-723CB8690CCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"2D9724B7-D99B-4376-B1B5-5CE5F336D767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"2C73555F-B229-4946-B27B-E0FADA31625F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"A8F8362B-DA49-439F-ADA1-B5BA443F91F7\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1227\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1229\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1231\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1233\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1235\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1237\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1239\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1241\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1243\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0036\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1562246\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1562246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
GHSA-X9M6-VQ2V-79QG
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI?
Details
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-1102"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-30T19:29:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"id": "GHSA-x9m6-vq2v-79qg",
"modified": "2022-05-13T01:33:33Z",
"published": "2022-05-13T01:33:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2018_1227
Vulnerability from csaf_redhat - Published: 2018-04-28 03:37 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.9.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1226
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1226\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1227",
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1569674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569674"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1227.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security update",
"tracking": {
"current_release_date": "2024-11-14T23:41:35+00:00",
"generator": {
"date": "2024-11-14T23:41:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1227",
"initial_release_date": "2018-04-28T03:37:04+00:00",
"revision_history": [
{
"date": "2018-04-28T03:37:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-28T03:37:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.25-1.git.0.6bc473e.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.25-1.git.0.6bc473e.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"product_id": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.25-1.git.0.6bc473e.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-28T03:37:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1229
Vulnerability from csaf_redhat - Published: 2018-04-28 11:56 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.8 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.8.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1228
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1228\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1229",
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1229.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.8 security update",
"tracking": {
"current_release_date": "2025-11-21T18:04:28+00:00",
"generator": {
"date": "2025-11-21T18:04:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1229",
"initial_release_date": "2018-04-28T11:56:49+00:00",
"revision_history": [
{
"date": "2018-04-28T11:56:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-28T11:56:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.8",
"product": {
"name": "Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.8::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.8.37-1.git.224.8e15ecf.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"product_id": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.8.37-1.git.224.8e15ecf.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"product": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"product_id": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.8.37-1.git.0.be319af.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"product": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"product_id": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.8.37-1.git.0.e85a326.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.8.37-1.git.0.e85a326.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.8.37-1.git.0.e85a326.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src"
},
"product_reference": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src"
},
"product_reference": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-28T11:56:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1237
Vulnerability from csaf_redhat - Published: 2018-04-30 05:27 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1236
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1236\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1237",
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1552613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552613"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1237.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.4 security update",
"tracking": {
"current_release_date": "2025-11-21T18:04:29+00:00",
"generator": {
"date": "2025-11-21T18:04:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1237",
"initial_release_date": "2018-04-30T05:27:12+00:00",
"revision_history": [
{
"date": "2018-04-30T05:27:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T05:27:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.4",
"product": {
"name": "Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"product": {
"name": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"product_id": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ruamel-yaml@0.12.14-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"product": {
"name": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"product_id": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ruamel-yaml-debuginfo@0.12.14-9.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"product": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"product_id": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.53-1.git.0.d7eb028.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"product": {
"name": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"product_id": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ruamel-yaml@0.12.14-9.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"product": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"product_id": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.4.168-1.git.0.bb73aad.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.4.1.44.53-1.git.0.d7eb028.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.4.1.44.53-1.git.0.d7eb028.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src"
},
"product_reference": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src"
},
"product_reference": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ruamel-yaml-0:0.12.14-9.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src"
},
"product_reference": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64"
},
"product_reference": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64"
},
"product_reference": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T05:27:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1239
Vulnerability from csaf_redhat - Published: 2018-04-29 20:24 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.3 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.3.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1238
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.3.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1238\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1239",
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1568130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568130"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1239.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.3 security update",
"tracking": {
"current_release_date": "2024-11-14T23:41:29+00:00",
"generator": {
"date": "2024-11-14T23:41:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1239",
"initial_release_date": "2018-04-29T20:24:54+00:00",
"revision_history": [
{
"date": "2018-04-29T20:24:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:24:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.3",
"product": {
"name": "Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"product": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"product_id": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src"
},
"product_reference": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:24:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1229
Vulnerability from csaf_redhat - Published: 2018-04-28 11:56 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.8 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.8.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1228
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1228\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1229",
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1229.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.8 security update",
"tracking": {
"current_release_date": "2024-11-14T23:41:01+00:00",
"generator": {
"date": "2024-11-14T23:41:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1229",
"initial_release_date": "2018-04-28T11:56:49+00:00",
"revision_history": [
{
"date": "2018-04-28T11:56:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-28T11:56:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.8",
"product": {
"name": "Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.8::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.8.37-1.git.224.8e15ecf.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_id": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.8.37-1.git.0.e85a326.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"product_id": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.8.37-1.git.224.8e15ecf.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"product": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"product_id": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.8.37-1.git.0.be319af.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"product": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"product_id": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.8.37-1.git.0.e85a326.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.8.37-1.git.0.be319af.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.8.37-1.git.0.e85a326.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.8.37-1.git.0.e85a326.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src"
},
"product_reference": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src"
},
"product_reference": "openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
"product_id": "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-28T11:56:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.src",
"7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.37-1.git.0.e85a326.el7.noarch",
"7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.37-1.git.0.e85a326.el7.x86_64",
"7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.37-1.git.0.be319af.el7.src",
"7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.37-1.git.0.be319af.el7.noarch",
"7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.37-1.git.0.e85a326.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1243
Vulnerability from csaf_redhat - Published: 2018-04-29 20:26 - Updated: 2024-11-14 23:40Summary
Red Hat Security Advisory: OpenShift Container Platform 3.1 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.1.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1242
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.1.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1242\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1243",
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1570157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570157"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1243.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.1 security update",
"tracking": {
"current_release_date": "2024-11-14T23:40:51+00:00",
"generator": {
"date": "2024-11-14T23:40:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1243",
"initial_release_date": "2018-04-29T20:26:10+00:00",
"revision_history": [
{
"date": "2018-04-29T20:26:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:26:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:40:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise 3.1",
"product": {
"name": "Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-recycle@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.1.1.11-4.git.3.12809c8.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.1.1.11-4.git.3.12809c8.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"product": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"product_id": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.1.1.11-4.git.3.12809c8.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src"
},
"product_reference": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:26:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1235
Vulnerability from csaf_redhat - Published: 2018-04-30 05:01 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.5 security, bug fix, and enhancement update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.5.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1234
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
This update also fixes the following bugs:
* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559991)
* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549902)
* Fluentd fails to properly process messages when it is unable to determine the namespace and pod UUIDs. The logging pipeline produces many messages and sometimes blocks log flow to Elasticsearch. This bug fix checks for the missing fields and sets the record as orphaned, if needed. As a result, logs now continue to flow and orphaned records end up in an orphaned namespace. (BZ#1520629)
* The "Add Donut char to Dashboard" button is always visible, even when the application does not include a dashboard, and click on the button does not do anything. This bug fix removes the button, as a result the the feature is not available, as it should be. (BZ#1551503)
This update also adds the following enhancement:
* An `.operations` index-mapping in a non-ops Elasticsearch cluster is no longer displayed because operations indices will never exist in a non-ops Elasticsearch cluster. (BZ#1519709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.5.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1234\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nThis update also fixes the following bugs:\n\n* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559991)\n\n* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549902)\n\n* Fluentd fails to properly process messages when it is unable to determine the namespace and pod UUIDs. The logging pipeline produces many messages and sometimes blocks log flow to Elasticsearch. This bug fix checks for the missing fields and sets the record as orphaned, if needed. As a result, logs now continue to flow and orphaned records end up in an orphaned namespace. (BZ#1520629)\n\n* The \"Add Donut char to Dashboard\" button is always visible, even when the application does not include a dashboard, and click on the button does not do anything. This bug fix removes the button, as a result the the feature is not available, as it should be. (BZ#1551503)\n\nThis update also adds the following enhancement:\n\n* An `.operations` index-mapping in a non-ops Elasticsearch cluster is no longer displayed because operations indices will never exist in a non-ops Elasticsearch cluster. (BZ#1519709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1235",
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1519709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519709"
},
{
"category": "external",
"summary": "1520629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520629"
},
{
"category": "external",
"summary": "1549902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549902"
},
{
"category": "external",
"summary": "1551503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551503"
},
{
"category": "external",
"summary": "1554871",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554871"
},
{
"category": "external",
"summary": "1559669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559669"
},
{
"category": "external",
"summary": "1559991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559991"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1235.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.5 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:04:29+00:00",
"generator": {
"date": "2025-11-21T18:04:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1235",
"initial_release_date": "2018-04-30T05:01:25+00:00",
"revision_history": [
{
"date": "2018-04-30T05:01:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T05:01:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.5",
"product": {
"name": "Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"product": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"product_id": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"product": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"product_id": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.5.165-1.git.0.475fa67.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src"
},
"product_reference": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src"
},
"product_reference": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T05:01:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2019_0036
Vulnerability from csaf_redhat - Published: 2019-01-08 13:45 - Updated: 2024-11-05 20:55Summary
Red Hat Security Advisory: source-to-image security, bug fix, and enhancement update
Notes
Topic
An update for source-to-image is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Source-to-Image (S2I) is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image (the builder) and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more.
The following packages have been upgraded to a later upstream version: source-to-image (1.1.13). (BZ#1654243)
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for source-to-image is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Source-to-Image (S2I) is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image (the builder) and built source, and is ready to use with the \"docker run\" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more.\n\nThe following packages have been upgraded to a later upstream version: source-to-image (1.1.13). (BZ#1654243)\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0036",
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1336631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336631"
},
{
"category": "external",
"summary": "1450131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450131"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0036.json"
}
],
"title": "Red Hat Security Advisory: source-to-image security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-05T20:55:58+00:00",
"generator": {
"date": "2024-11-05T20:55:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:0036",
"initial_release_date": "2019-01-08T13:45:32+00:00",
"revision_history": [
{
"date": "2019-01-08T13:45:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-01-08T13:45:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:55:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "source-to-image-0:1.1.13-1.el7.x86_64",
"product": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64",
"product_id": "source-to-image-0:1.1.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/source-to-image@1.1.13-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "source-to-image-0:1.1.13-1.el7.src",
"product": {
"name": "source-to-image-0:1.1.13-1.el7.src",
"product_id": "source-to-image-0:1.1.13-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/source-to-image@1.1.13-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-08T13:45:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1237
Vulnerability from csaf_redhat - Published: 2018-04-30 05:27 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1236
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1236\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1237",
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1552613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552613"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1237.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.4 security update",
"tracking": {
"current_release_date": "2024-11-14T23:41:24+00:00",
"generator": {
"date": "2024-11-14T23:41:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1237",
"initial_release_date": "2018-04-30T05:27:12+00:00",
"revision_history": [
{
"date": "2018-04-30T05:27:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T05:27:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.4",
"product": {
"name": "Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.4.1.44.53-1.git.0.d7eb028.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"product": {
"name": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"product_id": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ruamel-yaml@0.12.14-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"product": {
"name": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"product_id": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ruamel-yaml-debuginfo@0.12.14-9.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"product": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"product_id": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.53-1.git.0.d7eb028.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"product": {
"name": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"product_id": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ruamel-yaml@0.12.14-9.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"product": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"product_id": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.4.168-1.git.0.bb73aad.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.4.1.44.53-1.git.0.d7eb028.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.4.1.44.53-1.git.0.d7eb028.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.4.168-1.git.0.bb73aad.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src"
},
"product_reference": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src"
},
"product_reference": "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ruamel-yaml-0:0.12.14-9.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src"
},
"product_reference": "python-ruamel-yaml-0:0.12.14-9.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64"
},
"product_reference": "python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64"
},
"product_reference": "python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
"product_id": "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T05:27:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.src",
"7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.53-1.git.0.d7eb028.el7.noarch",
"7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64",
"7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7.src",
"7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.168-1.git.0.bb73aad.el7.noarch",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-0:0.12.14-9.el7.src",
"7Server-RH7-RHOSE-3.4:python-ruamel-yaml-debuginfo-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:python2-ruamel-yaml-0:0.12.14-9.el7.x86_64",
"7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.53-1.git.0.d7eb028.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1231
Vulnerability from csaf_redhat - Published: 2018-04-29 20:12 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.7 security and bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1230
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
This update also fixes the following bugs:
* Fluentd inserts documents (logs) into Elasticsearch using the bulk insert API, but relies upon Elasticsearch to generate UUIDs for each document. It does not remove successfully indexed documents from the bulk payload when the bulk operation fails. This caused the initial payload to be resubmitted and documents that were successfully indexed to be submitted again, which results in duplicate documents with different UUIDs. This bug fix ensures that document IDs are generated before submitting bulk insert requests. As a result, Elasticsearch will disregard the insertion of documents that already exist in the data store and insert documents that do not. (BZ#1556896)
* A user can set a host name to `localhost`, which confuses the router check to see if the reload completed. This caused the reload to never return success, causing the router to fail. This bug fix changes the health check so that it does not pass the host name `localhost`. As a result, routers can now reload successfully. (BZ#1548102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1230\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nThis update also fixes the following bugs:\n\n* Fluentd inserts documents (logs) into Elasticsearch using the bulk insert API, but relies upon Elasticsearch to generate UUIDs for each document. It does not remove successfully indexed documents from the bulk payload when the bulk operation fails. This caused the initial payload to be resubmitted and documents that were successfully indexed to be submitted again, which results in duplicate documents with different UUIDs. This bug fix ensures that document IDs are generated before submitting bulk insert requests. As a result, Elasticsearch will disregard the insertion of documents that already exist in the data store and insert documents that do not. (BZ#1556896)\n\n* A user can set a host name to `localhost`, which confuses the router check to see if the reload completed. This caused the reload to never return success, causing the router to fail. This bug fix changes the health check so that it does not pass the host name `localhost`. As a result, routers can now reload successfully. (BZ#1548102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1231",
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1505684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505684"
},
{
"category": "external",
"summary": "1548102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548102"
},
{
"category": "external",
"summary": "1553707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553707"
},
{
"category": "external",
"summary": "1554865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554865"
},
{
"category": "external",
"summary": "1556782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556782"
},
{
"category": "external",
"summary": "1556896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556896"
},
{
"category": "external",
"summary": "1557492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557492"
},
{
"category": "external",
"summary": "1559225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559225"
},
{
"category": "external",
"summary": "1559671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559671"
},
{
"category": "external",
"summary": "1560430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560430"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1562966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562966"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1231.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.7 security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:04:29+00:00",
"generator": {
"date": "2025-11-21T18:04:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1231",
"initial_release_date": "2018-04-29T20:12:32+00:00",
"revision_history": [
{
"date": "2018-04-29T20:12:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:12:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.7",
"product": {
"name": "Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.14.0-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"product": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"product_id": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.7.44-1.git.0.6b061d4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.0.6-1.el7.src",
"product": {
"name": "apb-0:1.0.6-1.el7.src",
"product_id": "apb-0:1.0.6-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.0.6-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.14.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch-doc@1.14.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.7.44-1.git.0.6b061d4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.7.44-1.git.0.6b061d4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"product": {
"name": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"product_id": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb-container-scripts@1.0.6-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.0.6-1.el7.noarch",
"product": {
"name": "apb-0:1.0.6-1.el7.noarch",
"product_id": "apb-0:1.0.6-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.0.6-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.0.6-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch"
},
"product_reference": "apb-0:1.0.6-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.0.6-1.el7.src as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src"
},
"product_reference": "apb-0:1.0.6-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-container-scripts-0:1.0.6-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch"
},
"product_reference": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src"
},
"product_reference": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:12:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2019:0036
Vulnerability from csaf_redhat - Published: 2019-01-08 13:45 - Updated: 2025-11-21 18:07Summary
Red Hat Security Advisory: source-to-image security, bug fix, and enhancement update
Notes
Topic
An update for source-to-image is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Source-to-Image (S2I) is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image (the builder) and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more.
The following packages have been upgraded to a later upstream version: source-to-image (1.1.13). (BZ#1654243)
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for source-to-image is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Source-to-Image (S2I) is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image (the builder) and built source, and is ready to use with the \"docker run\" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more.\n\nThe following packages have been upgraded to a later upstream version: source-to-image (1.1.13). (BZ#1654243)\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0036",
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1336631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336631"
},
{
"category": "external",
"summary": "1450131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450131"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0036.json"
}
],
"title": "Red Hat Security Advisory: source-to-image security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:07:17+00:00",
"generator": {
"date": "2025-11-21T18:07:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:0036",
"initial_release_date": "2019-01-08T13:45:32+00:00",
"revision_history": [
{
"date": "2019-01-08T13:45:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-01-08T13:45:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:07:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "source-to-image-0:1.1.13-1.el7.x86_64",
"product": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64",
"product_id": "source-to-image-0:1.1.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/source-to-image@1.1.13-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "source-to-image-0:1.1.13-1.el7.src",
"product": {
"name": "source-to-image-0:1.1.13-1.el7.src",
"product_id": "source-to-image-0:1.1.13-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/source-to-image@1.1.13-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "source-to-image-0:1.1.13-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
},
"product_reference": "source-to-image-0:1.1.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-08T13:45:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.4.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.5.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2-7.6.Z:source-to-image-0:1.1.13-1.el7.x86_64",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.src",
"7Server-RHSCL-3.2:source-to-image-0:1.1.13-1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1227
Vulnerability from csaf_redhat - Published: 2018-04-28 03:37 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.9.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1226
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1226\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1227",
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1569674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569674"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1227.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security update",
"tracking": {
"current_release_date": "2025-11-21T18:04:28+00:00",
"generator": {
"date": "2025-11-21T18:04:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1227",
"initial_release_date": "2018-04-28T03:37:04+00:00",
"revision_history": [
{
"date": "2018-04-28T03:37:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-28T03:37:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.25-1.git.0.6bc473e.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.25-1.git.0.6bc473e.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.25-1.git.0.6bc473e.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"product_id": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.25-1.git.0.6bc473e.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-28T03:37:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.25-1.git.0.6bc473e.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.25-1.git.0.6bc473e.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.25-1.git.0.6bc473e.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1233
Vulnerability from csaf_redhat - Published: 2018-04-30 04:00 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.6 security and bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.6.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1232
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
This update also fixes the following bugs:
* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559982)
* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1232\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nThis update also fixes the following bugs:\n\n* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559982)\n\n* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1233",
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1490989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490989"
},
{
"category": "external",
"summary": "1549916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549916"
},
{
"category": "external",
"summary": "1554866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554866"
},
{
"category": "external",
"summary": "1556796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556796"
},
{
"category": "external",
"summary": "1559670",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559670"
},
{
"category": "external",
"summary": "1559982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559982"
},
{
"category": "external",
"summary": "1561236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561236"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1563317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563317"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1233.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.6 security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:04:29+00:00",
"generator": {
"date": "2025-11-21T18:04:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1233",
"initial_release_date": "2018-04-30T04:00:45+00:00",
"revision_history": [
{
"date": "2018-04-30T04:00:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T04:00:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.6",
"product": {
"name": "Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-multi_json-0:1.13.1-1.el7.src",
"product": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.src",
"product_id": "rubygem-multi_json-0:1.13.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-multi_json@1.13.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"product": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"product_id": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-data@1.2018.3-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-faraday-0:0.13.1-1.el7.src",
"product": {
"name": "rubygem-faraday-0:0.13.1-1.el7.src",
"product_id": "rubygem-faraday-0:0.13.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-faraday@0.13.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.3-1.el7.src",
"product": {
"name": "rubygem-minitest-0:5.10.3-1.el7.src",
"product_id": "rubygem-minitest-0:5.10.3-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.3-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"product_id": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.5-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"product": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"product_id": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"product_id": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-systemd@0.0.9-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"product_id": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-0:1.2.2-1.el7.src",
"product": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.src",
"product_id": "rubygem-msgpack-0:1.2.2-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack@1.2.2-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"product": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"product_id": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-systemd-journal@1.3.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-ffi-0:1.9.23-1.el7.src",
"product": {
"name": "rubygem-ffi-0:1.9.23-1.el7.src",
"product_id": "rubygem-ffi-0:1.9.23-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-ffi@1.9.23-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-0:1.5.3-1.el7.src",
"product": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.src",
"product_id": "rubygem-cool.io-0:1.5.3-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io@1.5.3-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-excon-0:0.60.0-1.el7.src",
"product": {
"name": "rubygem-excon-0:0.60.0-1.el7.src",
"product_id": "rubygem-excon-0:0.60.0-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-excon@0.60.0-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"product": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"product_id": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext@0.0.7.5-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"product": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"product_id": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-multi_json@1.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"product": {
"name": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"product_id": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-multi_json-doc@1.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"product_id": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-data@1.2018.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"product_id": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-data-doc@1.2018.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"product": {
"name": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"product_id": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-faraday-doc@0.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"product": {
"name": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"product_id": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-faraday@0.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"product": {
"name": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"product_id": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"product": {
"name": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"product_id": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest-doc@5.10.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"product_id": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.5-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"product_id": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.5-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-systemd-doc@0.0.9-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-systemd@0.0.9-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter-doc@1.0.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"product": {
"name": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"product_id": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack-doc@1.2.2-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"product": {
"name": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"product_id": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-systemd-journal-doc@1.3.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"product": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"product_id": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-systemd-journal@1.3.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"product": {
"name": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"product_id": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io-doc@1.5.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"product": {
"name": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"product_id": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-excon-doc@0.60.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-excon-0:0.60.0-1.el7.noarch",
"product": {
"name": "rubygem-excon-0:0.60.0-1.el7.noarch",
"product_id": "rubygem-excon-0:0.60.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-excon@0.60.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"product": {
"name": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"product_id": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext-doc@0.0.7.5-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"product": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"product_id": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack@1.2.2-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"product": {
"name": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"product_id": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack-debuginfo@1.2.2-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"product": {
"name": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"product_id": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-ffi-debuginfo@1.9.23-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"product": {
"name": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"product_id": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-ffi@1.9.23-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"product": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"product_id": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io@1.5.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"product": {
"name": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"product_id": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io-debuginfo@1.5.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"product": {
"name": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"product_id": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext-debuginfo@0.0.7.5-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"product": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"product_id": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext@0.0.7.5-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src"
},
"product_reference": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src"
},
"product_reference": "rubygem-cool.io-0:1.5.3-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64"
},
"product_reference": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64"
},
"product_reference": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch"
},
"product_reference": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-excon-0:0.60.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch"
},
"product_reference": "rubygem-excon-0:0.60.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-excon-0:0.60.0-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src"
},
"product_reference": "rubygem-excon-0:0.60.0-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-excon-doc-0:0.60.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch"
},
"product_reference": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-faraday-0:0.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch"
},
"product_reference": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-faraday-0:0.13.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src"
},
"product_reference": "rubygem-faraday-0:0.13.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch"
},
"product_reference": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-ffi-0:1.9.23-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src"
},
"product_reference": "rubygem-ffi-0:1.9.23-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-ffi-0:1.9.23-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64"
},
"product_reference": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64"
},
"product_reference": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch"
},
"product_reference": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.3-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src"
},
"product_reference": "rubygem-minitest-0:5.10.3-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch"
},
"product_reference": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src"
},
"product_reference": "rubygem-msgpack-0:1.2.2-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64"
},
"product_reference": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64"
},
"product_reference": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch"
},
"product_reference": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch"
},
"product_reference": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src"
},
"product_reference": "rubygem-multi_json-0:1.13.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch"
},
"product_reference": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch"
},
"product_reference": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src"
},
"product_reference": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch"
},
"product_reference": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src"
},
"product_reference": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src"
},
"product_reference": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64"
},
"product_reference": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64"
},
"product_reference": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch"
},
"product_reference": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T04:00:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1235
Vulnerability from csaf_redhat - Published: 2018-04-30 05:01 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.5 security, bug fix, and enhancement update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.5.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1234
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
This update also fixes the following bugs:
* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559991)
* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549902)
* Fluentd fails to properly process messages when it is unable to determine the namespace and pod UUIDs. The logging pipeline produces many messages and sometimes blocks log flow to Elasticsearch. This bug fix checks for the missing fields and sets the record as orphaned, if needed. As a result, logs now continue to flow and orphaned records end up in an orphaned namespace. (BZ#1520629)
* The "Add Donut char to Dashboard" button is always visible, even when the application does not include a dashboard, and click on the button does not do anything. This bug fix removes the button, as a result the the feature is not available, as it should be. (BZ#1551503)
This update also adds the following enhancement:
* An `.operations` index-mapping in a non-ops Elasticsearch cluster is no longer displayed because operations indices will never exist in a non-ops Elasticsearch cluster. (BZ#1519709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.5.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1234\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nThis update also fixes the following bugs:\n\n* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559991)\n\n* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549902)\n\n* Fluentd fails to properly process messages when it is unable to determine the namespace and pod UUIDs. The logging pipeline produces many messages and sometimes blocks log flow to Elasticsearch. This bug fix checks for the missing fields and sets the record as orphaned, if needed. As a result, logs now continue to flow and orphaned records end up in an orphaned namespace. (BZ#1520629)\n\n* The \"Add Donut char to Dashboard\" button is always visible, even when the application does not include a dashboard, and click on the button does not do anything. This bug fix removes the button, as a result the the feature is not available, as it should be. (BZ#1551503)\n\nThis update also adds the following enhancement:\n\n* An `.operations` index-mapping in a non-ops Elasticsearch cluster is no longer displayed because operations indices will never exist in a non-ops Elasticsearch cluster. (BZ#1519709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1235",
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1519709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519709"
},
{
"category": "external",
"summary": "1520629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520629"
},
{
"category": "external",
"summary": "1549902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549902"
},
{
"category": "external",
"summary": "1551503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551503"
},
{
"category": "external",
"summary": "1554871",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554871"
},
{
"category": "external",
"summary": "1559669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559669"
},
{
"category": "external",
"summary": "1559991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559991"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1235.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.5 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:41:17+00:00",
"generator": {
"date": "2024-11-14T23:41:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1235",
"initial_release_date": "2018-04-30T05:01:25+00:00",
"revision_history": [
{
"date": "2018-04-30T05:01:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T05:01:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.5",
"product": {
"name": "Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_id": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.5.165-1.git.0.475fa67.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"product": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"product_id": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.67-1.git.0.0a8cf24.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"product": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"product_id": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.5.165-1.git.0.475fa67.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src"
},
"product_reference": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src"
},
"product_reference": "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
"product_id": "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T05:01:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.src",
"7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.67-1.git.0.0a8cf24.el7.noarch",
"7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64",
"7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.165-1.git.0.475fa67.el7.src",
"7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.165-1.git.0.475fa67.el7.noarch",
"7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.67-1.git.0.0a8cf24.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1241
Vulnerability from csaf_redhat - Published: 2018-04-29 20:25 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.2 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.2.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1240
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.2.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1240\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1241",
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1570144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570144"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1241.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.2 security update",
"tracking": {
"current_release_date": "2025-11-21T18:04:30+00:00",
"generator": {
"date": "2025-11-21T18:04:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1241",
"initial_release_date": "2018-04-29T20:25:02+00:00",
"revision_history": [
{
"date": "2018-04-29T20:25:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:25:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.2",
"product": {
"name": "Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-recycle@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.2.1.34-2.git.3.aad33c3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.2.1.34-2.git.3.aad33c3.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"product": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"product_id": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.3.aad33c3.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src"
},
"product_reference": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:25:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1239
Vulnerability from csaf_redhat - Published: 2018-04-29 20:24 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.3 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.3.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1238
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.3.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1238\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1239",
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1568130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568130"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1239.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.3 security update",
"tracking": {
"current_release_date": "2025-11-21T18:04:30+00:00",
"generator": {
"date": "2025-11-21T18:04:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1239",
"initial_release_date": "2018-04-29T20:24:54+00:00",
"revision_history": [
{
"date": "2018-04-29T20:24:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:24:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.3",
"product": {
"name": "Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_id": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"product": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"product_id": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.39-2.git.3.cc57f5b.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src"
},
"product_reference": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
"product_id": "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:24:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.src",
"7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.39-2.git.3.cc57f5b.el7.noarch",
"7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64",
"7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.39-2.git.3.cc57f5b.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1231
Vulnerability from csaf_redhat - Published: 2018-04-29 20:12 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.7 security and bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1230
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
This update also fixes the following bugs:
* Fluentd inserts documents (logs) into Elasticsearch using the bulk insert API, but relies upon Elasticsearch to generate UUIDs for each document. It does not remove successfully indexed documents from the bulk payload when the bulk operation fails. This caused the initial payload to be resubmitted and documents that were successfully indexed to be submitted again, which results in duplicate documents with different UUIDs. This bug fix ensures that document IDs are generated before submitting bulk insert requests. As a result, Elasticsearch will disregard the insertion of documents that already exist in the data store and insert documents that do not. (BZ#1556896)
* A user can set a host name to `localhost`, which confuses the router check to see if the reload completed. This caused the reload to never return success, causing the router to fail. This bug fix changes the health check so that it does not pass the host name `localhost`. As a result, routers can now reload successfully. (BZ#1548102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1230\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nThis update also fixes the following bugs:\n\n* Fluentd inserts documents (logs) into Elasticsearch using the bulk insert API, but relies upon Elasticsearch to generate UUIDs for each document. It does not remove successfully indexed documents from the bulk payload when the bulk operation fails. This caused the initial payload to be resubmitted and documents that were successfully indexed to be submitted again, which results in duplicate documents with different UUIDs. This bug fix ensures that document IDs are generated before submitting bulk insert requests. As a result, Elasticsearch will disregard the insertion of documents that already exist in the data store and insert documents that do not. (BZ#1556896)\n\n* A user can set a host name to `localhost`, which confuses the router check to see if the reload completed. This caused the reload to never return success, causing the router to fail. This bug fix changes the health check so that it does not pass the host name `localhost`. As a result, routers can now reload successfully. (BZ#1548102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1231",
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1505684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505684"
},
{
"category": "external",
"summary": "1548102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548102"
},
{
"category": "external",
"summary": "1553707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553707"
},
{
"category": "external",
"summary": "1554865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554865"
},
{
"category": "external",
"summary": "1556782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556782"
},
{
"category": "external",
"summary": "1556896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556896"
},
{
"category": "external",
"summary": "1557492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557492"
},
{
"category": "external",
"summary": "1559225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559225"
},
{
"category": "external",
"summary": "1559671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559671"
},
{
"category": "external",
"summary": "1560430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560430"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1562966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562966"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1231.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.7 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T23:41:06+00:00",
"generator": {
"date": "2024-11-14T23:41:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1231",
"initial_release_date": "2018-04-29T20:12:32+00:00",
"revision_history": [
{
"date": "2018-04-29T20:12:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:12:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.7",
"product": {
"name": "Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.14.0-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"product": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"product_id": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.7.44-1.git.0.6b061d4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.0.6-1.el7.src",
"product": {
"name": "apb-0:1.0.6-1.el7.src",
"product_id": "apb-0:1.0.6-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.0.6-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.14.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch-doc@1.14.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.7.44-1.git.0.6b061d4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.7.44-1.git.0.6b061d4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"product": {
"name": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"product_id": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb-container-scripts@1.0.6-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apb-0:1.0.6-1.el7.noarch",
"product": {
"name": "apb-0:1.0.6-1.el7.noarch",
"product_id": "apb-0:1.0.6-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apb@1.0.6-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.7.44-1.git.0.6b061d4.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.0.6-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch"
},
"product_reference": "apb-0:1.0.6-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-0:1.0.6-1.el7.src as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src"
},
"product_reference": "apb-0:1.0.6-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apb-container-scripts-0:1.0.6-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch"
},
"product_reference": "apb-container-scripts-0:1.0.6-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src"
},
"product_reference": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.7",
"product_id": "7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:12:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:apb-0:1.0.6-1.el7.src",
"7Server-RH7-RHOSE-3.7:apb-container-scripts-0:1.0.6-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.src",
"7Server-RH7-RHOSE-3.7:atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-clients-redistributable-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-cluster-capacity-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-docker-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-dockerregistry-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-excluder-0:3.7.44-1.git.0.6b061d4.el7.noarch",
"7Server-RH7-RHOSE-3.7:atomic-openshift-federation-services-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-master-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-pod-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-sdn-ovs-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-service-catalog-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-template-service-broker-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:atomic-openshift-tests-0:3.7.44-1.git.0.6b061d4.el7.x86_64",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7.src",
"7Server-RH7-RHOSE-3.7:rubygem-fluent-plugin-elasticsearch-doc-0:1.14.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.7:tuned-profiles-atomic-openshift-node-0:3.7.44-1.git.0.6b061d4.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1233
Vulnerability from csaf_redhat - Published: 2018-04-30 04:00 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.6 security and bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.6.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1232
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
This update also fixes the following bugs:
* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559982)
* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1232\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nThis update also fixes the following bugs:\n\n* Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to upload an invalid image object. (BZ#1559982)\n\n* A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1233",
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1490989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490989"
},
{
"category": "external",
"summary": "1549916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549916"
},
{
"category": "external",
"summary": "1554866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554866"
},
{
"category": "external",
"summary": "1556796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556796"
},
{
"category": "external",
"summary": "1559670",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559670"
},
{
"category": "external",
"summary": "1559982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559982"
},
{
"category": "external",
"summary": "1561236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561236"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1563317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563317"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1233.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.6 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T23:41:11+00:00",
"generator": {
"date": "2024-11-14T23:41:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1233",
"initial_release_date": "2018-04-30T04:00:45+00:00",
"revision_history": [
{
"date": "2018-04-30T04:00:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T04:00:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.6",
"product": {
"name": "Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-multi_json-0:1.13.1-1.el7.src",
"product": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.src",
"product_id": "rubygem-multi_json-0:1.13.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-multi_json@1.13.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"product": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"product_id": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-data@1.2018.3-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-faraday-0:0.13.1-1.el7.src",
"product": {
"name": "rubygem-faraday-0:0.13.1-1.el7.src",
"product_id": "rubygem-faraday-0:0.13.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-faraday@0.13.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.3-1.el7.src",
"product": {
"name": "rubygem-minitest-0:5.10.3-1.el7.src",
"product_id": "rubygem-minitest-0:5.10.3-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.3-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"product_id": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.5-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"product": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"product_id": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"product_id": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-systemd@0.0.9-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"product": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"product_id": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-0:1.2.2-1.el7.src",
"product": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.src",
"product_id": "rubygem-msgpack-0:1.2.2-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack@1.2.2-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"product": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"product_id": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-systemd-journal@1.3.1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-ffi-0:1.9.23-1.el7.src",
"product": {
"name": "rubygem-ffi-0:1.9.23-1.el7.src",
"product_id": "rubygem-ffi-0:1.9.23-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-ffi@1.9.23-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-0:1.5.3-1.el7.src",
"product": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.src",
"product_id": "rubygem-cool.io-0:1.5.3-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io@1.5.3-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-excon-0:0.60.0-1.el7.src",
"product": {
"name": "rubygem-excon-0:0.60.0-1.el7.src",
"product_id": "rubygem-excon-0:0.60.0-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-excon@0.60.0-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"product": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"product_id": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext@0.0.7.5-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"product": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"product_id": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-multi_json@1.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"product": {
"name": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"product_id": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-multi_json-doc@1.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"product_id": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-data@1.2018.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"product_id": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-data-doc@1.2018.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"product": {
"name": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"product_id": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-faraday-doc@0.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"product": {
"name": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"product_id": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-faraday@0.13.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"product": {
"name": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"product_id": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"product": {
"name": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"product_id": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest-doc@5.10.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"product_id": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.5-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"product_id": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.5-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-systemd-doc@0.0.9-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-systemd@0.0.9-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter-doc@1.0.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"product": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"product_id": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"product": {
"name": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"product_id": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack-doc@1.2.2-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"product": {
"name": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"product_id": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-systemd-journal-doc@1.3.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"product": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"product_id": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-systemd-journal@1.3.1-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"product": {
"name": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"product_id": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io-doc@1.5.3-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"product": {
"name": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"product_id": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-excon-doc@0.60.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-excon-0:0.60.0-1.el7.noarch",
"product": {
"name": "rubygem-excon-0:0.60.0-1.el7.noarch",
"product_id": "rubygem-excon-0:0.60.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-excon@0.60.0-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"product": {
"name": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"product_id": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext-doc@0.0.7.5-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.6.173.0.113-1.git.0.65fb9fb.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"product": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"product_id": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack@1.2.2-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"product": {
"name": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"product_id": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-msgpack-debuginfo@1.2.2-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"product": {
"name": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"product_id": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-ffi-debuginfo@1.9.23-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"product": {
"name": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"product_id": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-ffi@1.9.23-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"product": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"product_id": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io@1.5.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"product": {
"name": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"product_id": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-cool.io-debuginfo@1.5.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"product": {
"name": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"product_id": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext-debuginfo@0.0.7.5-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"product": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"product_id": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-unf_ext@0.0.7.5-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src"
},
"product_reference": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src"
},
"product_reference": "rubygem-cool.io-0:1.5.3-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-0:1.5.3-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64"
},
"product_reference": "rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64"
},
"product_reference": "rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch"
},
"product_reference": "rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-excon-0:0.60.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch"
},
"product_reference": "rubygem-excon-0:0.60.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-excon-0:0.60.0-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src"
},
"product_reference": "rubygem-excon-0:0.60.0-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-excon-doc-0:0.60.0-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch"
},
"product_reference": "rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-faraday-0:0.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch"
},
"product_reference": "rubygem-faraday-0:0.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-faraday-0:0.13.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src"
},
"product_reference": "rubygem-faraday-0:0.13.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch"
},
"product_reference": "rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-ffi-0:1.9.23-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src"
},
"product_reference": "rubygem-ffi-0:1.9.23-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-ffi-0:1.9.23-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64"
},
"product_reference": "rubygem-ffi-0:1.9.23-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64"
},
"product_reference": "rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src"
},
"product_reference": "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch"
},
"product_reference": "rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch"
},
"product_reference": "rubygem-minitest-0:5.10.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.3-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src"
},
"product_reference": "rubygem-minitest-0:5.10.3-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch"
},
"product_reference": "rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src"
},
"product_reference": "rubygem-msgpack-0:1.2.2-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-0:1.2.2-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64"
},
"product_reference": "rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64"
},
"product_reference": "rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch"
},
"product_reference": "rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch"
},
"product_reference": "rubygem-multi_json-0:1.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-multi_json-0:1.13.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src"
},
"product_reference": "rubygem-multi_json-0:1.13.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch"
},
"product_reference": "rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch"
},
"product_reference": "rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-systemd-journal-0:1.3.1-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src"
},
"product_reference": "rubygem-systemd-journal-0:1.3.1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch"
},
"product_reference": "rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.5-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.5-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src"
},
"product_reference": "rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch"
},
"product_reference": "rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src"
},
"product_reference": "rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64"
},
"product_reference": "rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64"
},
"product_reference": "rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch"
},
"product_reference": "rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
"product_id": "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T04:00:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.src",
"7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.113-1.git.0.65fb9fb.el7.noarch",
"7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-debuginfo-0:1.5.3-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-cool.io-doc-0:1.5.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-excon-0:0.60.0-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-excon-doc-0:0.60.0-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-0:0.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-faraday-doc-0:0.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-ffi-debuginfo-0:1.9.23-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-fluent-plugin-systemd-doc-0:0.0.9-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-0:5.10.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-minitest-doc-0:5.10.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-debuginfo-0:1.2.2-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-msgpack-doc-0:1.2.2-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-0:1.13.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-multi_json-doc-0:1.13.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-0:1.3.1-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-systemd-journal-doc-0:1.3.1-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-0:1.2.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-0:1.2018.3-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-data-doc-0:1.2018.3-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-tzinfo-doc-0:1.2.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.src",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-debuginfo-0:0.0.7.5-1.el7.x86_64",
"7Server-RH7-RHOSE-3.6:rubygem-unf_ext-doc-0:0.0.7.5-1.el7.noarch",
"7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018_1241
Vulnerability from csaf_redhat - Published: 2018-04-29 20:25 - Updated: 2024-11-14 23:41Summary
Red Hat Security Advisory: OpenShift Container Platform 3.2 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.2.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1240
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.2.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1240\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1241",
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1570144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570144"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1241.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.2 security update",
"tracking": {
"current_release_date": "2024-11-14T23:41:41+00:00",
"generator": {
"date": "2024-11-14T23:41:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1241",
"initial_release_date": "2018-04-29T20:25:02+00:00",
"revision_history": [
{
"date": "2018-04-29T20:25:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:25:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:41:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.2",
"product": {
"name": "Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-recycle@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.2.1.34-2.git.3.aad33c3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.2.1.34-2.git.3.aad33c3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.2.1.34-2.git.3.aad33c3.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"product": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"product_id": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.3.aad33c3.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src"
},
"product_reference": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
"product_id": "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:25:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.src",
"7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.3.aad33c3.el7.noarch",
"7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64",
"7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.3.aad33c3.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
RHSA-2018:1243
Vulnerability from csaf_redhat - Published: 2018-04-29 20:26 - Updated: 2025-11-21 18:04Summary
Red Hat Security Advisory: OpenShift Container Platform 3.1 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.1.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1242
Security Fix(es):
* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 3.1.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for this release. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:1242\n\nSecurity Fix(es):\n\n* source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1243",
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "1570157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570157"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1243.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.1 security update",
"tracking": {
"current_release_date": "2025-11-21T18:04:30+00:00",
"generator": {
"date": "2025-11-21T18:04:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1243",
"initial_release_date": "2018-04-29T20:26:10+00:00",
"revision_history": [
{
"date": "2018-04-29T20:26:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-29T20:26:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:04:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise 3.1",
"product": {
"name": "Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-recycle@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.1.1.11-4.git.3.12809c8.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.1.1.11-4.git.3.12809c8.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.1.1.11-4.git.3.12809c8.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"product": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"product_id": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.1.1.11-4.git.3.12809c8.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src"
},
"product_reference": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
"product_id": "7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
},
"product_reference": "tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-1102",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1562246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim\u0027s machine, but it requires user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"category": "external",
"summary": "RHBZ#1562246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/3422241",
"url": "https://access.redhat.com/security/vulnerabilities/3422241"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-29T20:26:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"category": "workaround",
"details": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds",
"product_ids": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.src",
"7Server-RH7-RHOSE-3.1:atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-clients-redistributable-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-docker-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-dockerregistry-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-excluder-0:3.1.1.11-4.git.3.12809c8.el7.noarch",
"7Server-RH7-RHOSE-3.1:atomic-openshift-master-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-pod-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-recycle-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:atomic-openshift-sdn-ovs-0:3.1.1.11-4.git.3.12809c8.el7.x86_64",
"7Server-RH7-RHOSE-3.1:tuned-profiles-atomic-openshift-node-0:3.1.1.11-4.git.3.12809c8.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go"
}
]
}
FKIE_CVE-2018-1102
Vulnerability from fkie_nvd - Published: 2018-04-30 19:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "45690263-84D9-45A1-8C30-3ED2F0F11F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "84C890EC-229B-458B-AEF7-EA03C6248A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E1056A33-690E-4120-821F-52B9705CB84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4B196A82-385B-492A-8927-723CB8690CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "2D9724B7-D99B-4376-B1B5-5CE5F336D767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "2C73555F-B229-4946-B27B-E0FADA31625F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A8F8362B-DA49-439F-ADA1-B5BA443F91F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation."
},
{
"lang": "es",
"value": "Se ha encontrado un error en la funci\u00f3n source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validaci\u00f3n incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios."
}
],
"id": "CVE-2018-1102",
"lastModified": "2024-11-21T03:59:11.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-30T19:29:00.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GSD-2018-1102
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1102",
"description": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"id": "GSD-2018-1102",
"references": [
"https://access.redhat.com/errata/RHSA-2019:0036",
"https://access.redhat.com/errata/RHSA-2018:1243",
"https://access.redhat.com/errata/RHSA-2018:1241",
"https://access.redhat.com/errata/RHSA-2018:1239",
"https://access.redhat.com/errata/RHSA-2018:1237",
"https://access.redhat.com/errata/RHSA-2018:1235",
"https://access.redhat.com/errata/RHSA-2018:1233",
"https://access.redhat.com/errata/RHSA-2018:1231",
"https://access.redhat.com/errata/RHSA-2018:1229",
"https://access.redhat.com/errata/RHSA-2018:1227"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1102"
],
"details": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
"id": "GSD-2018-1102",
"modified": "2023-12-13T01:22:37.041695Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "atomic-openshift",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "as shipped with Openshift Enterprise 3.x"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/errata/RHSA-2018:1227",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1229",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1231",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1233",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1235",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1237",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1239",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1241",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:1243",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"name": "https://access.redhat.com/errata/RHSA-2019:0036",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1102"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
},
{
"name": "RHSA-2018:1243",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"name": "RHSA-2018:1241",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"name": "RHSA-2018:1239",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"name": "RHSA-2018:1237",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"name": "RHSA-2018:1235",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"name": "RHSA-2018:1233",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"name": "RHSA-2018:1231",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"name": "RHSA-2018:1229",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"name": "RHSA-2018:1227",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"name": "RHSA-2019:0036",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-12T23:32Z",
"publishedDate": "2018-04-30T19:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…