What OpenShift Online & Dedicated Customers Should Know: Recent Source-to-Image Exposure
April 27, 2018 | by
Red Hat recently announced information about CVE-2018-1102, a bug in the S2I (Source to Image) functionality of OpenShift Online and OpenShift Container Platform (OCP).
This bug affects OpenShift Container Platform (OCP) versions 3.0 through 3.9, and the OpenShift Online service including our Starter, Pro, and Dedicated tiers. In response to this, the OpenShift Online Security SRE team took steps to minimize exposure across all the clusters managed by Red Hat.
For the OpenShift Container Platform on-premises product, fixes have been released, and a workaround in the form of turning off the source to image feature is also available, please see the vulnerability article linked below for more information on these.
For OpenShift Online the software update has been applied and testing was conducted to confirm that the update has taken effect. Additionally, for all Red Hat managed clusters, automation tools were used to “untag” any pre-existing S2I images that were cached on the nodes This process ensures that the new, fixed, the image is retrieved prior to the next use of the S2I builder.
For OpenShift Online and Dedicated customers:
As an OpenShift Online or Dedicated user, your environments are protected.
OpenShift Online and Dedicated have multiple layers of security that help restrict the exposure caused by CVE-2018-1102.
In case you have not heard (we do not blame you if you have not), the OpenShift Developer tools team is holding a competition to see who can produce the most unique and creative customizations to the ...
Without supporting information and guidance, updates can be daunting! In our research sessions, we heard from you: Channels can be confusing, and your overall update experience could benefit from a ...