Bug 1625885 (CVE-2018-14632)
| Summary: | CVE-2018-14632 atomic-openshift: oc patch with json causes masterapi service crash | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jason Shepherd <jshepherd> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abhgupta, ahardin, bleanhar, bmontgom, ccoleman, dbaker, dedgar, dominik.mierzejewski, eparis, jburrell, jgoulding, jokerman, jshepherd, mchappel, msomasun, nstielau, sponnaga, sthangav, trankin |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | atomic-openshift 3.11 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-11-28 06:11:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1626305, 1625939, 1625940, 1625941, 1625942, 1625943, 1625944, 1625945, 1626309, 1626310, 1626311, 1626312, 1626779 | ||
| Bug Blocks: | 1614951 | ||
|
Description
Jason Shepherd
2018-09-06 07:48:43 UTC
. Upstream commit which fixes this issue in json-patch: https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e Upstream commit which fixes this issue in json-patch, which is used by OpenShift Container Platform. https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e Acknowledgments: Name: Lars Haugan Statement: A multi-master Openshift Container Platform cluster is more resilient, however a sustained attack would still have an important impact. (In reply to Jason Shepherd from comment #1) > This issue is fixed in OpenShift Container Platform 3.7 and later. Judging by later comments and the fact that the referenced commit is tagged only for 4.0.0, I don't think the above statement is true. RH Security page for this CVE lists all 3.x versions as Affected. Jason? Hi Dominik, I've removed comment #1 now. You are correct that the issue is not fixed in OCP 3.7 and later. At the time when I wrote that it was believed that it was true, however a subsequent issue was discovered that had the same impact on all released OCP versions. Regards, Jason This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.6 Via RHSA-2018:2654 https://access.redhat.com/errata/RHSA-2018:2654 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.10 Via RHSA-2018:2709 https://access.redhat.com/errata/RHSA-2018:2709 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.9 Via RHSA-2018:2908 https://access.redhat.com/errata/RHSA-2018:2908 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.7 Via RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2906 Is this fixed in 3.11? https://access.redhat.com/security/cve/cve-2018-14632 is still listing 3.11 as affected with no fix available. This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHBA-2018:2652 https://access.redhat.com/errata/RHBA-2018:2652 |