pro-ap-southeast-2 - CVE-2019-5736 Runc and Docker vulnerability remediation
Scheduled Maintenance Report for OpenShift Online Pro
Completed
Runc escape remediation for pro-ap-southeast-2 has been successfully completed.

CVE details: https://access.redhat.com/security/cve/cve-2019-5736
Public announcement: https://seclists.org/oss-sec/2019/q1/119


Thank you for using OpenShift.

Support links:
https://access.redhat.com/support
https://access.redhat.com/support/contact/technicalSupport/
Posted 5 months ago. Apr 17, 2019 - 16:29 UTC
In progress
Scheduled maintenance is currently starting. We will provide updates as necessary. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted 5 months ago. Apr 17, 2019 - 16:00 UTC
Scheduled
Clusters will be undergoing maintenance to remediate the runc escape vulnerability: https://access.redhat.com/security/vulnerabilities/runcescape.

As part of maintenance, pods will be migrated from unpatched nodes to patched nodes.

What should you do?
You can minimize the impact on your applications by scaling your services to more than one pod. In general, for applications to be able to continue to service clients, they should be scaled. Some pod workloads are not appropriate for scaling, such as a single-instance, non-replicated database using a persistent volume claim. In this situation, a deployment strategy of 'recreate' will ensure the pod is restarted after migration, although a brief outage will be experienced.

For more information, refer to the following guide:
https://blog.openshift.com/deploying-highly-available-applications-openshift-kubernetes/

If you have any questions, please feel free to contact us:
https://access.redhat.com/support/policy/support_process
https://access.redhat.com/support/contact/technicalSupport/

Thank you for choosing Red Hat OpenShift Dedicated,
OpenShift SRE
Posted 5 months ago. Apr 16, 2019 - 18:37 UTC
This scheduled maintenance affected: pro-ap-southeast-2 (Master API Service, Application Creation Service, Docker Registry Service, etcd Service).