Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4304:01 Moderate: Red Hat Advanced Cluster Management for

    Date 22 Oct 2020
    229
    Posted By LinuxSecurity Advisories
    Red Hat Advanced Cluster Management for Kubernetes 2.0.4 General Availability release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat Advanced Cluster Management for Kubernetes version 2.0.4 images
    Advisory ID:       RHSA-2020:4304-01
    Product:           Red Hat ACM
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4304
    Issue date:        2020-10-22
    CVE Names:         CVE-2020-25655 
    =====================================================================
    
    1. Summary:
    
    Red Hat Advanced Cluster Management for Kubernetes 2.0.4 General
    Availability release.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    RHACM 2.0.4 images
    
    Red Hat Advanced Cluster Management provides the
    capabilities to address common challenges that administrators and site
    reliability engineers face as they work across a range of public and
    private cloud environments. Clusters and applications are all visible and
    managed from a single console—with security policy built in.
    
    See the following Release Notes documentation for details about this
    release:
    
    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana
    gement_for_kubernetes/2.0/html/release_notes/
    
    Security Fix(es):
    
    * open-cluster-management: RBAC bypass may disclose cluster secrets to
    other users (CVE-2020-25655)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1882496 - RHACM 2.0.4 images
    1882748 - search-operator Pod OOMKilled After Upgrading OpenShift
    1884295 - Trying to install ACM and multi cluster hub is not deploying
    1888475 - CVE-2020-25655 open-cluster-management: RBAC bypass may disclose cluster secrets to other users
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-25655
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX5FtStzjgjWX9erEAQjFvg/+O1dFvelqrDn1tIdTkpSViYAAz8HKvGAg
    ctNo/rDgpaD35ogbaCd7cDFVJELB7vl1NcyY+J5/q0gu24zh0ifuqXsffd9im6Gg
    JGssZ/6y/q4vY2b2x9qEI921AHrymBs4mZrBdRBKtLzYNpBz+rVHDwkxlCI/k7sy
    o3bt1c1GP63y7TCR3Fa+7EIIPfnM+NPBAOYQnDM5SY7P3IRxQLssVFYzl8v+EDDO
    Pd10iyqeKpnut+zn00OndpiNEMCC7CKx1QJxT628lFpRXSsrg27QyiU0o12Li84I
    d5M9eZYFp5wzbneFM90BPiguHhnxJVjT5y/DKTdwvcvin3RBMfyYoNXxzWDeoEo0
    71vAl2pS8AwzdbTiGKPN9MJKb9j0a92YoJOKk35OZIoXmth5aJxKLHJV+joIEAJQ
    zZLv3EI+lxuBJYrYi1KrI7dSY3mh9PBfWqzL0YngMIbHWgXA1gVBtoKxgDXmPsI+
    ULq0kDDkMmoQgQ/BlG1rMes0ew07FoaKgVYUZnwgASLSkObV4z68vnyslnYufBWE
    4xEyJ99GwLAZCSbl9ACsNG8bVn3G4uqpDPFrrH+LgcWyYndoqFZRxmfw4RKuyFmg
    4mCSb/1+4SBvIsMqcCWSF+gg1o8sdy9U+V7tKTf6nbyYH2cZKlMJFOoUKU+pDT4E
    2//uBOgjWxM=
    =yu3W
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.