RedHat: RHSA-2022-0856:01 Moderate: Red Hat Advanced Cluster Manage...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
Advisory ID:       RHSA-2022:0856-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:0856
Issue date:        2022-03-14
CVE Names:         CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 
                   CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 
                   CVE-2019-19603 CVE-2019-20838 CVE-2020-0465 
                   CVE-2020-0466 CVE-2020-12762 CVE-2020-13435 
                   CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 
                   CVE-2020-25709 CVE-2020-25710 CVE-2021-0920 
                   CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 
                   CVE-2021-3521 CVE-2021-3564 CVE-2021-3572 
                   CVE-2021-3573 CVE-2021-3580 CVE-2021-3712 
                   CVE-2021-3752 CVE-2021-3800 CVE-2021-3872 
                   CVE-2021-3984 CVE-2021-4019 CVE-2021-4122 
                   CVE-2021-4155 CVE-2021-4192 CVE-2021-4193 
                   CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 
                   CVE-2021-22898 CVE-2021-22925 CVE-2021-23434 
                   CVE-2021-25214 CVE-2021-27645 CVE-2021-28153 
                   CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 
                   CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 
                   CVE-2021-36087 CVE-2021-39241 CVE-2021-40346 
                   CVE-2021-42574 CVE-2022-0155 CVE-2022-0185 
                   CVE-2022-0330 CVE-2022-22942 CVE-2022-24407 
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 General
Availability release images, which provide one or more container updates
and bug fixes.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments.

Clusters and applications are all visible and managed from a single console
— with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which provide security fixes, bug fixes and
container upgrades. See the following Release Notes documentation, which
will be updated shortly for this release, for additional details about this
release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Security updates:

* object-path: Type confusion vulnerability can lead to a bypass of
CVE-2020-15256 (CVE-2021-23434)

* follow-redirects: Exposure of Private Personal Information to an
Unauthorized Actor (CVE-2022-0155)

Related bugs: 

* RHACM 2.2.11 images (Bugzilla #2029508)

* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
#2030859)

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important instructions on how to upgrade your cluster and fully apply this
asynchronous errata update:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

4. Bugs fixed (https://bugzilla.redhat.com/):

1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256
2029508 - RHACM 2.2.11 images
2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor

5. References:

https://access.redhat.com/security/cve/CVE-2019-5827
https://access.redhat.com/security/cve/CVE-2019-13750
https://access.redhat.com/security/cve/CVE-2019-13751
https://access.redhat.com/security/cve/CVE-2019-17594
https://access.redhat.com/security/cve/CVE-2019-17595
https://access.redhat.com/security/cve/CVE-2019-18218
https://access.redhat.com/security/cve/CVE-2019-19603
https://access.redhat.com/security/cve/CVE-2019-20838
https://access.redhat.com/security/cve/CVE-2020-0465
https://access.redhat.com/security/cve/CVE-2020-0466
https://access.redhat.com/security/cve/CVE-2020-12762
https://access.redhat.com/security/cve/CVE-2020-13435
https://access.redhat.com/security/cve/CVE-2020-14155
https://access.redhat.com/security/cve/CVE-2020-16135
https://access.redhat.com/security/cve/CVE-2020-24370
https://access.redhat.com/security/cve/CVE-2020-25709
https://access.redhat.com/security/cve/CVE-2020-25710
https://access.redhat.com/security/cve/CVE-2021-0920
https://access.redhat.com/security/cve/CVE-2021-3200
https://access.redhat.com/security/cve/CVE-2021-3426
https://access.redhat.com/security/cve/CVE-2021-3445
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3564
https://access.redhat.com/security/cve/CVE-2021-3572
https://access.redhat.com/security/cve/CVE-2021-3573
https://access.redhat.com/security/cve/CVE-2021-3580
https://access.redhat.com/security/cve/CVE-2021-3712
https://access.redhat.com/security/cve/CVE-2021-3752
https://access.redhat.com/security/cve/CVE-2021-3800
https://access.redhat.com/security/cve/CVE-2021-3872
https://access.redhat.com/security/cve/CVE-2021-3984
https://access.redhat.com/security/cve/CVE-2021-4019
https://access.redhat.com/security/cve/CVE-2021-4122
https://access.redhat.com/security/cve/CVE-2021-4155
https://access.redhat.com/security/cve/CVE-2021-4192
https://access.redhat.com/security/cve/CVE-2021-4193
https://access.redhat.com/security/cve/CVE-2021-20231
https://access.redhat.com/security/cve/CVE-2021-20232
https://access.redhat.com/security/cve/CVE-2021-22876
https://access.redhat.com/security/cve/CVE-2021-22898
https://access.redhat.com/security/cve/CVE-2021-22925
https://access.redhat.com/security/cve/CVE-2021-23434
https://access.redhat.com/security/cve/CVE-2021-25214
https://access.redhat.com/security/cve/CVE-2021-27645
https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/cve/CVE-2021-33560
https://access.redhat.com/security/cve/CVE-2021-33574
https://access.redhat.com/security/cve/CVE-2021-35942
https://access.redhat.com/security/cve/CVE-2021-36084
https://access.redhat.com/security/cve/CVE-2021-36085
https://access.redhat.com/security/cve/CVE-2021-36086
https://access.redhat.com/security/cve/CVE-2021-36087
https://access.redhat.com/security/cve/CVE-2021-39241
https://access.redhat.com/security/cve/CVE-2021-40346
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/cve/CVE-2022-0155
https://access.redhat.com/security/cve/CVE-2022-0185
https://access.redhat.com/security/cve/CVE-2022-0330
https://access.redhat.com/security/cve/CVE-2022-22942
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYi+vA9zjgjWX9erEAQgTqA/+J2DQsJewk+7lcFiIFg2V/pbB8hc0RsP5
KbxZaTfWXw0Awen3M5xN9iwKH8v3zdgwKMiEdPi4STFxQEoyOATJ6f8n1tIrZtEv
yvR4I/fCTeQZYZJDPuCaUl0xkL7yFMqKumSsVeTI/zUWDQB5Ifv30KMX68FV2UUW
1T/A0gMzdsCOGNh89jw1tvehqsxfUsBZbv2oqTJkSGsCeBQohuP58MHUeYXzGy5M
HAJhRfgJYTcQneRiUt3PIlH737YjkXW5vO4sYqmyS30SvEtT7HK12qnw9DuBk7bs
tPDvuNy2DFF7S3HARQAgsPDWJQvMBdu96Vm9XHsVHYs/jSrj2B05wAwvYKp5J2q8
WhghlFQnU2QJvaDslUhnC6gz6CqHhU971qSSRWdyrdOLe+56pTg1g1YgJ2V46sIv
b6+9UIFMg0IgHuX9Ys/MVMqXaNOv3tvglmzIGbGsFKE8afZ8FPykaWx1His8fg1b
LxDe8x1eBHDGL28Q4fPmTRcZ6kusODotZPnc8Bv1Y8z+EdDBATI7OZhx9ePpb1fL
GsXBkFvFEaVwTHKWwA3RwTV3uj2rUP7ZCHJuJSaVuZPxhlhY/Q1bXZhSh5aY1oSk
+YUU9HGz9zRJMVHFiuFYp0zrrOFOGw7PGXUr4/+/pPFJkWOVApYvlsgx7DvkyYmB
Xdiu19jyuh4=
=lH1Z
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-0856:01 Moderate: Red Hat Advanced Cluster Management

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 General Availability release images, which provide one or more container updates and bug fixes

Summary

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console — with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
* object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
* follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Related bugs:
* RHACM 2.2.11 images (Bugzilla #2029508)
* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859)

Solution

For Red Hat Advanced Cluster Management for Kubernetes, see the followingdocumentation, which will be updated shortly for this release, forimportant instructions on how to upgrade your cluster and fully apply thisasynchronous errata update:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/indexFor details on how to apply this update, refer to:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

References

https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-0465 https://access.redhat.com/security/cve/CVE-2020-0466 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-25709 https://access.redhat.com/security/cve/CVE-2020-25710 https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3564 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3573 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4155 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23434 https://access.redhat.com/security/cve/CVE-2021-25214 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39241 https://access.redhat.com/security/cve/CVE-2021-40346 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2022-0155 https://access.redhat.com/security/cve/CVE-2022-0185 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate

Package List

Severity
Advisory ID: RHSA-2022:0856-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0856
Issued Date: : 2022-03-14
CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-0465 CVE-2020-0466 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-25709 CVE-2020-25710 CVE-2021-0920 CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 CVE-2021-3521 CVE-2021-3564 CVE-2021-3572 CVE-2021-3573 CVE-2021-3580 CVE-2021-3712 CVE-2021-3752 CVE-2021-3800 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4122 CVE-2021-4155 CVE-2021-4192 CVE-2021-4193 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23434 CVE-2021-25214 CVE-2021-27645 CVE-2021-28153 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39241 CVE-2021-40346 CVE-2021-42574 CVE-2022-0155 CVE-2022-0185 CVE-2022-0330 CVE-2022-22942 CVE-2022-24407

Topic

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 GeneralAvailability release images, which provide one or more container updatesand bug fixes.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256

2029508 - RHACM 2.2.11 images

2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10

2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.