RedHat: RHSA-2022-0856:01 Moderate: Red Hat Advanced Cluster Management
Summary
Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments.
Clusters and applications are all visible and managed from a single console
— with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which provide security fixes, bug fixes and
container upgrades. See the following Release Notes documentation, which
will be updated shortly for this release, for additional details about this
release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
* object-path: Type confusion vulnerability can lead to a bypass of
CVE-2020-15256 (CVE-2021-23434)
* follow-redirects: Exposure of Private Personal Information to an
Unauthorized Actor (CVE-2022-0155)
Related bugs:
* RHACM 2.2.11 images (Bugzilla #2029508)
* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
#2030859)
Summary
Solution
For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important instructions on how to upgrade your cluster and fully apply this
asynchronous errata update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing
References
https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-0465 https://access.redhat.com/security/cve/CVE-2020-0466 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-25709 https://access.redhat.com/security/cve/CVE-2020-25710 https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3564 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3573 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4155 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23434 https://access.redhat.com/security/cve/CVE-2021-25214 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39241 https://access.redhat.com/security/cve/CVE-2021-40346 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2022-0155 https://access.redhat.com/security/cve/CVE-2022-0185 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
Red Hat Advanced Cluster Management for Kubernetes 2.2.11 GeneralAvailability release images, which provide one or more container updatesand bug fixes.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256
2029508 - RHACM 2.2.11 images
2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor