Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

Red Hat: RHSA-2022:6370-01 Moderate: Cluster Management Security Update

red hat
Calendar Grey September 7, 2022
Dist Redhat Esm H88
Red Hat Advanced Cluster Management 2.6.0 introduces important security patches that tackle various vulnerabilities and resolve known bugs.
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs

Solution

For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on installing this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing

Summary

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security fixes:
* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Bug fixes:
* assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)
* assisted-service-build image is too big in size (BZ# 2066059)
* assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)
* PXE artifacts need to be served via HTTP (BZ# 2078531)
* Implementing new service-agent protocol on agent side (BZ# 2081281)
* RHACM 2.6.0 images (BZ# 2090906)
* Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)
* Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)
* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)
* Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)
* The pre-selected search keyword is not readable (BZ# 2107736)
* The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)

References

https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32250 Read the Full Advisory

Package List


Advisory ID: RHSA-2022:6370-01
Product: Red Hat ACM
Issue date: 2022-09-06

Topic

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 GeneralAvailability release images, which fix security issues and bugs.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.

Relevant Releases Architectures

Bugs Fixed

2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned

2066059 - assisted-service-build image is too big in size

2076901 - assisted-service pin-latest.py script should exclude the postgres image

2078531 - iPXE artifacts need to be served via HTTP

2081281 - Implementing new service-agent protocol on agent side

2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors2090906 - RHACM 2.6.0 images

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

2093503 - Assisted service POD keeps crashing after a bare metal host is created

2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled

2096445 - Assisted service POD keeps crashing after a bare metal host is created

2096460 - Spoke BMH stuck "inspecting" when deployed via the converged workflow

2097696 - Fix assisted CI jobs that fail for cluster-info readiness

2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB

2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart

2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow

2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.