Explore top 10 tips to secure your open-source projects now. Read More
×
For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix security issues and several bugs. See
the following Release Notes documentation, which will be updated shortly
for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security fixes:
* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
* CVE-2022-30629 golang: crypto/tls: session tickets lack random
ticket_age_add
* CVE-2022-1705 golang: net/http: improper sanitization of
Transfer-Encoding header
* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -
omit X-Forwarded-For not working
Bug fixes:
* assisted-service repo pin-latest.py script should allow custom tags to be
pinned (BZ# 2065661)
* assisted-service-build image is too big in size (BZ# 2066059)
* assisted-service pin-latest.py script should exclude the postgres image
(BZ# 2076901)
* PXE artifacts need to be served via HTTP (BZ# 2078531)
* Implementing new service-agent protocol on agent side (BZ# 2081281)
* RHACM 2.6.0 images (BZ# 2090906)
* Assisted service POD keeps crashing after a bare metal host is created
(BZ# 2093503)
* Assisted service triggers the worker nodes re-provisioning on the hub
cluster when the converged flow is enabled (BZ# 2096106)
* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)
* Nodes are required to have installation disks of at least 120GB instead
of at minimum of 100GB (BZ# 2099277)
* The pre-selected search keyword is not readable (BZ# 2107736)
* The value of label expressions in the new placement for policy and
policysets cannot be shown real-time from UI (BZ# 2111843)
https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32250 Read the Full Advisory
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 GeneralAvailability release images, which fix security issues and bugs.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.
2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned
2066059 - assisted-service-build image is too big in size
2076901 - assisted-service pin-latest.py script should exclude the postgres image
2078531 - iPXE artifacts need to be served via HTTP
2081281 - Implementing new service-agent protocol on agent side
2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors2090906 - RHACM 2.6.0 images
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2093503 - Assisted service POD keeps crashing after a bare metal host is created
2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled
2096445 - Assisted service POD keeps crashing after a bare metal host is created
2096460 - Spoke BMH stuck "inspecting" when deployed via the converged workflow
2097696 - Fix assisted CI jobs that fail for cluster-info readiness
2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB
2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart
2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow
2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations
Get the latest Linux and open source security news straight to your inbox.