Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Red Hat: RHSA-2022:6422-01 Critical Advisory for Multicluster Engine 2.0.2

red hat
Calendar Grey September 12, 2022
Dist Redhat Esm H88
The recent Red Hat Security Advisory for Multicluster Engine for Kubernetes 2.0.2 addresses critical vulnerabilities, ensuring Kubernetes cluster stability and security.
Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images

Solution

For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online

Summary

Multicluster Engine for Kubernetes 2.0.2 images
Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.
You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Security updates:
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fix:
* MCE 2.0.2 images (BZ# 2104569)

References

https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-36067 https://access.redhat.com/security/updates/classification/#critical

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:6422-01
Product: multicluster engine for Kubernetes
Issue date: 2022-09-12

Topic

Multicluster Engine for Kubernetes 2.0.2 General Availability releaseimages,which fix bugs and update container images.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2104569 - MCE 2.0.2 Images

2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.