RedHat: RHSA-2023-0794:01 Moderate: Red Hat Advanced Cluster Management
Summary
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single consoleâwith security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Issue addressed:
* RHACM 2.6.4 images (BZ# 2153382)
Security fixes:
* CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the
node process
Summary
Solution
For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing
References
https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-2056 https://access.redhat.com/security/cve/CVE-2022-2057 https://access.redhat.com/security/cve/CVE-2022-2058 https://access.redhat.com/security/cve/CVE-2022-2519 https://access.redhat.com/security/cve/CVE-2022-2520 https://access.redhat.com/security/cve/CVE-2022-2521 https://access.redhat.com/security/cve/CVE-2022-2867 https://access.redhat.com/security/cve/CVE-2022-2868 https://access.redhat.com/security/cve/CVE-2022-2869 https://access.redhat.com/security/cve/CVE-2022-2953 https://access.redhat.com/security/cve/CVE-2022-2964 https://access.redhat.com/security/cve/CVE-2022-4139 https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/cve/CVE-2022-23521 https://access.redhat.com/security/cve/CVE-2022-24999 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41903 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-44617 https://access.redhat.com/security/cve/CVE-2022-46285 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 GeneralAvailability release images, which fix bugs and update container images.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process
2153382 - RHACM 2.6.4 images