-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes
Advisory ID:       RHSA-2023:2083-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2083
Issue date:        2023-05-02
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-3841 
                   CVE-2022-4269 CVE-2022-4304 CVE-2022-4378 
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-25881 
                   CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 
                   CVE-2023-0215 CVE-2023-0266 CVE-2023-0286 
                   CVE-2023-0361 CVE-2023-0386 CVE-2023-23916 
====================================================================
1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General
Availability release images, which fix bugs and security updates container
images.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fix(es):
* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service
(ReDoS) vulnerability
* CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint

Jira issues addressed:
* ACM-3516: ACM 2.6.5 images

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

4. Bugs fixed (https://bugzilla.redhat.com/):

2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint
2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

5. JIRA issues fixed (https://issues.redhat.com/):

ACM-3516 - ACM 2.6.5 Images

6. References:

https://access.redhat.com/security/cve/CVE-2020-10735
https://access.redhat.com/security/cve/CVE-2021-28861
https://access.redhat.com/security/cve/CVE-2022-3841
https://access.redhat.com/security/cve/CVE-2022-4269
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4378
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-25881
https://access.redhat.com/security/cve/CVE-2022-40897
https://access.redhat.com/security/cve/CVE-2022-45061
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0266
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-0386
https://access.redhat.com/security/cve/CVE-2023-23916
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZFFOn9zjgjWX9erEAQj+jQ//SEjgQpVdMTwbzqrKnwWrIuGaZpgduNIV
KWh4YtsCRxkPOdEw2JXDu1ApTJjCrAmd4VCPmsKdYfsWqeIrLlTgOxjL8P31uoSG
B6wP2CDYC93KD0ucier97XWAMpM8MToFJqD7aKRwZaJRUeR7hySx/5mS5BqLsyay
Bm0sc4Fo6W7qjTPp9/NKQhx/f1zkR3dpXit+Y9BfhPZMJan4BksEHx4j4qFv3J+g
GN+KNQb3wu1GvOQB6dt8VEeCZaLUf3iiCAOLaYLjUnj4SH4qpeMYb7Fslc4nbRuQ
KtuBzvL5a3FN6XcQ6bfanU+WHchn2qmHCB7oocdDY3kPjUOqiUdU5NDE9ix7eHCh
MeBADYXfYo65BnRFGqBer7y6YcNEFO4S0mJOWcACcfBeOVt3NcN+wruWCWO8Wagm
Fi6XQmop+uRFZlUeYtOXdDTtifZuZW9+fpzTCddZMK9oAmc4n4J0WSmpuaE0k9YW
gJ6Gi0gsq/B68l3XblYpXg+kORJpIt5aFAbrirM7pUk3KdxI+lHA9S9UVxZR1v1g
13tHm9rcFeX0y4JGY47SPiOYIruE9MS1/6UTK4ceqIHmfO6+ghDEwzyI9dui1hCu
YnxE0t3ppVL3DT1tlonLs+hRNssByTtvcAbxej50s4mj9Hpr+Ar3wsd1+gEH93pJ
bqaQqtqDjvM=g85t
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-2083:01 Moderate: Red Hat Advanced Cluster Management

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images

Summary

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security fix(es): * CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability * CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint
Jira issues addressed: * ACM-3516: ACM 2.6.5 images



Summary


Solution

For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

References

https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-3841 https://access.redhat.com/security/cve/CVE-2022-4269 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4378 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25881 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0266 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0386 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2023:2083-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2083
Issued Date: : 2023-05-02
CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-3841 CVE-2022-4269 CVE-2022-4304 CVE-2022-4378 CVE-2022-4415 CVE-2022-4450 CVE-2022-25881 CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 CVE-2023-0215 CVE-2023-0266 CVE-2023-0286 CVE-2023-0361 CVE-2023-0386 CVE-2023-23916

Topic

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 GeneralAvailability release images, which fix bugs and security updates containerimages.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint

2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

5. JIRA issues fixed (https://issues.redhat.com/):

ACM-3516 - ACM 2.6.5 Images


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved