Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Red Hat 3.73 Critical Advisory RHSA-2023-3379-01: Important Security Fix

red hat
Calendar Grey June 3, 2023
Dist Redhat Esm H88
This upgrade for Red Hat Enhanced Cluster Protection tackles significant security vulnerabilities and delivers essential repairs.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS)

Solution

If you are using an earlier version of RHACS 3.73, you are advised to upgrade to patch release 3.73.5.

Summary

This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.

References

https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-27535 https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/3.73/html/release_notes/release-notes-373 https://access.redhat.com/security/updates/classification/#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:3379-01
Product: Red Hat Advanced Cluster Security for Kubernetes
Issue date: 2023-05-31

Topic

Updated images are now available for Red Hat Advanced Cluster Security forKubernetes (RHACS). The updated image includes security fixes.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

5. JIRA issues fixed (https://issues.redhat.com/):

ROX-17406 - Release RHACS 3.73.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here