Red Hat 3.73 Critical Advisory RHSA-2023-3379-01: Important Security Fix
Jun 03, 2023
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update
Advisory ID: RHSA-2023:3379-01
Product: Red Hat Advanced Cluster Security for Kubernetes
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3379
Issue date: 2023-05-31
CVE Names: CVE-2022-2795 CVE-2022-36227 CVE-2023-0361
CVE-2023-2491 CVE-2023-24540 CVE-2023-27535
====================================================================
1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes security fixes.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
This release of RHACS includes a fix for CVE-2023-24540 by building RHACS
with updated Golang.
3. Solution:
If you are using an earlier version of RHACS 3.73, you are advised to
upgrade to patch release 3.73.5.
4. Bugs fixed (https://bugzilla.redhat.com/):
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
5. JIRA issues fixed (https://issues.redhat.com/):
ROX-17406 - Release RHACS 3.73.5
6. References:
https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-2491
https://access.redhat.com/security/cve/CVE-2023-24540
https://access.redhat.com/security/cve/CVE-2023-27535
https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/3.73/html/release_notes/release-notes-373
https://access.redhat.com/security/updates/classification/#important
7. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZHsDwtzjgjWX9erEAQi1Jg/9GRib0hiTt3nUfBw9k3ZW5M6hxBx93tuO
3LDo+bSFX0SjYkAPMrON+B6OvTkH1shLaVQN7XCVnZLzvKhR0JW6ssrLdM/0+JPN
BZ8L2HPTQnW1LWULcdJdEtXvQvFDceZSnppQnGB5UTwodFchy2u993todguPauYY
QNdTLuwkUNcuQwtqRe0wPBPoArM8qQvKa75FonV73twyf/OPsVfxZ7hnpqILH1rG
xLQCxUrYfr6Y68lqUXx36aGjSBXvALu8FcwrQms8BPR9SX3CPAr72HM5vzJ80Vc4
pfYxGXN1zrU7FgYdJHaKuumdWR4qx2PqnWiVGeZape5MWezMHfJZo/AbYheQY8eL
Bz558bKDKFRRXZgjruEwVAxzFgaGfeIHQNDbMFP+8BsYV5TkDAWcrDI0kInpjxvH
Tx/5jzl4QyRAAWQ9MJ/tsIQbc+KN+11biyj+n/j6uYv5oCsJmg4CLhCVQQe567YY
LdDxUBmH81v9WkRPa6uqOvqSBJYG6OFx9XAFLu2jjqVquwZ3qq+e2C6YbCWPZQ43
J9xhBpeby4EDkn9Vc1anUpxvmRmSQULAnZDg0bZygifaSaRcQjQZmPtGRDaeuZ/D
MlfynsBFMmeKrn8znn3JYTsiYnM7aMPPEBwp46Wj4oToPMFHhg0aVebqnwaoyVEs
UbUTcby9rGk=kgmy
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
Red Hat 3.73 Critical Advisory RHSA-2023-3379-01: Important Security Fix
red hat
June 3, 2023
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS)
Solution
If you are using an earlier version of RHACS 3.73, you are advised to
upgrade to patch release 3.73.5.
Summary
This release of RHACS includes a fix for CVE-2023-24540 by building RHACS
with updated Golang.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-27535 https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/3.73/html/release_notes/release-notes-373 https://access.redhat.com/security/updates/classification/#important
Package List
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2023:3379-01
Product: Red Hat Advanced Cluster Security for Kubernetes
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3379
Issue date: 2023-05-31
Topic
Updated images are now available for Red Hat Advanced Cluster Security forKubernetes (RHACS). The updated image includes security fixes.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Bugs Fixed
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
5. JIRA issues fixed (https://issues.redhat.com/):
ROX-17406 - Release RHACS 3.73.5
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!