Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

RedHat: RHSA-2023-3435-01 Important Update For Kubernetes Security

Calendar Jun 05, 2023 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue Red Hat patch release important security impact Kubernetes
An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Advanced Cluster Security 3.74 for Kubernetes security update
Advisory ID:       RHSA-2023:3435-01
Product:           Red Hat Advanced Cluster Security for Kubernetes
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3435
Issue date:        2023-06-05
CVE Names:         CVE-2022-2795 CVE-2022-36227 CVE-2023-2491 
                   CVE-2023-24539 CVE-2023-24540 CVE-2023-27535 
                   CVE-2023-29400 
====================================================================
1. Summary:

An update is now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

This release of RHACS 3.74.4 includes a fix for CVE-2023-24540 by building
RHACS with updated Golang.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace
(CVE-2023-24540)

* golang: html/template: improper sanitization of CSS values
(CVE-2023-24539)

* golang: html/template: improper handling of empty HTML attributes
(CVE-2023-29400)

For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the links
listed in the References section.

3. Solution:

If you are using an earlier version of RHACS 3.74, you are advised to
upgrade to patch release 3.74.4.

4. Bugs fixed (https://bugzilla.redhat.com/):

2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ROX-17405 - Release RHACS 3.74.4

6. References:

https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-2491
https://access.redhat.com/security/cve/CVE-2023-24539
https://access.redhat.com/security/cve/CVE-2023-24540
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/cve/CVE-2023-29400
https://access.redhat.com/security/updates/classification#important
https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/3.74/html/release_notes/release-notes-374

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZH4ju9zjgjWX9erEAQg3fRAAkO+FEfLakb0S4TU8LlX1eSmOlJ/BvldZ
MUQjwbvgowtED2JEmSITjc1SdzkWQTF3QmAKyEgLkVb35cgQVdzGykDUJA+A0ch3
1hdCG8J9nAIkLrQjlUXLXlW3QKgY9YM7ywfoI2pAdZZoJfqwVtAPNO1dQ2VqMEgp
OBGmpZZMx4UkENcQatYPrmo5NC10wyS2+poT3v5YjXEWERzSHKXy/R7DkRQ0748J
VbOZ471JAytN2k7QXfYkWyUhSWzIF+XE1M8CyQj7L4JJt8dNlVXiFtShjMDld+ok
/f2jcZufgTWm/fwGuCdJeHxhi+uwrnyT+KxblIl7h4xG/7UjgawG7x5T8qPYUjXY
GvQaLhOlPw+u1biCoyRQbPVjxB2sMhJQYCs6a9tyFn4kaNBC5GuCI05PgxoSmtn4
7elzgI7HDMvWIZ3UEWWDuRcyBIGpE76W0JLJAnbuXdkc0G31lyAlgIBHx9aNt9dw
zakxW321SnBhZcdvcpWl61Upds82qi0Pj/NSMlIrkPtJAum0LDZsczbsERJ6p9oF
V3GQh/d6ik3759EwgIjdnht5uM8JqErYkYPyhJLXvLDTJR+LZMR+29zn8d3QUm2d
OvXLWjoSa/aWi63fFCD97AfNCC7RZWj2bIaxi/j8VimwLEP4KX4roVuEB6PI6sPj
74zX1/jLbJ4=i6g4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

RedHat: RHSA-2023-3435-01 Important Update For Kubernetes Security

red hat
Calendar Grey June 5, 2023
Dist Redhat Esm H88
The latest update from Red Hat for Advanced Cluster Security tackles numerous critical vulnerabilities impacting Kubernetes setups.
An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS)

Solution

If you are using an earlier version of RHACS 3.74, you are advised to upgrade to patch release 3.74.4.

Summary

This release of RHACS 3.74.4 includes a fix for CVE-2023-24540 by building RHACS with updated Golang.
Security Fix(es):
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the links listed in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat patch release important security impact Kubernetes

References

https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/3.74/html/release_notes/release-notes-374

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:3435-01
Product: Red Hat Advanced Cluster Security for Kubernetes
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3435
Issue date: 2023-06-05

Topic

An update is now available for Red Hat Advanced Cluster Security forKubernetes (RHACS).Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat patch release important security impact Kubernetes

Relevant Releases Architectures


Warning: Undefined array key "relevant_releases_architectures" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3200297_3e4bf4acb8c07dfea38b8147414a3c74 on line 11

Warning: Undefined array key "relevant_releases_architectures" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3200297_3e4bf4acb8c07dfea38b8147414a3c74 on line 16

Bugs Fixed

2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ROX-17405 - Release RHACS 3.74.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here