Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
98
security advisorymoderatered hatRedHat: RHSA-2023-5421-01 Moderate: Multicluster Engine Kubernetes Update
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes Advisory ID: RHSA-2023:5421-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:5421 Issue date: 2023-10-03 CVE Names: CVE-2022-41721 CVE-2023-3899 CVE-2023-24539 CVE-2023-24540 CVE-2023-26136 CVE-2023-29400 CVE-2023-29491 CVE-2023-30630 CVE-2023-34969 ===================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore * CVE-2022-41721 x/net/http2/h2c: requestsmuggling * CVE-2023-24539 golang: html/template: improper sanitization of CSS values * CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace * CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#installing-while-connected-online-mce 4. Bugs fixed (https://bugzilla.redhat.com/): 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore 5. References: https://access.redhat.com/security/cve/CVE-2022-41721 https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-26136 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-29491 https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHIdAAAoJENzjgjWX9erEyf8P/258EixraluBgnP97JDUI+HK uUyGyVQFjE/LBFv+SyjEelNXLc9YkZCn54kvVvIzJGUnitsEdTngTw8awOoTdBNQ 2ldJ3H/gDMzgllDGU3VfxnDfAOS/DphRtIWCtNwhJALVE33gRfj40CeUGz6ub8sx ajS8yfF0HichoPy6aa7LSgTwad71Zh6m6YjvrqT78W6bEiQ98KmrKz8gonhJYsFU Jzt0+X3IKk57O/OQ+NZJ8VrfGIvPQ7powtWLgLzuF8/nz5aaem3UXxCWCAeLFWo4 E/QzWTDA/xhSI2V4LaUoHesUHG/JSrMqSP4vXFlhyLDvoHXJvdpTA3mDyHIMMgwn MNADQJCFcVFL7aQX1YaZqzt2PNhROagq9gIigWzo+F6Sacf5qGTS+Ll45qyAE5g3 fd2S2b27/+28/6gI/ClrLA4GPEXLJfVjnx4uSltfxgNQvWifChakiik4O7wIpRxA NKzCTYZjBlV94kl1r962psPa9/bwO0h4P/sqFN10siouoV8xAzb7MUAomyp9AWMp chgSBi00xcZO3fR8KwhbTxFrM7joP33e5IMEuAH/O9iAzzu5WQpaBTS78hi0qukV LgrnMJYDgd5X18J22GiBPG2S6q2diORWOyC9ub6dzhcJf1VtLjOxmVJYQFgER0WY r3mGHxlhtUkTykmRezHk =IwZP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 03, 2023
Red Hat
98
security advisoryRed HatupdateRedHat 2.1.8 Update Critical: Multicluster Engine for Kubernetes
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes Advisory ID: RHSA-2023:4972-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:4972 Issue date: 2023-09-05 CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283 CVE-2023-2602 CVE-2023-2603 CVE-2023-2828 CVE-2023-3089 CVE-2023-24329 CVE-2023-27536 CVE-2023-28321 CVE-2023-28484 CVE-2023-29469 CVE-2023-34969 CVE-2023-37466 CVE-2023-37903 CVE-2023-38408 ===================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configurationbased on placement policy. Security fix(es): * CVE-2023-3089 - openshift: OCP & FIPS mode * CVE-2023-37903 - vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code * CVE-2023-37466 - vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code 3. Solution: For information and instructions for these updates, see the following article: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code 2232376 - CVE-2023-37466 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code 5.References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-27536 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/cve/CVE-2023-37466 https://access.redhat.com/security/cve/CVE-2023-37903 https://access.redhat.com/security/cve/CVE-2023-38408 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk9yh/AAoJENzjgjWX9erExRwQAKLvMOTGwCcnrshxwGDu8b5J Qg/B9s0X9c9d0eNKtibJd1tjiuIsxP+W0F147Z9oY/UIj8J4kACfogbh9YMm5r8y 3Q10QpiBNpsvT6xGOsg7xOE3xkShK4Kb+RCDbPdV99UY4yg4V6D8GQIjTYomXniR yjfTS60+IRkPRck6sMx9Z6Q95lROpMCE5reCZHrINZOl8/JHN8mXxBwiiB9Hs5b8 bTuVw/w/A6iJtJB5Vdb9YkfpTmsifY/tRUp0G2Dy730PT6A4O+eBMREZVYAkPzmW QcOSzGOq71Av4Ct06qCPfOvoDyvLSVMnhrLQRBqAYqTnP/Z46ncv0+i+OIcpad7b txWcUCYrQcfIxw7E6WJT7uhgRp3IzhVy+uFGcTb5v3zK72SukA4vhOWsBgW1xWDo fYALDFvUhmx7hlGlImQ3RTvmOCNEy7VOmSoTzq/jzNjL9796fIRKp8nIpT9r6fyd WmVfNL0/9hrQDa6rWRy4Tw6GBtzthet2QNdml0Ojhh9rPyXBw8ZL0z0GEF709z/U Tokpo/blCAo2Z43a4sxa5IC2yuBiK58hlmr0pwjXbCyiqZcwM4TUhsJqiyEsjO04 3/ZA52TXbCeEBwF1Px0WAzSnUt8rPQ1C13sqqEUVwiEsem/KeyGHDSQsYUaE1F4o eAZYzdXqZXEYIylRiuaC =Yp3S -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 05, 2023
•Critical
Red Hat
98
security advisoryRed HatcriticalRed Hat: RHSA-2023:4862-01 Critical: Multicluster Engine for Kubernetes
Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes Advisory ID: RHSA-2023:4862-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:4862 Issue date: 2023-08-29 CVE Names: CVE-2023-3089 CVE-2023-37466 CVE-2023-37903 ===================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.3.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode * CVE-2023-37903 - vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code * CVE-2023-37466 -vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code 3. Solution: For information and instructions for these updates, see the following article: https://access.redhat.com/solutions/7022540. For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#installing-while-connected-online-mce 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code 2232376 - CVE-2023-37466 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code 5. References: https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-37466 https://access.redhat.com/security/cve/CVE-2023-37903 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk7lmyAAoJENzjgjWX9erEgyoQAJbwqbfIQs6oIXZijLbivNjq bQKxjShvL63k2pg9Z3dTP9BOU+80m3dHinIuyebSqb6HCtKYVn20HOYWAaeqMSLz +hfLjmyZbMW94i01e0DOQY+kjE4/jJ4SyaNHkzztIBhRalBvaCK1z+qli7WeKUoG 6pKWLg8juuMg7Qz644GZwlAC45z6pz61bBgudd1ITsnFgpR0QbXJgQ9sYEROM6WJ m9YN20GeiVFAvljQVa3jZvO6osEyjMOoqKKbXbbCAAVAGVQRfHZsKoZEzSji9zuh Qpl3TxVf5Q+lSo8Q29UpxManB8qHOnNsD0NJhn/Uc1vtVtNXCGqPYTua/PaQEIzJ 0L9ulRjrVaYTfLkfOAqfpymCEqDUwVrO57lTiiHmmC246aVO2eolWQgCWXHZ1L2r NdFNFrgIlwuosUg2rWMnl2eE7Bng27fu/KD3348wsq0KGioWo/pLRwA07fR8SJht Tr042eSScvhRexvChXjQQI7DioUOqYkB8d80clc5W57jxr3mUJLyAPL+0lMNMgIO vQmePwSyuvv4SdHHSDV4prUkiY/FMJVSMmoa3OXhMWy7oMeLv/Q9pMiWYBtK3bIW 7UXkuuHbeUEei60bYRMZPce7Us3VCuw4jowB9gyQ5e1dN2P/D1KmJOPWqq/gqj6P Mx4gy/4rSFmsj7fPQJnr =v2RA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 29, 2023
•Critical
Red Hat
98
security advisoryRed Hatcritical fixRed Hat: RHSA-2023-4650-01 Critical: Multicluster Engine for Kubernetes
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes Advisory ID: RHSA-2023:4650-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:4650 Issue date: 2023-08-14 CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283 CVE-2023-2602 CVE-2023-2603 CVE-2023-2828 CVE-2023-3089 CVE-2023-27536 CVE-2023-28321 CVE-2023-28484 CVE-2023-29469 CVE-2023-32681 CVE-2023-34969 CVE-2023-37903 CVE-2023-38408 ===================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by theengine to distribute configuration based on placement policy. Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode * CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code 3. Solution: For information and instructions for these updates, see the following article: https://access.redhat.com/solutions/7022540. For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/clusters/cluster_mce_overview#installing-while-connected-online-mce 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-27536 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/cve/CVE-2023-32681 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/cve/CVE-2023-37903 https://access.redhat.com/security/cve/CVE-2023-38408 https://access.redhat.com/security/updates/classification#critical https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk2oyOAAoJENzjgjWX9erES9IP/ia7OvrxHKrr9Y/vEtjWONNe FuAcQnXYC+Z353sjLypA9aPb92zLkk6gdDlAASl5jJyJSCu8ArnDJbbuEsLTuDB4 7hpgyy+IE/0U1fCy4TaF87kRBjPHfPbyrlEJe2lpTJFFqPNxUXbDN1SMRB162cAN ZVdhxbRbNKIo4B+dwmHG6S71qOlYYeD0ju9aRDQhFGlGKEj5JYFc2meFNdkE/07x ah575UrYN2jtC0fepWPUny9EDotEtuYGAKyE7M5O+gHdNu5aBCCiizjcjZRgfX6a FRRYuVrvE7qKjs6Z7/XAlUta1ut/LVUE0H+yAM8wLnLe0KcFVXgSeCe5+BX2IdrY wtQ81kQqimqCuqugNNhILTJZvYfie6rxPsozJEycKwsAyHMzEnEJCToIdnroClX0 JzbZ9pypxzBRRxfe862GrXJ592rbsJJQFGNQgoOB+tsiOmbBQCDAOnCq3ZLIaBx8 NsBxcshlDlI7MnDgJz2+tN+nnMWK88tuR+4zI8iOqZlxxMQQshxJchTs+3ZckNwR 84rffOay80r6VwsUU4+p099CaNj3pI8VzzkLSQn7dZAOuK+L1NEc8TyAEAOHAMNi lm/gDUy469tnGFHuJFi23ZAbyCLk5NTBLa0OvzqkuLQ4NqWzgI/n1YID9NxGISsY Ne55NzOKyUQAul8Ktg5F =Uuh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 14, 2023
•Critical
Red Hat
98
security advisorycritical severitysecurity fixesRedHat: RHSA-2023-3353-01 Critical: Kubernetes Multicluster Engine Fixes
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.0.9 security fixes and container updates Advisory ID: RHSA-2023:3353-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:3353 Issue date: 2023-05-30 CVE Names: CVE-2022-2795 CVE-2022-2928 CVE-2022-2929 CVE-2022-36227 CVE-2022-41973 CVE-2023-27535 CVE-2023-32313 CVE-2023-32314 ==================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.0.9 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2023-32314 vm2: Sandbox Escape *CVE-2023-32313 vm2: Inspect Manipulation 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: 4. Bugs fixed (https://bugzilla.redhat.com/): 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5. References: https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2928 https://access.redhat.com/security/cve/CVE-2022-2929 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-41973 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-32313 https://access.redhat.com/security/cve/CVE-2023-32314 https://access.redhat.com/security/updates/classification/#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZHsDKtzjgjWX9erEAQiCaxAAg13g7gG+8ypdz3ovJCkfLUF4Qtmtt0H+ 86n0MM3MWzy2difiDiCswyNSPL0hULASDVFKIkAwWEbmm1WYbPTadAe3x/TTmUhC U0EyWLnWGnxDmnnC5SgrIjHFLJrjKG4Qa/ZbtZxUMNLkA0d2KlOYgwBu5m4gRuyH 73QFUE+iyqV4emMUIhgqyjsWEeiE/GdAz8KM0Rav/+zG9n8JMP3Lmc3W9T6rgqX9 gwyeDqvF81ZRmAWoPrTrsoTNXe69es+5hv8hHEoU2noEfuFMStuOGqA2Mvddrztp rGtuLVMcoMTX+f9yxXReqHdTJEpBcmDZhl1TAg8aYb44isoxoRFSx+G73Akv00Uq mWjTOJ6D/9T+h8tBFUKxYHxjgl/3xt3t4SFqH+un4S+vlypAJO6+mPZjjKRoJE88 8w0za9kbUo/r+ST1J12JOs6JrqAR7qDWad1Mkrk0qmSZLSQ9H7plF1j3XA8ZlBs7 CAtgi3Cg85DByF4e26/WUw69z9Foh5qgr05c3G/AHELLcJY/DdJUOCeoNBo9HYi7 K/l2J78/t7kuQgVSxC+//gMGxGj1z5itHHvxJ12ZTUO3ts/jwHGa49Ow2hh7WdCE Wpa76bv+X+X0M3riX5X8x+Kw4iu3Hs8t8U6SaMkFGIQs5CTrDPcaEbjCa2CxJUe4 JvKwaYiKHlY=wc9k -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 03, 2023
•Critical
Red Hat
98
security advisorycriticalredhatRedHat Multicluster Engine 2.1.7 Critical: Update for Kubernetes Security
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.1.7 security fixes and container updates Advisory ID: RHSA-2023:3325-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:3325 Issue date: 2023-05-25 CVE Names: CVE-2022-2795 CVE-2022-2928 CVE-2022-2929 CVE-2022-36227 CVE-2022-41973 CVE-2023-0361 CVE-2023-27535 CVE-2023-32313 CVE-2023-32314 ==================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2023-32314vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: 4. Bugs fixed (https://bugzilla.redhat.com/): 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5. References: https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2928 https://access.redhat.com/security/cve/CVE-2022-2929 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-41973 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-32313 https://access.redhat.com/security/cve/CVE-2023-32314 https://access.redhat.com/security/updates/classification#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZG/BttzjgjWX9erEAQjYsQ/9H3JpPTOvwIPWOwCwcuGu8M5yONlUfHG+ QmK/UaVkA9bTv+OrQQ2Idte+JIAnEI6J5x6Hs5xu14loLY5deqsj4enzk3v+KLal RAN3yxHNBtfdI6aYqgVCtzfGZAWw3lvf5D+unHvNGRb66FXK71BYjRqC4uzGY2OS 5hrYOhJBB7jdcqaQnnA/7aqghZxUgp2drDDszuxidCZj9p1BtRs4R64bdZA1bhda xf7iTnlTmgw/g9Gfv1vaKWSh91ajxXETURzgubZ9Pd8VmxycvBfMo3NlYPb/nPv2 41EYuwSlGBAChCony1nW/nrm0eRvJpBLiuup5G/Z0EZ6dn/kgRgHLv/pKtnpGaVr vSLlSaBBEKdv7u4BmzJ547ULEjGu8ZDOPjFheZvZnNbnluIKdwJOH+hPnqfxNPsd 0zh02tDhzrlJqanC8gTz97TTAakQgNDgMDMn/syi67Gs/o+XDSDF9ypFFxDWjJER de1QmjOlbxQCQRAqKfM2cvkZdLBJ3qLeNWjJE+nGs7jeg0qD3KlD5npHN+vWWmO1 nLCEz4Awd3WXzY3TmkBMv3Sy6RuHWYxm8MyYfrXZA44FEnIspEtx87e2RSNT50jI Fan26hcaiJNmGutIb8GEmKzf9EzBP/tuITzBSQNpcwzlmVbV/CtP6j1vkvBwMsJg PnzJEccKKHs=o7LV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 25, 2023
•Critical
Red Hat
98
security advisorycriticalsandbox escapeRedHat: RHSA-2023-3296-01 Critical: Multicluster Engine Security Issues
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates Advisory ID: RHSA-2023:3296-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:3296 Issue date: 2023-05-24 CVE Names: CVE-2022-2795 CVE-2022-2928 CVE-2022-2929 CVE-2022-3172 CVE-2022-31690 CVE-2022-31692 CVE-2022-36227 CVE-2022-41973 CVE-2022-42889 CVE-2023-0361 CVE-2023-2491 CVE-2023-24422 CVE-2023-25725 CVE-2023-27535 CVE-2023-27898 CVE-2023-27899 CVE-2023-27903 CVE-2023-27904 CVE-2023-32313 CVE-2023-32314 ==================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After theclusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: 4. Bugs fixed (https://bugzilla.redhat.com/): 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5. References: https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2928 https://access.redhat.com/security/cve/CVE-2022-2929 https://access.redhat.com/security/cve/CVE-2022-3172 https://access.redhat.com/security/cve/CVE-2022-31690 https://access.redhat.com/security/cve/CVE-2022-31692 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-41973 https://access.redhat.com/security/cve/CVE-2022-42889 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-24422 https://access.redhat.com/security/cve/CVE-2023-25725 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-27898 https://access.redhat.com/security/cve/CVE-2023-27899 https://access.redhat.com/security/cve/CVE-2023-27903 https://access.redhat.com/security/cve/CVE-2023-27904 https://access.redhat.com/security/cve/CVE-2023-32313 https://access.redhat.com/security/cve/CVE-2023-32314 https://access.redhat.com/security/updates/classification#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZG5wQ9zjgjWX9erEAQjkdg/9GsjBe3THrx2NH90rO1cRUwlnsUlnfHhs xNDkTrtU//xkShmIxpMu8XlJKcHlQrRTNyQ8IuXC8FGtUkzv8pwTMc2eY+DBzavU /WQN6uXTRFD8tK0G5HbpYi2giBCiJhTjYOgf1BSihmeb9IICzwTkuEIGanXV2efy /DG4yuz9vVnuJfnqUluJLxlmRCz9iPmPQrxZstbjandebSFWTL8sggP3XZn/StSn ssrjZAc85k3ifLSPdFTjkx8/jxWVH1r3IB1w9yoPqS3ll59sAC+Otl/SsYkz/HRs PkJc2t+hzoHlGRQ23EQ6h5ub7E3NRkawdINtc7JgQlLaEroQNL/pSWIsjOEyvk8A CE6s1B8i46PUmeiuEa3eReRlwE09SFgjJymLlYfnoxwXWEmdBeADCcdfw3s6qcIm bOUNIXRp2on5RBQFKiwbmQHOmbWhJbaBwg0EmAmDKeHFl7fAGnRmHVYYxne+UV70 ymp0VusIkTKfNKz+dDfrtoa1ALRRVoRQMd0cQoz4r33IBnjh1y9pQpw1ctqq3SkD tcQz3dIk8VQE6Su2ynVraqV7QVt+52mCsAZcCRiOySA5Y5oDTUDtxaDFn7sWVJqb 2Ru/hx7wy0w3DL/IrFpmk7/Jzw4Du21K181ftcS5lW9X9dq/OvRDEQ4RKWF5xrGH BWuJ66ib6kI=ylZU -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 24, 2023
•Critical
Red Hat
98
security advisorysecurity updatebug fixRedHat: RHSA-2023-2098-01 Moderate: Multicluster Engine Security Update
Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes Advisory ID: RHSA-2023:2098-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:2098 Issue date: 2023-05-03 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-25881 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-0767 CVE-2023-23916 ==================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2022-25881 http-cache-semantics: RegularExpression Denial of Service (ReDoS) vulnerability 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/multicluster_engine/installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25881 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0767 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFKfntzjgjWX9erEAQjzTRAAgbw6nyT8DYKVrPuDiHXl8jDs+/ti1oVT MWeeFOnyO89RIrJbGDgN6kcvNl91RZpGJey995jr/IsmVAgsKMPc2w7kkggl1/B8 eo8ZnA16W5Cv/mfyupOb8puL6U75epTQT4oAdS1cxfke+LRs/PZZvoxYcLRnTR21 Si9XVhh8/cGUCOFSQRRSa57CNLWxpm3da4zNyK9fSYjHQQOi759a1aeRiXTIL32c xXuzMwwjCusqh0moVnNH/zdyuBRWPfvIW9EzamsyVB+AZ7b/16bCq+z9KCXfYV9q r2Vf2ZAVaQ0pd4mS4zvXi2Mq4JQtHRMmVSN2b49K6ZjhlAL9PSATGtlQZnMx6tDt K58LrzMi0+J8JkCu5kn4CUmY4OZGUaggpZ7GPAR0+WxyG7Pk/yL87O7EhVSSEfA5 0L9LsgcJfSBIGHz1ij+Vs+ChuK8lMw62bPMRmH5udtHXe+4JUgJCJ5LemDIhxtw/ 0qQY7uChfK92SNfgqzZRGl1uY4nOLp9oonxK7LdU084sdWLBjQ2FZEaKLRLDulX7 ZJYP84XglXd7MNrSwTbxzQ7yObLkvufltR49+f02w3H3YDgMwYIxkVdyj+Om2ytF GLpRp8MxmJt2QsARFvGvl0NOU0vfS+bX1VUKQ/Tr3y09zySCbBHmswKAx2UGa4Xh LmjloF5IKn0=wZvw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 03, 2023
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!