Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0431: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-29923: golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
Red Hat Security Data
Open in Source
#vulnerability#web#amazon#linux#red_hat#apache#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-02-03

Updated:

2022-02-03

RHSA-2022:0431 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

New features
1. Vulnerability triage workflows - RHACS 3.68 includes the ability to triage vulnerabilities in a variety of ways to support your vulnerability management process. See Managing vulnerabilities for more information.
2. Report scheduling for vulnerabilities - RHACS 3.68 includes the ability to schedule reports for vulnerabilities helping you to send scheduled communications to key stakeholders to assist in the vulnerability management process. See Reporting vulnerabilities to teams for more information.
3. Use AWS ECR AssumeRoles - AWS AssumeRoles allows you to define roles with specific permissions and then granting users access to those roles. {product-title} 3.68 includes the ability to use AWS ECR AssumeRoles to configure roles and grant various levels of access to users. For more details, see Using assumerole with Amazon ECR.

Important bug fixes

1. Previously, searching for CVE’s with a specific severity did not returned any results. This issue has been fixed.
2. Previously, when configuring the Manage Watches feature, if you added more than 12 images to the watch list, the image list would not display properly. This issue has been fixed.
3. Previously, when the RHACS Operator accessed the central-htpasswd secret, it would create a false positive policy violation for the OpenShift: Advanced Cluster Security Central Admin Secret Accessed default policy. This issue has been fixed.

Security update

1. In earlier versions of RHACS, the write permission for the APIToken resource allowed users to create API tokens for any role, including the admin role. This issue has been fixed.
2. The scanner image has been updated to patch CVE-2021-29923.

  • golang: net: incorrect parsing of extraneous zero characters at the

beginning of an IP address octet (CVE-2021-29923)

Important system changes

1. RHACS 3.68 includes updates for the Log4Shell vulnerability detection policy. With this update this policy also detects CVE-2021-45046 and it includes the updated remediation based on the latest guidance by the Apache Logging security team.
2. When you upgrade to RHACS 3.68, roles that include write access on the Images resource will have write permissions for both VulnerabilityManagementRequests and VulnerabilityManagementApprovals resource. Red Hat recommends updating the roles to only include the least amount of resources required for each role.
3. If you have installed RHACS using Helm, this update disabled the cluster configuration options in the {product-title-short} portal. You can continue to use Helm configuration files.
4. RHACS 3.68 sends notifications for every runtime policy violation rather than sending notifications only the first encountered violation. This is the default behavior.
5. Tags of the scanner, scanner-db, and collector images, including the collector-slim variant, are now identical to the main image tag.
6. Red Has changed the image names for collector-slim. -slim is no longer part of the image tag.
7. The roxctl CLI includes a new --image-defaults option for the roxctl helm output and roxctl central generate commands. It allows selecting the default registry from which container images are taken for deploying central and scanner.
8. Red Hat has deprecated the --rhacs option for the roxctl helm output command. Use --rhacs-image-defaults option instead.
9. By default, the roxctl helm output command now uses the images from registry.redhat.io rather than stackrox.io.

Solution

To take advantage of the new features, bug fixes and security patches issued in 3.68 you are advised to upgrade to patch release 3.68.0.

Affected Products

  • Red Hat Advanced Cluster Security for Kubernetes 3 x86_64

Fixes

  • BZ - 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
  • RHACS-94 - stackrox.io is still default image source in output of “roxctl central generate”
  • RHACS-110 - Release RHACS 3.68.0

Red Hat Advanced Cluster Security for Kubernetes 3

SRPM

x86_64

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data