Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4875: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created.
  • CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
  • CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code.
  • CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code.
Red Hat Security Data
#vulnerability#red_hat#memcached#kubernetes#perl

Issued:

2023-08-30

Updated:

2023-08-30

RHSA-2023:4875 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Critical: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Type/Severity

Security Advisory: Critical

Topic

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General
Availability release images, which provide security updates and fix bugs.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

Description

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which provide security updates and fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/release_notes/

Security fix(es):

  • CVE-2023-3089 - openshift: OCP & FIPS mode
  • CVE-2023-37903 - vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code
  • CVE-2023-37466 - vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code
  • CVE-2023-3027 - ACM: governance policy propagator privilege escalation

Affected Products

  • Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64

Fixes

  • BZ - 2211468 - CVE-2023-3027 ACM: governance policy propagator privilege escalation
  • BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
  • BZ - 2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code
  • BZ - 2232376 - CVE-2023-37466 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code

CVEs

  • CVE-2020-24736
  • CVE-2023-1667
  • CVE-2023-2283
  • CVE-2023-2602
  • CVE-2023-2603
  • CVE-2023-3027
  • CVE-2023-3089
  • CVE-2023-27536
  • CVE-2023-28321
  • CVE-2023-28484
  • CVE-2023-29469
  • CVE-2023-37466
  • CVE-2023-37903
  • CVE-2023-38408

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

aarch64

rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:b32e4fc84d9d39219a328f7407fcc570c6729251d3296ca181141c4d782389fa

rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:635ad387aaee875fda86bbd5f2d2e836b58f380c90c298d5aef376562e8e8e7d

rhacm2/acm-grafana-rhel8@sha256:2578d0f0fe58e271c65c1ed8be5ff2550f73251bf43bcbdf0806c4b3a4e2e238

rhacm2/acm-must-gather-rhel8@sha256:18c69ad4e7fd30e8d71722a87cb5de41ee2dd8bcc573559100e2525c34c10229

rhacm2/acm-prometheus-config-reloader-rhel8@sha256:0b6a8c546bcc4f9f99d2d0b41657c425f3ef6b219c5fea058f3868dc70abcdf9

rhacm2/acm-prometheus-rhel8@sha256:1f796025c67fa04190219fac305b56e591e7754fd0eca37a9e45ba3f1678a130

rhacm2/acm-search-indexer-rhel8@sha256:9279b767311234124f525211ebb8ed48577978e63a81435a611e3e74258f259e

rhacm2/acm-search-v2-api-rhel8@sha256:6351d90cd4da017581f8ab665624c5e3b3e6f3f83823d3a57a623cbc6b19acc1

rhacm2/acm-search-v2-rhel8@sha256:808245b793b03b014563c4f71f7f461dcb637ff82542f777465d97e0ae2318d2

rhacm2/acm-volsync-addon-controller-rhel8@sha256:c3a0ef45f11b484d8649c1429362de09e50b34cada4b629775d5de64ddf04766

rhacm2/cert-policy-controller-rhel8@sha256:7ffc0bb2e47015cc720a02663c53bdbd0a880527ff0f3c483efad3e0e9b09011

rhacm2/cluster-backup-rhel8-operator@sha256:bcee92d5c2b4aa838e0606844b510027d384f00ae4e765c84c6d355cfcfb7a44

rhacm2/config-policy-controller-rhel8@sha256:eb5044f40546b12bb2b2f544e617798cbe276ea9cfbc3096c54db0794cdf7f59

rhacm2/console-rhel8@sha256:fab2a8df60218d4f0f1328b89adca2125eb64a32880e5319bb7ec5775e8af635

rhacm2/endpoint-monitoring-rhel8-operator@sha256:eee877b5aacc9b78e8874e3837d888006ef5e25baa483cdd75a750b27a0efe9c

rhacm2/governance-policy-propagator-rhel8@sha256:71dc1f7b8b563990a41fdceb1e4c786e54e334df2b41d7661ebd0d5da6bcc4fc

rhacm2/grafana-dashboard-loader-rhel8@sha256:9578500758c5462230dc19740a95726fe7757b13246f3858d4ec9d226aab36d3

rhacm2/iam-policy-controller-rhel8@sha256:069faf4fc6129e672a41bf3b3c2985bb74b62be859aeecc488b86954b711d3e1

rhacm2/insights-client-rhel8@sha256:6a74da2e5a0b0e673780c63d8a149762bb6b49c0d1ed31bab0088351fe1eff98

rhacm2/insights-metrics-rhel8@sha256:c61acea82091fd4c85104acaf0908f989d175f1411831476bf811838c3d03e8b

rhacm2/klusterlet-addon-controller-rhel8@sha256:27482903ba3f6df63f59f6c85727578aa8e404be0f499035558253cd02497903

rhacm2/kube-rbac-proxy-rhel8@sha256:5ee8fb86952e74b7eea1209ab896e22d5d1ac8893d3f4865f571b3597729f1e8

rhacm2/kube-state-metrics-rhel8@sha256:8463aad8c82099e939c5d2e8bc72848b184994aed88ffffb3fa2ce44c423f8ab

rhacm2/memcached-exporter-rhel8@sha256:703987cb876a4064a9c334afb01dfadef83b73eb95c64037fb335f7cd9e42ad8

rhacm2/memcached-rhel8@sha256:f339cd49344c5222ba4333703795a259893d1de2f78bd0db2c2556602267c645

rhacm2/metrics-collector-rhel8@sha256:d0eb16bbe063d1988f2e8babfaa603cf9fca14ec77dac810058848b65b88fd9b

rhacm2/multicloud-integrations-rhel8@sha256:65f7821b91cc4603b8feebb52c9bbe3d9a106fe38076d179e27c4c8f177a1851

rhacm2/multicluster-observability-rhel8-operator@sha256:550736ff9c474c6b8c3f5a588146ac52c8eb8460d320151cc6b7e8536213c10d

rhacm2/multicluster-operators-application-rhel8@sha256:619221a88ad2dfd3a8e6901c9970399dd8c7b7a05aa33ae9023e484a22636cde

rhacm2/multicluster-operators-channel-rhel8@sha256:f4ca09848e2ee61b4276b204ab9db58b22487cbd94f2cecd31c059493a3d9113

rhacm2/multicluster-operators-subscription-rhel8@sha256:65e5f83be69d9d9f905340db2242e9fd876ad992aa11fc12bc68cdaf18727c14

rhacm2/multiclusterhub-rhel8@sha256:0a0c597f71685dcf3dc4aec12add62e704f28b0e7bf4c95d6f1d963069159ef5

rhacm2/node-exporter-rhel8@sha256:28fe8c5755e97bff9d2dd2fcdcfef22b363107db93eb109cb3afcd71d4b601c8

rhacm2/observatorium-rhel8@sha256:fcc29d37aa7b785980575c59bca72c0fb681b16ed7138d6f867f8dfe465c23d9

rhacm2/observatorium-rhel8-operator@sha256:ce56e634bc73342029534cc3f5fd6bf9a8159a714a14c40c22705869469442f0

rhacm2/prometheus-alertmanager-rhel8@sha256:458afa124daf788262502d883b792a5ff17c96369b30b23dfe3b220805c0c747

rhacm2/prometheus-rhel8@sha256:ed7a61582b9701bc7ad72ee3555a8b5af1e5d04bbc09a7ba395df1308c3bea3c

rhacm2/rbac-query-proxy-rhel8@sha256:741675425968c5ccc5cafe0e726df60a586fbfe0167de2f7f95c9a17332f7dff

rhacm2/search-collector-rhel8@sha256:1722df297e8f9ea7df0ce951b9185790c089e607931b2ab19335952faddef99c

rhacm2/submariner-addon-rhel8@sha256:c3a26158e1f00132fe4d3ec6ca8982a1430469ed9cdc194c88bb89e2e815cb91

rhacm2/thanos-receive-controller-rhel8@sha256:1889e23689bc764529d08ebeb2572e1667a03906fc737469eb1194bd0d9dc735

rhacm2/thanos-rhel8@sha256:b6beb7959b22106d2e112c1e658d4423580e74b0f947b428f9067e4c4be7855d

ppc64le

rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:52d64b604065dfb5a8788df5daeae31561a40d751e5a18fda430ed279bfe03d4

rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:e6e4285cfbece81c40d8b84dbf2575225a6f31d0d7ddf7177b1ce0ba34d2f7c5

rhacm2/acm-grafana-rhel8@sha256:71ff794dceb803c833621bf91e3b8f463c062d8b149da84b2cd86254a07a4b28

rhacm2/acm-must-gather-rhel8@sha256:3c789ba172a724ee90e3fc80dbf9cebc7a074fa678faf6ee198cccfda685de89

rhacm2/acm-operator-bundle@sha256:69e9ab2ad536934df61f0f952a4289cfd37255b947e13a1b3b1aa516d3e0beca

rhacm2/acm-prometheus-config-reloader-rhel8@sha256:e19f65b417dbc13338001e639bcd9f8b1c43b60f7e322a53cb8b9f15b50da870

rhacm2/acm-prometheus-rhel8@sha256:c0d4099827be1b70095092442b8af60e1e8332ef1fe10025d733fcf24b33e40d

rhacm2/acm-search-indexer-rhel8@sha256:8bf0fbe205429459feb0b70e60f91d4517c603fcf48e3d40f3646474cac591c0

rhacm2/acm-search-v2-api-rhel8@sha256:4b9815c796a54dcc04a507c69144d5ed922e37961fb5f5cb6d021cb734014ac9

rhacm2/acm-search-v2-rhel8@sha256:1ccb2069e2fb062edb0b50d0633c6d3ba1359d79bb7784f4c02aada76d51fa2d

rhacm2/acm-volsync-addon-controller-rhel8@sha256:930b033641bd415ac6cb0b300ec6b3409ac6855e69b4f84177ca02b1421d1a12

rhacm2/cert-policy-controller-rhel8@sha256:688859a988e34f820436551f0767e0e9bffc531c9ce48a494c031e943095421b

rhacm2/cluster-backup-rhel8-operator@sha256:6bdd47081b8769a9660a252965b69028cb277abf9161167299332eea92e16b2e

rhacm2/config-policy-controller-rhel8@sha256:9b4946eaac1f39a9906139f2bfe528f083c49c7fb7f23a1d8d5dc80ddef84f42

rhacm2/console-rhel8@sha256:d7b14b1eff5abd6c07961e49645911fe86a1d9495edbdabb90e396e414522777

rhacm2/endpoint-monitoring-rhel8-operator@sha256:451440ad4410fa27ac59053f8427d21ca628b3ea0839656131df06c6293b3eea

rhacm2/governance-policy-propagator-rhel8@sha256:7c276c65a791506bd10106610e62f1009c94147113a90786129e6be2afa60db1

rhacm2/grafana-dashboard-loader-rhel8@sha256:1b8a2d6a877f6cb5284e349648d6b7cbe0db79f56b0e334bf31faa05bec40d5d

rhacm2/iam-policy-controller-rhel8@sha256:e948267131546b8df14e0e1606108346ffa5aa9ccf9224b0beafe5b754b86e58

rhacm2/insights-client-rhel8@sha256:a47ace5f47b236870949bc4f1738edc0fb74e0e1943d9a44722fa077f0557b23

rhacm2/insights-metrics-rhel8@sha256:40116e5d89cf7f6d8534c493cf1c56771a31317f73414c3ca693e996c87438e8

rhacm2/klusterlet-addon-controller-rhel8@sha256:c24b6293e4d2cbfa9b3cb34ccc88dd4d3fa83eed05b3aab110451cbbe0ca7a12

rhacm2/kube-rbac-proxy-rhel8@sha256:4a73c436c11699b37e0d23a0b01086207ab892216d63b5f80358eae447c48aac

rhacm2/kube-state-metrics-rhel8@sha256:89b6463982e3569bf2dec603a560e20612de92ac524b66fcfe3945afdb288d52

rhacm2/memcached-exporter-rhel8@sha256:075c5a541b06cb3f4771ea5b25668abe837f666f264e53034a98f2bb133f90f7

rhacm2/memcached-rhel8@sha256:3f02820f86160fb361e1fe3e30ef80868b13fb9c5a4e904b39f659929fd04901

rhacm2/metrics-collector-rhel8@sha256:9ce22af60168127c7c5c9491a35b08f08b20dbb5b7e6ba3e63e853c7c215b194

rhacm2/multicloud-integrations-rhel8@sha256:2ab644e87d5fb38d20216b2eb93a278359af04d15d0d1b9d6e64660d662a56ab

rhacm2/multicluster-observability-rhel8-operator@sha256:e4271e6114c28eded8b36cdf2f698a302af6426e55de0fd31edc9b80903fc46c

rhacm2/multicluster-operators-application-rhel8@sha256:02472972d4b602412f52df9ca648bdd8ff40f227e078b2dec37478a5a854f45a

rhacm2/multicluster-operators-channel-rhel8@sha256:95c03be3bad6a5397545b746fe4f29d7fa008748b95ffb99f4db3ce00d5cf903

rhacm2/multicluster-operators-subscription-rhel8@sha256:a1322ce48117ee27b78fa5ad2ca71333bd9a87c24af9b18da98da7a1ff88fd14

rhacm2/multiclusterhub-rhel8@sha256:d230dcc563b8655bd666e2036cf4f889d16a2b55c529a9e6d54e3b336b82167f

rhacm2/node-exporter-rhel8@sha256:56287999d745acec1a58983307820af7424ddcf68cc309dc349b84a5e4d3a6c8

rhacm2/observatorium-rhel8@sha256:1c75c74aae88f10d0e2350a84729e3db326e3d152f07e4105bfb6d1ba5ca33cb

rhacm2/observatorium-rhel8-operator@sha256:d2e80e3211d7da0984d4e7fe17e8a9eeb9fb8aedc6d5165fdd5066652e4e74be

rhacm2/prometheus-alertmanager-rhel8@sha256:4e354118ac48ac6de1b7312d460081e9782c8cec9dc6bfa01e61758135bd3a54

rhacm2/prometheus-rhel8@sha256:9abc5cc730077e7e2fc5a4b1b0447acfb40215a6aae5cb78aed448247427790a

rhacm2/rbac-query-proxy-rhel8@sha256:f1cf12488e17b6846120f6dcb7d7cba665c7fb5f04eccdc6cfa00d77f0755439

rhacm2/search-collector-rhel8@sha256:f7a20d6274016b6ee00a895247df84976c1eed21977a171a0a81683f7d569182

rhacm2/submariner-addon-rhel8@sha256:f1d2a2ef94188ce8056d8fc18cc6046d1c213cda535ccfa58ee6da708f3435f8

rhacm2/thanos-receive-controller-rhel8@sha256:904ac6f381a099fff70066fdc3359181a7c704317fa993dda53759b7e5a00b35

rhacm2/thanos-rhel8@sha256:953c558cbf1f612907547b87dccdf84f7730b87b9f7642711557dfdf942d8322

s390x

rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:aed5371ec2f94088c63ebb1be14175ef87ad3a37126a5b534cf71aa339932db6

rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:20576b46e27f767d7d387ea1fe2d587b07238cfb0e1c2f8422a506f852c72865

rhacm2/acm-grafana-rhel8@sha256:985c16053c4a7b50d15be2c4e474e5b283972eb5e116f9c6e9544e01adcb3242

rhacm2/acm-must-gather-rhel8@sha256:53f70898ea0af86442c60c501afaa0daa5d02f9d5f2173634bdf8a0b37b89e4e

rhacm2/acm-operator-bundle@sha256:58bad87bf81cc89694a51a0ae7f8caa14b153014b38535fa1ff5e6d2f86e3bde

rhacm2/acm-prometheus-config-reloader-rhel8@sha256:56b60e2a80920d688e97032a40760abf8230177c26ab9efcab73c3b0e9438c19

rhacm2/acm-prometheus-rhel8@sha256:c893e2059206533bb36d7864a602362a8ddb308487c9ee2850b7672ca2308bb2

rhacm2/acm-search-indexer-rhel8@sha256:b62e989d281bf3e6f359e43cabb69c577ab138f07f9c98048dc23dae81ea1f5c

rhacm2/acm-search-v2-api-rhel8@sha256:e5c30e4d68d1bef50134a2dfa92af5e1929005bf3e40bf7a9038204af2ef2f47

rhacm2/acm-search-v2-rhel8@sha256:7842368f780c17c44beb3a574e7aa7a01c0825b5f1f46c1f7a1e422d3ef89897

rhacm2/acm-volsync-addon-controller-rhel8@sha256:bdfb33c5f64335cdcec5ef22107986d2a90f218f87563b5278c998da5d428791

rhacm2/cert-policy-controller-rhel8@sha256:f853e1fbfd802668871a29fc686d744a29ff6f34eac416171a093deaae273d9c

rhacm2/cluster-backup-rhel8-operator@sha256:1263f0e8a0d6e92159b5d85ab760a82b0dc944b7ca95856ac13dca99756f9776

rhacm2/config-policy-controller-rhel8@sha256:6e7308de8b1dbd735b33739d2bc8924a45241071196be2d96d548f2a02ad1ae5

rhacm2/console-rhel8@sha256:2144666db640ebd7c51c524c77ddf262e52c0cbd34dc2d3d3a321710a94d09b5

rhacm2/endpoint-monitoring-rhel8-operator@sha256:7b5d1b53f7b125b4ec082526caf96dd505ae279d2d92d1772950b9feac316c5f

rhacm2/governance-policy-propagator-rhel8@sha256:29605d0c9c3e8939b0df898cc02b33b80784b771f92a0b068c7c637da43159a6

rhacm2/grafana-dashboard-loader-rhel8@sha256:4fbf7aabdffdab467d76299371dbdc9480fb9f3a7d544093d6c02300e9348309

rhacm2/iam-policy-controller-rhel8@sha256:0d0281ab7d11e54c2c92f82a652de47d3d8348225623e3eea34640b3f2b6d0be

rhacm2/insights-client-rhel8@sha256:b7f3bcd69220654ddc2ab3c267ec8e1e840166b3bfa8fa23dd8842784ed23303

rhacm2/insights-metrics-rhel8@sha256:a4a52b7a0723b23a73e59e09703582b0189ee32c35be405931f9b0f7bf8fafe3

rhacm2/klusterlet-addon-controller-rhel8@sha256:a8e51019fe2eb8b0a1d5c876481692a06a1000716b76a7c6d2197cd32e4555b5

rhacm2/kube-rbac-proxy-rhel8@sha256:812de27970d210be7c5dd04bc0cc5f90f0eea3a454dbd5acf7dd2e117feeea53

rhacm2/kube-state-metrics-rhel8@sha256:24bb2fd015afa97d33277fc7a07609998ee176f01b51fe8c8f1701fc994ac4ef

rhacm2/memcached-exporter-rhel8@sha256:f82ba99a06a3e45d7a4a81304a43073cf576d898a648e2a788ce9de3bcff5aa8

rhacm2/memcached-rhel8@sha256:0891f82c886a3dcaf2064fcfdd54ea0a4b4fe82b59aa96ddf42db7c892636b1a

rhacm2/metrics-collector-rhel8@sha256:d23e22425f683d1abc6d6b8c2d42994e00bec6b71c6bf10d1606bacb902fd9aa

rhacm2/multicloud-integrations-rhel8@sha256:bec3b3264650718f06181bc7655baa08ead451905f0b88117e3765b70dff9a8b

rhacm2/multicluster-observability-rhel8-operator@sha256:818bc2129bcb3becc89ce9c325a3a980fce5867bdf83d827fd1277483a0fc4f9

rhacm2/multicluster-operators-application-rhel8@sha256:0e15623ac09dfff9660116a186842a6a24940ec0420439c7815362e81458e07e

rhacm2/multicluster-operators-channel-rhel8@sha256:925f0462cb61619edb882a63f0e12fe15f85926413c572fee68d264f021b0ff4

rhacm2/multicluster-operators-subscription-rhel8@sha256:730a7768c612802ba230ec60a947fdbf05a1617cd447b0d3fa46e56a849aad41

rhacm2/multiclusterhub-rhel8@sha256:ef13cd5b87fb6e5115cd9c90eb7dcdf3184705d52776c900f8a9f77026ac920c

rhacm2/node-exporter-rhel8@sha256:804b25f0f4d2ebf826dea551ad26b15716a2b0e63b385f1ea97ed62d1e34de3e

rhacm2/observatorium-rhel8@sha256:42b1bc5e5c39b06a6ccb2712d42f8efb86b06afa57e8eba4141dfe1f0416f146

rhacm2/observatorium-rhel8-operator@sha256:d00f5fbf534be631ee684f7fe6a6e25f827482004d828ea73253586d645c8305

rhacm2/prometheus-alertmanager-rhel8@sha256:9e24a8265703d089bf03da1691db6f97e458ea763478f002d171963517107633

rhacm2/prometheus-rhel8@sha256:b3535d93c984c1b755e43ed107b355da6ec1dd15f173067ff51c3624ef2b010f

rhacm2/rbac-query-proxy-rhel8@sha256:a7fbfa4f9d0afe786adf1395797352367b71428b7cd9dd33fb5d215182813abb

rhacm2/search-collector-rhel8@sha256:9f94937d04f7ba908814306e9302ddcd6d4410d0e452bb6099d01975a4e7f1df

rhacm2/submariner-addon-rhel8@sha256:66fba99a8bac5d0e01ef8fb45c646a497458300227bf9cea7907b4955719fc73

rhacm2/thanos-receive-controller-rhel8@sha256:1d9bc18280c9d755d034ee7d421f35933c1b6b04ea0aa3d77ad2adc8f2322852

rhacm2/thanos-rhel8@sha256:8f253e56faad4613b05f687a81ea413308af0a776cc095ad13b9c4d13cf5e4cd

x86_64

rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:6e244c049264ea1f58c6bafdf296f06228df4a10c347f5e37582ed20b5582502

rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:50122716cfd3c3856ff40c2177d2e90351dd29b24154d845d2752df6e2ca39bd

rhacm2/acm-grafana-rhel8@sha256:3627b084471ad7f26be6bcdaf03a1a1aa8a27438736dd381bd14090a762bd15a

rhacm2/acm-must-gather-rhel8@sha256:dadac0330d7feaeef6e85a887e8fea60732626a8dcee543465d1df5cdb082faa

rhacm2/acm-operator-bundle@sha256:3ebdbb5083496950160db950926aec5ed785dd0121c255dfd6ddde7c37172361

rhacm2/acm-prometheus-config-reloader-rhel8@sha256:891cec48a859c512ec0aac361e50130f0eb54275cd797c2bc114d35c5b10c47a

rhacm2/acm-prometheus-rhel8@sha256:17ecd7eb2883341f5030d2b7bc57f1b281c10439c85fdf9452ec883a53dbef61

rhacm2/acm-search-indexer-rhel8@sha256:8253a9c4bdaf9252f0d420c8da8b71e5dd4b8a167eecc43ad3f2371dbf51073f

rhacm2/acm-search-v2-api-rhel8@sha256:c93dbc0e7f27ce39edec9ec5a771a8135c247d5de9051566ceb675cce391baba

rhacm2/acm-search-v2-rhel8@sha256:c08db650643f485dc8dde9829301ece300f39e308c01e60973620ae363ba4c01

rhacm2/acm-volsync-addon-controller-rhel8@sha256:5910956d7d8a68af784b4e17db0d4e9273aac247e45327f535fb35743a2d1ff6

rhacm2/cert-policy-controller-rhel8@sha256:8a40a601133a7623a19cc8c5cceec6e7aeddad49c555ccb1ef10f019532db112

rhacm2/cluster-backup-rhel8-operator@sha256:9def8e91eee47285f4b53aa6a693bdf56d02533cb9133fdf74be1b10bc199caa

rhacm2/config-policy-controller-rhel8@sha256:5a9bf9a041f71724760d902cc27192cbc45355fe10d8105e095df913c4758e9b

rhacm2/console-rhel8@sha256:55319cb2e71f5803601443d93fb6c31f0b2f7a8b6e8f83010704802eeb2d4b2d

rhacm2/endpoint-monitoring-rhel8-operator@sha256:4a8bf4cdbc302cccdade5e3984f950ba07ff3785469fdd6d04b2b5469ef08df1

rhacm2/governance-policy-propagator-rhel8@sha256:ab905744f7f5084fa77162acf9dc05c3c1b7ea296bce7f546b96e5190cfb56b2

rhacm2/grafana-dashboard-loader-rhel8@sha256:54fe9fb33cf9c605cb529e67354d3abcdaba6ca903b5d6526d7136c618afebd9

rhacm2/iam-policy-controller-rhel8@sha256:2aa7204ce885cf76fa76922fdf2d318871ad145e1d3abb93b01d83aa930744c0

rhacm2/insights-client-rhel8@sha256:1dda38022891cfd0a0527e27cb21df3475136dd9b6afb470ec1fe7d3696240cc

rhacm2/insights-metrics-rhel8@sha256:fc86235ed9b78bf6419eb281a309f95c9f31e572dd8ab250148e360d69235e75

rhacm2/klusterlet-addon-controller-rhel8@sha256:ec6d76dfe63c710120275adaab7e3a89efb37d26901cd03cdefb7554f3087a8c

rhacm2/kube-rbac-proxy-rhel8@sha256:68b3333915e559fbf170b4d5411504481440ad859e50f17096302cbae8f2f55a

rhacm2/kube-state-metrics-rhel8@sha256:54d76e251aa226585d6df57ec03482e857e86df016b14efd4d962c27cf2c0030

rhacm2/memcached-exporter-rhel8@sha256:c8e3cfc67af74fbb1c201e85ed3200aa8a8038e648d1cd082e3461264edbb8db

rhacm2/memcached-rhel8@sha256:dc30501fdbc30460d06283fcb4a5f6cbfde326bf8e45b1316e5c5c99ba65b691

rhacm2/metrics-collector-rhel8@sha256:34434e96e8e9ceb3745bcebcfc8d238d7d9e0df8de866cfa3570f24814f74363

rhacm2/multicloud-integrations-rhel8@sha256:e80e79ea75b56d268433b280f47237a155fb0b6f89674779f8906e54d6cec1c9

rhacm2/multicluster-observability-rhel8-operator@sha256:ee9976cc6d8033e91741c04bb0d2a046e4cc59ba4b9057ccb77817644ab9623f

rhacm2/multicluster-operators-application-rhel8@sha256:c1528756afe8efbe73f0e1b401339b95473340de75fad323be2941bf16f8f253

rhacm2/multicluster-operators-channel-rhel8@sha256:572ddc638d0995aaa78abcfdbd5c30430305ddbcab9a2f02fb15fc302fdc496f

rhacm2/multicluster-operators-subscription-rhel8@sha256:ff88ce0c02fcbe96f2cc4fdf31d40b447772a40b9ed61b1ea695207789203035

rhacm2/multiclusterhub-rhel8@sha256:e7b4e03bbeddb513539138dc133dad8de9d1712fb71678706fa031db1b2f5c29

rhacm2/node-exporter-rhel8@sha256:da387fe4786ff2b91697009d11c3d3edbef44a8b82632192a2d5aa451ad72190

rhacm2/observatorium-rhel8@sha256:07bdc9223a5ab6c3f14cba6398eb55a6fccb7bedb25083b6614f55f4670cddde

rhacm2/observatorium-rhel8-operator@sha256:640569ea3c84e726f26e27d3c1a7a8be9c95263d5ae2cc725d0f649e5e98e750

rhacm2/prometheus-alertmanager-rhel8@sha256:93d33065192e46cf096ec5d62c70e59b19eb1ab094e1564a7e27280b449cf6ad

rhacm2/prometheus-rhel8@sha256:4fb8fc6362a476e4229ef6ef019dfea47a272734d497b87e38d89f96f0f6634e

rhacm2/rbac-query-proxy-rhel8@sha256:bcce669100d810469f2f9cc58d3fc17c1b539fd607fe7de9ce86c2f5f97a660f

rhacm2/search-collector-rhel8@sha256:85ec79d6332fdb739bd97a1575451664a34adfc50023da7e38763e0e8f7050ca

rhacm2/submariner-addon-rhel8@sha256:d6b9af8e00c174c8c1175406c414a623238503b2c2cee4cd74306cf772828996

rhacm2/thanos-receive-controller-rhel8@sha256:810518f38313859da836e3996caff1c4cd45935c5a80fff5839b8c548722abc5

rhacm2/thanos-rhel8@sha256:7de488493adb42fcb37d1822598e778b62e51c0c638729733ae2d36f02210058

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

vm2 3.9.19 Sandbox Escape

vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.

Gentoo Linux Security Advisory 202402-11

Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Gentoo Linux Security Advisory 202310-12

Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.

RHSA-2023:5480: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.30.0 SP1 security update

Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...

RHSA-2023:5447: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.

RHSA-2023:5379: Red Hat Security Advisory: Network Observability 1.4.0 for OpenShift

Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...

RHSA-2023:5376: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...

RHSA-2023:5314: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Red Hat Security Advisory 2023-5175-01

Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-5174-01

Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:5174: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.3 security update

Red Hat OpenShift Service Mesh Containers for 2.4.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35942: A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.

RHSA-2023:5071: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...

Red Hat Security Advisory 2023-5030-01

Red Hat Security Advisory 2023-5030-01 - An update is now available for Red Hat OpenShift GitOps 1.8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

RHSA-2023:5029: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...

Red Hat Security Advisory 2023-4980-01

Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4972-01

Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4921-01

Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4893-01

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2023-4889-01

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

RHSA-2023:4889: Red Hat Security Advisory: DevWorkspace Operator 0.22 release

Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4862-01

Red Hat Security Advisory 2023-4862-01 - Multicluster Engine for Kubernetes 2.3.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4862-01

Red Hat Security Advisory 2023-4862-01 - Multicluster Engine for Kubernetes 2.3.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

RHSA-2023:4862: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

RHSA-2023:4862: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4720-01

Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2023-4720-01

Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

CVE-2023-40371: Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.

Red Hat Security Advisory 2023-4657-01

Red Hat Security Advisory 2023-4657-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4657-01

Red Hat Security Advisory 2023-4657-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4657-01

Red Hat Security Advisory 2023-4657-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.2. Issues addressed include a denial of service vulnerability.

RHSA-2023:4657: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.2 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. * CVE-2023-24534: A flaw was found in Golang Go...

Red Hat Security Advisory 2023-4694-01

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4694-01

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4694-01

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4629-01

Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

RHSA-2023:4628: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...

RHSA-2023:4628: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

Red Hat Security Advisory 2023-4523-01

Red Hat Security Advisory 2023-4523-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Red Hat Security Advisory 2023-4523-01

Red Hat Security Advisory 2023-4523-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Red Hat Security Advisory 2023-4524-01

Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.

Red Hat Security Advisory 2023-4524-01

Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4523: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27536: A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers. * CVE-2023-283...

RHSA-2023:4524: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...

RHSA-2023:4524: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...

Red Hat Security Advisory 2023-4488-01

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Red Hat Security Advisory 2023-4488-01

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Red Hat Security Advisory 2023-4488-01

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

RHSA-2023:4488: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 6.0.1[security update]

The components for Red Hat OpenShift support for Windows Containers 6.0.1 are now available. This product release includes bug fixes and security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject...

Red Hat Security Advisory 2023-4472-01

Red Hat Security Advisory 2023-4472-01 - Version 1.29.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13. This release includes security and bug fixes, and enhancements.

RHSA-2023:4475: Red Hat Security Advisory: Gatekeeper Operator v0.2 security fixes and enhancements

Gatekeeper Operator v0.2 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4472: Red Hat Security Advisory: Release of OpenShift Serverless 1.29.1

Red Hat OpenShift Serverless version 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containin...

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

RHSA-2023:4428: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...

RHSA-2023:4384: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...

RHSA-2023:4383: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...

Red Hat Security Advisory 2023-4289-01

Red Hat Security Advisory 2023-4289-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Red Hat Security Advisory 2023-4289-01

Red Hat Security Advisory 2023-4289-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Red Hat Security Advisory 2023-4289-01

Red Hat Security Advisory 2023-4289-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:4293: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Tem...

RHSA-2023:4293: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Tem...

RHSA-2023:4293: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Tem...

RHSA-2023:4226: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4287: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.5 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Apple Security Advisory 2023-07-24-6

Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6242-1

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

CVE-2023-37903: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

CVE-2023-37903: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

RHSA-2023:4241: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4241: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4238: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4238: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4238: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4238: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Ubuntu Security Notice USN-6237-1

Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

RHSA-2023:4114: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.1 security update

Red Hat OpenShift Service Mesh 2.4.1 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVE-2023-37466: Sandbox Escape

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.

GHSA-cchq-frgv-rjh5: vm2 Sandbox Escape vulnerability

In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. ### Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. ### Patches None. ### Workarounds None. ### References PoC is to be disclosed on or after the 8th of August. ### For more information If you have any questions or comments about this advisory: - Open an issue in [VM2](https://github.com/patriksimek/vm2)

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

RHSA-2023:3839: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1667: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. * CVE-2023-2283: A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocat...

RHSA-2023:3839: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1667: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. * CVE-2023-2283: A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocat...

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Ubuntu Security Notice USN-6166-2

Ubuntu Security Notice 6166-2 - USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6028-2

Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.

Ubuntu Security Notice USN-6028-2

Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.

CVE-2023-2603

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

CVE-2023-3027: governance policy propagator privilege escalation

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created.

Ubuntu Security Notice USN-6138-1

Ubuntu Security Notice 6138-1 - Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that libssh incorrectly handled verifying data signatures. A remote attacker could possibly use this issue to bypass authorization.

Ubuntu Security Notice USN-6138-1

Ubuntu Security Notice 6138-1 - Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that libssh incorrectly handled verifying data signatures. A remote attacker could possibly use this issue to bypass authorization.

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

CVE-2023-28321

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.

CVE-2023-2283: cve-details

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.

Debian Security Advisory 5409-1

Debian Linux Security Advisory 5409-1 - Two security issues have been discovered in libssh, a tiny C SSH library.

Debian Security Advisory 5391-1

Debian Linux Security Advisory 5391-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

Debian Security Advisory 5391-1

Debian Linux Security Advisory 5391-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

Ubuntu Security Notice USN-6028-1

Ubuntu Security Notice 6028-1 - It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.

Ubuntu Security Notice USN-6028-1

Ubuntu Security Notice 6028-1 - It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.

CVE-2023-27536

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

Ubuntu Security Notice USN-5964-1

Ubuntu Security Notice 5964-1 - Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering.