Headline
RHSA-2023:3297: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem.
- CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. This may allow an attacker to run remote code execution on the host running the sandbox. This vulnerability impacts the confidentiality, integrity, and availability of the system.
Issued:
2023-05-24
Updated:
2023-05-24
RHSA-2023:3297 - Security Advisory
- Overview
- Updated Images
Synopsis
Critical: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates
Type/Severity
Security Advisory: Critical
Topic
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General
Availability release images, which fix security issues and update container images.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Description
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/
Security fix(es):
- CVE-2023-32314 vm2: Sandbox Escape
- CVE-2023-32313 vm2: Inspect Manipulation
Affected Products
- Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64
Fixes
- BZ - 2208376 - CVE-2023-32314 vm2: Sandbox Escape
- BZ - 2208377 - CVE-2023-32313 vm2: Inspect Manipulation
CVEs
- CVE-2022-36227
- CVE-2023-0361
- CVE-2023-22490
- CVE-2023-23946
- CVE-2023-25652
- CVE-2023-25815
- CVE-2023-27535
- CVE-2023-29007
- CVE-2023-32313
- CVE-2023-32314
aarch64
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:fae4544c9152a84cc77c2e2ebe57562249f39f361c2b809f9a2593d335339d79
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:64971e18a7cbf9d8f76e95c6a2d237f3096c69972eb86c7a8db65c3f1faf26a2
rhacm2/acm-grafana-rhel8@sha256:6e74544e7ad3e878c25d7fda268217b075c9ec98eb72a668036b3eb54c58294a
rhacm2/acm-must-gather-rhel8@sha256:f3eeb212486cc46f8070d30abd8f52659370946706c8bbec98c81b39d353ff2e
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:23fdb1157d506f4e84ab4a6104b89cce06c88584f1dad55b0f63c799a48da3fc
rhacm2/acm-prometheus-rhel8@sha256:a2ccab69487ff37b984feef3358ea3dabdf6823f7c9747d13fb98fe10aa51232
rhacm2/acm-search-indexer-rhel8@sha256:57ccb6601d664bb18e31cb50f2316123b513491f05ac5436ffdc3fa2c420a858
rhacm2/acm-search-v2-api-rhel8@sha256:85e0ecfb8dc137ce3ad70a59e0e0340c22e0a08ed30d840a8f25db499794cd96
rhacm2/acm-search-v2-rhel8@sha256:75520ffe0b3a10231fb98ccd32bd13c2a1aa404cbc943fecdf98c1ab1f60f86f
rhacm2/acm-volsync-addon-controller-rhel8@sha256:c74101e5527144becce765a069abaacdd20aa640b62db4b45ee5417270cc77c1
rhacm2/cert-policy-controller-rhel8@sha256:f48727ab0dd239bede7bec19f4840216f9892c2ba45142d786197b901b76e0e9
rhacm2/cluster-backup-rhel8-operator@sha256:901bd76bc0cc4438ce03bdb5980b7534b28f5fcaa4c86f2c084e7d7bb5fbcedc
rhacm2/config-policy-controller-rhel8@sha256:a29058bd1220a912862be44f8a56237ea90db6f89a36f8b3d22f0ab616eda0b9
rhacm2/console-rhel8@sha256:7e85b139b038782ebd3c17e6e567f552a8116ecb3aa994abaf1230e2909881c2
rhacm2/endpoint-monitoring-rhel8-operator@sha256:a20bc44f91af8fca7263218c64c055190d2c2effd1332f8963936f61be18dda0
rhacm2/governance-policy-propagator-rhel8@sha256:c79c9d8839bd6e5a3986a05d799c633d2137342c46935a6267d8773d6d057933
rhacm2/grafana-dashboard-loader-rhel8@sha256:87090fb9323553c2c2d09accf7cce8908a6d5cdbb13ee04654423498d1640cf6
rhacm2/iam-policy-controller-rhel8@sha256:4caa0da88953d9881882ed0ea62e0d05564aa6b69195a393ea8aed3a6d0944ec
rhacm2/insights-client-rhel8@sha256:b6fa4ac77e122fdce5bdbf2cdbdce7c4b31fca0db00763cf0c386767930a81a5
rhacm2/insights-metrics-rhel8@sha256:b46023601464d01f5724d1d458a37d5631823a7ecfcca02bb814bb9c99a876ec
rhacm2/klusterlet-addon-controller-rhel8@sha256:ef8e5ea23a26f9b161998d42cfcd05cae5a9a6a20e65bf7b7224f2b8dfa2be50
rhacm2/kube-rbac-proxy-rhel8@sha256:ba14c20813545af11c5f3fb9afb6c6fae4c4f425464a343952e07d6dc8de98a0
rhacm2/kube-state-metrics-rhel8@sha256:f6e382d01351f0fdbd5588eeb192d0d5eb9f7213df1b7c147edda0949b6c5ae4
rhacm2/memcached-exporter-rhel8@sha256:6458c7a02e2db6315fb938ff9d8e5416659eeb032da85ef908f0b321dba9f978
rhacm2/memcached-rhel8@sha256:f53f62cbc9721d87f01ac3b4708e9d2b677d7e3304135bc7e52cb60d9557814e
rhacm2/metrics-collector-rhel8@sha256:35e37514d068a77b2cce2ebd0808442d8600630417b3e5ae469254d20de2b0d5
rhacm2/multicloud-integrations-rhel8@sha256:c1f0acdb11a7edadb9df8604b5c5a2249f6ea737f67a5564e34c04f911580e03
rhacm2/multicluster-observability-rhel8-operator@sha256:c2fe244dd8f3f1b582ad60afee0be244b9893b68bc76bf96d701cd9e7e65dc96
rhacm2/multicluster-operators-application-rhel8@sha256:c22628fec897cfb2a72b2a5a0d793acfdf6bbaa5fb8744c0294c44c542121c6a
rhacm2/multicluster-operators-channel-rhel8@sha256:703269948e16b502c60ea71d6162602998fdbfc16ab83ea3735bfa7e20fc4af8
rhacm2/multicluster-operators-subscription-rhel8@sha256:048b31fe1c809549c3e592b83625cac370c0c8621109939682e28436b08f63b8
rhacm2/multiclusterhub-rhel8@sha256:987358ca65265786c04113a9db5d7abba9951ec068e0fad7be284d65c129ec01
rhacm2/node-exporter-rhel8@sha256:a249f389e2ebc88247107280afdf3e4847de0129ca0a988e366d20c04a399b08
rhacm2/observatorium-rhel8@sha256:868c559493985d4322c35ec87771a2b6ceda8409b1c5bdb1aa5338038042353a
rhacm2/observatorium-rhel8-operator@sha256:7738fa65dd5bb486711fca2149840f825de59484e65ce868ef4bdf75d3af5e55
rhacm2/prometheus-alertmanager-rhel8@sha256:c676ad3e4e0eabe872a8dee7c5ec209504907b8064a327e92d31b6b77b35741e
rhacm2/prometheus-rhel8@sha256:52c368812ebfb070ac1b0b2d1a87c689025f6aebd9f9b1fc7f1b01fbd92088d7
rhacm2/rbac-query-proxy-rhel8@sha256:461a118aa681f35eeae4467d2d156258f9b5b514dd47198bcd77f0833746c8c1
rhacm2/search-collector-rhel8@sha256:e3d4868c4f441cf1f8b735bb22e064ea677c76123fc6be71da4864ee4de490e9
rhacm2/submariner-addon-rhel8@sha256:dee6303fd85d4b348288a97d6e97e0af9de535ab752bd0151e632292150c77cf
rhacm2/thanos-receive-controller-rhel8@sha256:f73b1a131fef639c71ee05a7badc000ab513b8c48cda22bb44631a874276d2b1
rhacm2/thanos-rhel8@sha256:e46d95c694f20b0decbcc81dc6a85ba98ccbde3ef2c35a74a94cd610218194b3
ppc64le
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:6b788c6e27b5c2b3e43ffc9fc02ecda0779139543ba0f62dcf9fb16d94e1b4ba
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:15d3e7fef71348289f8ecc3b4a212c220bcb62ea229e282eb6680cfc578d41f8
rhacm2/acm-grafana-rhel8@sha256:912c088de20e07f71184df96847ecc35b74778b9cdcf21cadce0d87fcc2d7ff5
rhacm2/acm-must-gather-rhel8@sha256:8b8ea0ebf239007d5bffe30b78a04b94d15e846d2700b333919a8f7d947bc7a1
rhacm2/acm-operator-bundle@sha256:da2f94544194da85466848c0b665958c5c51c1c6b6e799c6f715a4ea181dfcfc
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:7ebebfcb6123d85777e7084b60bd423b3648ca5e005e2b4a66469a8188e5e2b1
rhacm2/acm-prometheus-rhel8@sha256:7d5cdbb37a387c6e83da3302432362d779249d04db979c128024c0c266b5e0bf
rhacm2/acm-search-indexer-rhel8@sha256:731ba8cfd71e46f5035ab6af49dfe1be8a7dac9bc0605e3ae725f5dfd055633a
rhacm2/acm-search-v2-api-rhel8@sha256:6b2dfbbc9d88e61bede58c9d4b0c8085eac14cd7003aca836ca537c38f1ca2c1
rhacm2/acm-search-v2-rhel8@sha256:31481507e273dd6560925f54e2fcd030f3c59efc6e0f8dd4389fa2fb6a4864ab
rhacm2/acm-volsync-addon-controller-rhel8@sha256:480aff20942dd10a0521aebc98225d9331bee5d5c7d2b61214e80a0a071e8f34
rhacm2/cert-policy-controller-rhel8@sha256:46ddec78bcf7227c4faa2060da8c66c4200564395e522383d9ffee5c5b8aa960
rhacm2/cluster-backup-rhel8-operator@sha256:c3358dd0cc0a31331dea8699d76829b96e99e38250df861f687b3906c8d6d938
rhacm2/config-policy-controller-rhel8@sha256:b76b777645ca5c2b7f1517211a78369fed57cca059ce80017d135ff777e62303
rhacm2/console-rhel8@sha256:b7ce31018d03f34dfcb6796dd22a8e59452b844da29627e9e3dee4d0a75d4745
rhacm2/endpoint-monitoring-rhel8-operator@sha256:e04f58e4dec888682166fd1e146504b905f6e873a2f861307f31143591ff3bc2
rhacm2/governance-policy-propagator-rhel8@sha256:4a90d818792018efaa0164d79cd0c7f2ccc3826bac306ab8fd045ee07595c7e5
rhacm2/grafana-dashboard-loader-rhel8@sha256:e6018d572789f1e34d6c8b8d77d81d297e79ba107e4e8b1461d76cfd7c2405ea
rhacm2/iam-policy-controller-rhel8@sha256:951e415bc4ff878267767d7a636ecd9f6415ccaa21599c3723680d20595f7e32
rhacm2/insights-client-rhel8@sha256:f7e51f2e235ea5f5447304bb931ebadbaeacfaaa58077b783edafaba59916e6f
rhacm2/insights-metrics-rhel8@sha256:0eacb83e481a7f3b3e32a0ebcbc2f932df3d254d27fe0de23e4ac7799beaf42c
rhacm2/klusterlet-addon-controller-rhel8@sha256:7c69884fcbcd5a1d2cd8a056ceeb22868bee374bc63d7062bd5a612081f2d411
rhacm2/kube-rbac-proxy-rhel8@sha256:cc90b7c1d5a0bdee57d1cddfe13beaeb5a6ca0537a69da2637fdf2ffdb3ec585
rhacm2/kube-state-metrics-rhel8@sha256:758298ed61c731a47a5f01a9c56d9f0389ad13f657d8a51facc0b4eaa9dfb545
rhacm2/memcached-exporter-rhel8@sha256:3f1795548415667da51b5287bd32ad4c2067c62460e0d6195e422266306595bb
rhacm2/memcached-rhel8@sha256:8cf183236a277da7deea18ce5e31cd93cbbcd4241a04a720d28f506fcfade1d9
rhacm2/metrics-collector-rhel8@sha256:737923240dc73d6d6b18783fb903ad00ef8cb4fa83402ade463701323a90487e
rhacm2/multicloud-integrations-rhel8@sha256:bac0c00cd18d8f0cf8cd21f02785e6ea3a25f3a7f7ab51f650c526825892a467
rhacm2/multicluster-observability-rhel8-operator@sha256:680944981f03ec009fb7b689d2a7d533e47f04f3c74dd82981346b61808cf2bf
rhacm2/multicluster-operators-application-rhel8@sha256:e8be0ee9a18dc12dcbd9b4a9b1dd183a266d32a3e24238a0b071b9385c51a4db
rhacm2/multicluster-operators-channel-rhel8@sha256:51f8a229ee3a5fbccebe413d3e79d2eff185f001ef41a4c21636bd76a048b870
rhacm2/multicluster-operators-subscription-rhel8@sha256:2fd82721645e8241f0af739fa9454c68a526fea1d6370643fbdfb963bd7d0a30
rhacm2/multiclusterhub-rhel8@sha256:14f8b9c0f195dddb0daf893fc45ca86803c2700eddb5d2a8c14a2b450d590fd0
rhacm2/node-exporter-rhel8@sha256:189ef7d4796f6b231b4feab2c56bc7e5a65657ed050a45a46e2a860edc532d04
rhacm2/observatorium-rhel8@sha256:a59a9699594f65c9cd855c414f54a5ac30acd215cad71726d38cfdd2b94a59f5
rhacm2/observatorium-rhel8-operator@sha256:8580a592b12013ba415407df7520610b5678a9894cbe51ea08a44cd16491f10f
rhacm2/prometheus-alertmanager-rhel8@sha256:9df63bb68edba884a90a83c2d4e9953dc731aedd3f37875138d9e57c9245bd3e
rhacm2/prometheus-rhel8@sha256:82925b21c152a2915e35140daddc8b4a2f504a00eb2c66f455102e303ad992f0
rhacm2/rbac-query-proxy-rhel8@sha256:bfa2d0ba2135f23115fc499ed0026efd9ed5449eef7fd6c1245026717dde1136
rhacm2/search-collector-rhel8@sha256:e279ef5f0386c85abfb1e9081c24049c0766715faaf1f0d7fe9a9f8c98206257
rhacm2/submariner-addon-rhel8@sha256:7ce88f8c90de043123b2105f53c29ecffc92990f374898d5d9c6ef1d5535bdd5
rhacm2/thanos-receive-controller-rhel8@sha256:29d9a4ebc4f4c60f186c79d9b04fd45f3cc7d1fc7bcffce74a1bdf48967902c7
rhacm2/thanos-rhel8@sha256:447c4707a3d2eaec060c3d8eb20613bcb9685cf4d7abcaf3f968bc843d9edbb9
s390x
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:9f9477dcb6a36209e4c05440f31c7b900f89d0c392fa015c289c41b23044e941
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:cba5373640e9bc682fc85386a8c9d01a24ddd498a0c6c29748db780767ef8946
rhacm2/acm-grafana-rhel8@sha256:52b4441b4be3e1a9d6a96c7de513a66779e00bbca0aa057f42185e0f8de14a5f
rhacm2/acm-must-gather-rhel8@sha256:af4c3daa73d831659f66fa87fa5eb40eaf45d4be2a29c4a7a82cc42ae0351160
rhacm2/acm-operator-bundle@sha256:ef6255b31e4b1e135be1d0e6c22df75da590cee0fc287fc30d1b9b2d1239f932
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:9d95fa69cb93f3812e7f60efa7ddca72633099954ba322f7bca87dfa51b2cc28
rhacm2/acm-prometheus-rhel8@sha256:ba11e6ced7fcaf0e325f695c1c71e2c63e0b2ea3541783320a8eb7d443f6a548
rhacm2/acm-search-indexer-rhel8@sha256:ce6a928f26ae1c009c2a7d0de1631c71b0b39ea24af7bdae68328c4019c7b722
rhacm2/acm-search-v2-api-rhel8@sha256:e5a5b7f8dd9eeb670c941deac3b232ff9f7d3a5b2e1968c59ab084f03a8d7efd
rhacm2/acm-search-v2-rhel8@sha256:a98f0b26494ca4747f5dbb25d29333ba500b6f19463ae8dce4aa0dcb76028761
rhacm2/acm-volsync-addon-controller-rhel8@sha256:42845c78a83f83ff3eb66bd4765141da348e5eb14d9579eaf2dce729fc1d657b
rhacm2/cert-policy-controller-rhel8@sha256:ff4f399dc4deb9dfb5e8916689550e4def0fad58c04ea1e42573eb72fa5e7f36
rhacm2/cluster-backup-rhel8-operator@sha256:291509d8efe5e4c5c3cc33c8010d8a8c18144f3ead588a25a1f5165c5e3e4353
rhacm2/config-policy-controller-rhel8@sha256:8c8b02ba842646be069915ce21bc3ee58e07311f57d0bf356b5ab8d4a38bab72
rhacm2/console-rhel8@sha256:26020445066fce5855666a8915358faafe0bc8003a1347450343cc9a0372f793
rhacm2/endpoint-monitoring-rhel8-operator@sha256:799e96d9b42296295e39f5b36c37f7682f3d256c2d9d127b863af44017a28ddf
rhacm2/governance-policy-propagator-rhel8@sha256:3824c92c24d769e8e834ee64b7110077d47c7e1f8803baa4c39b09b3bd832b2b
rhacm2/grafana-dashboard-loader-rhel8@sha256:c057f8cda18bac9552a72b51404ec54f40d7b87b4f8ddb1835cbdb2dbc839500
rhacm2/iam-policy-controller-rhel8@sha256:409f6408ff7f402c25479b4bb04a4c5e119240cc890cf2a68186b51484265d2e
rhacm2/insights-client-rhel8@sha256:3d7c20e668120c7029fb8174a26d51114725b59cb0acf7b5a8cfbe1f6a236ee1
rhacm2/insights-metrics-rhel8@sha256:20808bdf67ce7365dc19fd80e8772a2027de4c6e34b1404adf86ec87df60c990
rhacm2/klusterlet-addon-controller-rhel8@sha256:a6d172d0c1a6a88f27186b7ba46693a8a965d76650ea5c2cc3bc5c80ae982b03
rhacm2/kube-rbac-proxy-rhel8@sha256:7e0d0ddb66b8fa5fa74bcfd8259b49de9b025b37b1a6f5a900be56894b56240f
rhacm2/kube-state-metrics-rhel8@sha256:7dbe69422d3052347c947b94964bec6fb2c13bdfc7b4683e09ebd9ba41164ade
rhacm2/memcached-exporter-rhel8@sha256:7451f3cf999b7b43f400634d102f5621d85225ca6433f79ad55e6a3eb26a5d4c
rhacm2/memcached-rhel8@sha256:e3073ac22e2c429b7d7b923f41755d8f11f43fdf95da6d6d842c4f7bed7a090e
rhacm2/metrics-collector-rhel8@sha256:9cf3b17219b13144c43c0d2b084062c0e71654147dc68991138b33326a319088
rhacm2/multicloud-integrations-rhel8@sha256:13d1c742ea17c8a5706e0c2608d12b59b316742cac4427ba66282cac0944c6e3
rhacm2/multicluster-observability-rhel8-operator@sha256:e2ecacdd5debb438f9e29bc313e4f6110905831b89146f6a6c51e7bb70890d39
rhacm2/multicluster-operators-application-rhel8@sha256:7d6722154d1394a8de1a37c77356c6b316a0f3e71701038198e76dc9de51d897
rhacm2/multicluster-operators-channel-rhel8@sha256:aee60032e3722161559acfd9157cdedbf4daddb58e96d50ee2cbb48ab5dfbdc8
rhacm2/multicluster-operators-subscription-rhel8@sha256:6a71451fb11b98c97db289897cdc1d7cc71c30695073760a27db1cf9c90150af
rhacm2/multiclusterhub-rhel8@sha256:beede6fd9c89e55e8d15a715803469b3c9d98ed47226a6058e89869ebb39aa64
rhacm2/node-exporter-rhel8@sha256:136764a6f8e4f4fc11c92163048d4f3819528056ad43e40e786242f38f5bd2ac
rhacm2/observatorium-rhel8@sha256:4930995dd0286f6dd628c7a5db7cabb437dcde73ea2c44a48d5fa454c4575c39
rhacm2/observatorium-rhel8-operator@sha256:e070344ce9f16c06f82c6f7c04b08cd3af4c2dc69cc45c326964eb1388e3708d
rhacm2/prometheus-alertmanager-rhel8@sha256:3c67bb338514b7d2e3b3de7c5f47d288a3809476bd27cb33c183af9bc0f0d6ee
rhacm2/prometheus-rhel8@sha256:e1144914f6ee12bbdfd2dc086be8c978f5545973e2c9ee318ddf200f4cb35106
rhacm2/rbac-query-proxy-rhel8@sha256:c3956d26e36da15bd8a12c3632cb538df317eeac77c8dc1b897ff7d85c8ffd69
rhacm2/search-collector-rhel8@sha256:ecc891aac62e2bfdd73a19793d01f54c4c2a743dc36141bb9642af84553eca50
rhacm2/submariner-addon-rhel8@sha256:cae1e2b097fd8f286e0358fc4641554a4344f10812e241c3b935ccce55d8387b
rhacm2/thanos-receive-controller-rhel8@sha256:04fb7053912960312d3d5b289c0966f488e96c1913a086f53eb6062bca04c876
rhacm2/thanos-rhel8@sha256:5e8378bab2944193c498bbf77f476695eb7bfee03ed20dbcb1762c589638a0e7
x86_64
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:bc35143299c33a3902a31a90434c1b8129a5e3f0ae0c1141755ee5ac2f8365b2
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:66aef18dd4cb2561bb0e6e05e327649bd2e367bccd2f8c5310fd1bb95dca1ccc
rhacm2/acm-grafana-rhel8@sha256:e6166e6d96e18d180f5b0849ce788306481e39bf0272f4f04953a1713b774008
rhacm2/acm-must-gather-rhel8@sha256:d62940615ef18cbf6d183557fa3247f5b9596ebcc04c84b583c22612929ce2fc
rhacm2/acm-operator-bundle@sha256:896433eec37908941f3dbde58e1c20f34713a0db3fe66148ae841ff2d7358bc3
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:476bffb4da805ef4957454b3c584ab67396b6b96cf4ca7882dc9d63655d65eaf
rhacm2/acm-prometheus-rhel8@sha256:4aa5a3ac780484767a119af0d46ef5f47b26f4cae77700a3681ef6c3ded21941
rhacm2/acm-search-indexer-rhel8@sha256:df930c287c221d0af3d3a25c6e6b4c15f084ddc7bedee83853389ae0206a62ea
rhacm2/acm-search-v2-api-rhel8@sha256:3950caddcf59d8f002960484657d3f5eb888862e57a2250fbaecba1e06acdb1f
rhacm2/acm-search-v2-rhel8@sha256:b81977593ff2a000fb47d77cf704ea131afc068e71945cfc8eee5255b7363cd0
rhacm2/acm-volsync-addon-controller-rhel8@sha256:b21aeddf564947b9bba4d08b04f4b6857c7c6abd6906ebdb93f1c8b13722c4fb
rhacm2/cert-policy-controller-rhel8@sha256:3d7d9668e65db39ee85f2689eb5e2e7567f1bd6a4137fad9149157e3fa49d70b
rhacm2/cluster-backup-rhel8-operator@sha256:63ae38822655466d16d8497a4e1b778190e30ceee069669938fe429841480064
rhacm2/config-policy-controller-rhel8@sha256:0c06311b0a6ff3e4c78f7929d63386025defa5dca680b0384231c8ba3ad031f3
rhacm2/console-rhel8@sha256:84c956c3135e0c9b01abf8604cc7aeada6ed7154448efb1c67f290bc9e56e905
rhacm2/endpoint-monitoring-rhel8-operator@sha256:f027d6c5284e51649e5a9f248fa9bd238f8df1bf8bf80293c6d1744afdc92a76
rhacm2/governance-policy-propagator-rhel8@sha256:4e8507c6590f99f92816abcc6860c920aa5702c818e83b6c3cd3d48272c2c27d
rhacm2/grafana-dashboard-loader-rhel8@sha256:86d3363507579de2e9afd7161ec7caf928a269c8bf0d1b6067f1b401db4838cd
rhacm2/iam-policy-controller-rhel8@sha256:4f1db401aef8caa3fa8a148e3a2945c6042ea2417586f5db4bb57bb4acbde580
rhacm2/insights-client-rhel8@sha256:211857457460ff29507325c6fb63df07215ab7be39830f07462bb837f6ec89bf
rhacm2/insights-metrics-rhel8@sha256:2df1718c381ddce5d2d8e85a707a321f496577f5c3e66cea48038adc0deab41b
rhacm2/klusterlet-addon-controller-rhel8@sha256:c18cfefb01d92f1addcbb8a5703520a26612a3b2ea7e452125faab8dd2862f22
rhacm2/kube-rbac-proxy-rhel8@sha256:2bd3bb8c371b2740a7d863b0ce16b188fbb6a8a1240ec82cddde1e1a4eb8400a
rhacm2/kube-state-metrics-rhel8@sha256:1563a1504722d169ee1c58038f3d29987db454ad20b5581714dd1831bbd9540b
rhacm2/memcached-exporter-rhel8@sha256:d872509b021be3cec4a650754a47612b84f76947084e2213e2dff487ab2ee38b
rhacm2/memcached-rhel8@sha256:eab727268b3d16966c289c0ff3c7c033eab98f2706c08d3fb866e481b5c17013
rhacm2/metrics-collector-rhel8@sha256:a01fe2f069f9d6fa02981a78ccf020515d325447419548ff8032b3108573c481
rhacm2/multicloud-integrations-rhel8@sha256:13c7bb180216712003cdd7709b2000e8469036b3f122cb419bd5cc62a23efdea
rhacm2/multicluster-observability-rhel8-operator@sha256:2687e1ab8864c23b07f5c1c536f9513ea5fd3617432ffdcc355a07c3ecb3f8c1
rhacm2/multicluster-operators-application-rhel8@sha256:1b85817535e0404683da3f800ad571104da79593255604e7339c954d1572713c
rhacm2/multicluster-operators-channel-rhel8@sha256:bbbfe7efdec17f6578deb2578db54d495f495314ffdccf8fb12da53ae9801e10
rhacm2/multicluster-operators-subscription-rhel8@sha256:57b6cbf1e628d5c140331a068936b28c002a4444c500ccaffbbae73ae41e6f3a
rhacm2/multiclusterhub-rhel8@sha256:fb02b7d23ba59b0c3a9fac5ebda4ac7d97a0ab88e62f5835df70ca75244a9636
rhacm2/node-exporter-rhel8@sha256:13d67a27f45e5aca4c537170ef662215ffba3cc9f1ba5dfbaf9fb63ba7a97571
rhacm2/observatorium-rhel8@sha256:1138ec3ac46cd664eec8f849e233c21cf17850057aa3d173ba86aa5bcd66fe31
rhacm2/observatorium-rhel8-operator@sha256:93404018283532eb15714537d3505d678b10d9912027385005e36065c614125a
rhacm2/prometheus-alertmanager-rhel8@sha256:854e14723feac8cfa9a1a998cc06cec6e0e01ac5e7d56621674995d129f533e5
rhacm2/prometheus-rhel8@sha256:1a52a05c9313b2ab671ff40abf13fc1ea315c44df5d00f359af6da514dfc044b
rhacm2/rbac-query-proxy-rhel8@sha256:8b328cab48e6bdb8976ac77b51d1b06abb57fe8d9037a225ddd134db68d83ffc
rhacm2/search-collector-rhel8@sha256:596e8c12dc717f72dbc41a692f2c086ce86bc34f3eb16a855dadf5f430a5a8b6
rhacm2/submariner-addon-rhel8@sha256:c06a6b3770a64dc98b0d209795b1c5f8d4bbc109742b4dfbc43a6f788a2d3145
rhacm2/thanos-receive-controller-rhel8@sha256:00179dad38eebcbdf5f0eea01c575f302e507fbd449cca246cf499ba7a80178d
rhacm2/thanos-rhel8@sha256:23e7976eac9bc3e80320118e46ce5188aa9b13e10ce073740e13ae522aaf3163
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
The components for Red Hat OpenShift support for Windows Containers 6.0.1 are now available. This product release includes bug fixes and security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject...
Red Hat OpenShift Serverless version 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containin...
Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-4025-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Service Mesh 2.4.1 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-3813-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Red Hat Security Advisory 2023-3342-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat OpenShift Service Mesh 2.2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents. * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtai...
Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted inpu...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-41854: Those using Sn...
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...
Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23539: A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. *...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23539: A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. *...
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat Security Advisory 2023-0584-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.1. Issues addressed include a denial of service vulnerability.
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. ### Impact A threat actor can edit options for `console.log`. ### Patches This vulnerability was patched in the release of version `3.9.18` of `vm2`. ### Workarounds After creating a vm make the `inspect` method readonly with `vm.readonly(inspect)`. ### References PoC - https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550 ### For more information If you have any questions or comments about this advisory: - Open an issue in [VM2](https://github.com/patriksimek/vm2) Thanks to @arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc. for disclosing this vulnerability.
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27535: A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERN...
An update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-36227: A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.
A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. ### Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ### Patches This vulnerability was patched in the release of version `3.9.18` of `vm2`. ### Workarounds None. ### References PoC - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac ### For more information If you have any questions or comments about this advisory: - Open an issue in [VM2](https://github.com/patriksimek/vm2) Thanks to @arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc. for disclosing this vulnerability.
vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Red Hat Security Advisory 2023-2728-01 - The Red Hat OpenShift Distributed Tracing 2.8 container images have been updated. CVE-2022-41717 was fixed as part of this release. Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements.
Red Hat Security Advisory 2023-2710-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.3 for use within the Red Hat OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include denial of service and information leakage vulnerabilities.
A new image is available for Red Hat Single Sign-On 7.6.3, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-0341: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction...
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27535: A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERN...
An update for libarchive is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-36227: A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.
Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-2061-01 - Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40186: A flaw was found in HashiCorp Vault and Vault Enterprise, where they could allow a locally authenticated attacker to gain unauthorized access to the system, caused by a flaw in the alias naming schema implementation for mount accessors with shared alias n...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Red Hat Security Advisory 2023-1888-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service and server-side request forgery vulnerabilities.
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
Ubuntu Security Notice 5964-1 - Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering.
Ubuntu Security Notice 5871-2 - USN-5871-1 fixed vulnerabilities in Git. A backport fixing part of the vulnerability in CVE-2023-22490 was required. This update fix this for Ubuntu 18.04 LTS. It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport.
Debian Linux Security Advisory 5357-1 - yvvdwf found a data exfiltration vulnerability while performing local clone from malicious repository even using a non-local transport. Joern Schneeweisz found a path traversal vulnerability in git-apply that a path outside the working tree can be overwritten as the acting user.
Debian Linux Security Advisory 5357-1 - yvvdwf found a data exfiltration vulnerability while performing local clone from malicious repository even using a non-local transport. Joern Schneeweisz found a path traversal vulnerability in git-apply that a path outside the working tree can be overwritten as the acting user.
Ubuntu Security Notice 5871-1 - It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite a patch outside the working tree.
Ubuntu Security Notice 5871-1 - It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite a patch outside the working tree.
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution.