Headline
RHSA-2023:4862: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes
Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
- CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code.
- CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code.
Issued:
2023-08-29
Updated:
2023-08-29
RHSA-2023:4862 - Security Advisory
- Overview
- Updated Images
Synopsis
Critical: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes
Type/Severity
Security Advisory: Critical
Topic
Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Description
Multicluster Engine for Kubernetes 2.3.1 images
Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Security fix(es):
- CVE-2023-3089 openshift: OCP & FIPS mode
- CVE-2023-37903 - vm2: custom inspect function allows attackers to escape the
sandbox and run arbitrary code
- CVE-2023-37466 - vm2: Promise handler sanitization can be bypassed allowing
attackers to escape the sandbox and run arbitrary code
Affected Products
- multicluster engine for Kubernetes Text-only Advisories x86_64
Fixes
- BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
- BZ - 2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code
- BZ - 2232376 - CVE-2023-37466 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code
References
- https://access.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-001
aarch64
multicluster-engine/addon-manager-rhel8@sha256:cc63ba00100aa400a62879b3d626299de90bf6d1b656efe630fbf55d5c3560cb
multicluster-engine/agent-service-rhel8@sha256:fc42bb477f31abe0a38d91f69e6e87d5708a3d8804be8c70e28cfdd1e2c79f4f
multicluster-engine/apiserver-network-proxy-rhel8@sha256:de2c082c13c10af5200449d864b8183c0b50072bdb14e013acd5a68f9ce59038
multicluster-engine/assisted-image-service-rhel8@sha256:8a0cf7b7c7f6ab7d1633b199c384c54229c587f74722525a9ea404526ad0f535
multicluster-engine/assisted-installer-agent-rhel8@sha256:1641b0e5ca5025cf77270eeb984623210032720795d3389c385b7ef6be03ea11
multicluster-engine/assisted-installer-reporter-rhel8@sha256:6f84711ba30c7529d620864197922df08483048cb43015c8dbb8aad95c088f29
multicluster-engine/assisted-installer-rhel8@sha256:15215af26dc92a0e96b6deea8f55937f25623ca98ad1fac00492f2d7b31267a0
multicluster-engine/aws-encryption-provider-rhel8@sha256:4bb48c97bcf04405aa251c878357727a8dd81e15414b5e47a1e402a80143225c
multicluster-engine/backplane-rhel8-operator@sha256:80186e8d2650f6b86ec6361cab479125d2fc2eb03ee8e2da549f66bcd32d2a65
multicluster-engine/cluster-api-provider-agent-rhel8@sha256:3ff1d9047b057498e30119c6982b282d463c15aabf7f5c05014f8ab2880a9604
multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:3ff1d9047b057498e30119c6982b282d463c15aabf7f5c05014f8ab2880a9604
multicluster-engine/cluster-api-provider-aws-rhel8@sha256:3c7c20616dfd117ee5d97d577265dfa13567879406219ddc98ce245bf6b630cd
multicluster-engine/cluster-api-provider-azure-rhel8@sha256:11b6e3dc67d8419dbdc684117eb3818550c7116ab5b58adfe949f73d528e809a
multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:128a9f76b7e93a0c3d1894e2c3d8a8403f5b21f225ff780176ae4a08cd293651
multicluster-engine/cluster-api-rhel8@sha256:7cb1663dc23978186302ebc75c3f468d0d1e4ac7ffa3d59167837ec9aff01031
multicluster-engine/cluster-curator-controller-rhel8@sha256:c92e65e7fd1d344d30035656623e7fdad258c2b2b85caa225456228c3804a49c
multicluster-engine/cluster-image-set-controller-rhel8@sha256:af7ba02c5683b1edd6b1c93b49815c8913a96615deda6ea540d12e9036139516
multicluster-engine/cluster-proxy-addon-rhel8@sha256:c5fdb348ede5e6c5aacba6570c492e12f94f479876aadb7e248ff6a5ec2936f0
multicluster-engine/cluster-proxy-rhel8@sha256:8fd18fdab12c5f17a3754e33a44abde57eb19dc12beb6744b7aeb745832dc10a
multicluster-engine/clusterclaims-controller-rhel8@sha256:1d53a3177e4d745c0bfac4b3caf6de7a430c0aa79ac57044c22b4e131022a306
multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:89abf93ca7cafed5b2338b2bb52bc4dbcab0a7d2922d412485f99bc8533ad9c3
multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:4c257b61e2b6b85adbbf1dcd5b108cca53f51a726294e227add2d9b73ed9ab81
multicluster-engine/console-mce-rhel8@sha256:4c257b61e2b6b85adbbf1dcd5b108cca53f51a726294e227add2d9b73ed9ab81
multicluster-engine/discovery-rhel8@sha256:1b0b1eb7467034b9661df9d4c63be2d1e677b6110e2e4abb03c87e827ee073fc
multicluster-engine/hive-rhel8@sha256:9ad55782ce94d9bbd0ccef475804e8a1c5747b04b091fc1f5e1ce6e2e8b71d69
multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:5313694f9da4fa109b6945d0a418edb9e75a5cd63435a66f9829a198ff11e463
multicluster-engine/hypershift-addon-rhel8-operator@sha256:5313694f9da4fa109b6945d0a418edb9e75a5cd63435a66f9829a198ff11e463
multicluster-engine/hypershift-cli-rhel8@sha256:88d81dd04bb2c6efb6f4fba86af2d8b77ce561627feafb9355cec5387015ad92
multicluster-engine/hypershift-rhel8-operator@sha256:d04e8285e9f699d716c03feb17586a4197b01a80e51f2b5f6ef6f6f90307f2bd
multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:b12aa808fcc8e117a4856284dc4adf09b648b02d3efbad56776b430ffd59ce92
multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:fa3e93f8b44d833790387786a47944b05f64e0a09305814a48226e5f0836c7d8
multicluster-engine/managed-serviceaccount-rhel8@sha256:fa3e93f8b44d833790387786a47944b05f64e0a09305814a48226e5f0836c7d8
multicluster-engine/managedcluster-import-controller-rhel8@sha256:f7fc9848d9237cf904751d9b11ca82265228d488037b757a21081310dbb7fc14
multicluster-engine/multicloud-manager-rhel8@sha256:bd7875c7f12e857ef9a18eac37995b9bc7870695710c2d75e74be1b069c8f8ed
multicluster-engine/must-gather-rhel8@sha256:e640ffafeaea4202a5fa60b42c742bab7373c87a73936cc7e0e3b593df94af7d
multicluster-engine/placement-rhel8@sha256:b6de6f855d966b04b82923743cdffc0b1f4b8ffaa54576f8ac2a22a79daf13d1
multicluster-engine/provider-credential-controller-rhel8@sha256:c4222c37e79e0159f4fedd9d8c0a5eebe0c80a8f7ec71b3045d2c43bfa6f288a
multicluster-engine/registration-operator-rhel8@sha256:663666b1a0e3501167aa380117945adfa7637a4ac66201c2943cc81936f970df
multicluster-engine/registration-rhel8@sha256:f6f58f94e365894fb235e1fe772eca25bf4828df3801bcf8d78aa56d3f6b6cff
multicluster-engine/work-rhel8@sha256:845ac66858539f6c3e3973dd22ffc5d74c28c973b3df2907e7a5fec92636bc80
ppc64le
multicluster-engine/addon-manager-rhel8@sha256:c7dabda148d08a9a7fcd1c6f7071771095d66d8692a97c4dc8a283bbbadd3f57
multicluster-engine/agent-service-rhel8@sha256:047a64071dbf9c749c9a45adda04337da565309765120c737e45b57eb2d0fc11
multicluster-engine/apiserver-network-proxy-rhel8@sha256:a4f1012bc118e8e84b81fef373396f936474ce97ec49082ce494bf58320d895a
multicluster-engine/assisted-image-service-rhel8@sha256:081e834b6321aadaa41a32aeb1e4cebbff9f0ff97b0f7d8439e31cd766d97fb5
multicluster-engine/assisted-installer-agent-rhel8@sha256:f0bb2414be608cf2b2165ec7f447d1dc0872d1c88e7bcb94fdd6ecea00bd118f
multicluster-engine/assisted-installer-reporter-rhel8@sha256:8cb0370f1e02a9cb4efde42c2a5603ee381f0439032d47e4820dec389b7983b4
multicluster-engine/assisted-installer-rhel8@sha256:687a81c63b5f29e1b1d261bb30aa9680c0be1796d367fbe6a444780b9879b62b
multicluster-engine/aws-encryption-provider-rhel8@sha256:2f881115c821d32ddd28fa0f8ab4a0cc97fb983bfa47979e5a610ad71060b85b
multicluster-engine/backplane-rhel8-operator@sha256:e955b27544ebb5fc8fafe6f47126bc6b582db2926491494edbf9035f72bd3d1e
multicluster-engine/cluster-api-provider-agent-rhel8@sha256:92be26745d91f855ee0d7bdd593e7323e478d9e78780a965763c525eb46c3c4c
multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:92be26745d91f855ee0d7bdd593e7323e478d9e78780a965763c525eb46c3c4c
multicluster-engine/cluster-api-provider-aws-rhel8@sha256:58770c8ebba9589c840415e15d8a5a253165197860d08f4fcb67895f2c53180d
multicluster-engine/cluster-api-provider-azure-rhel8@sha256:8759cd1617a2b2ee1bbcd0e39e8e80d89536823b22bab9404d408eb717cd0582
multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:529bd224d886d439f2314415cb3f6fe49b8e1b7a93057757c7128369e3206778
multicluster-engine/cluster-api-rhel8@sha256:53f8d3a1bda8957dd7d4771af62b2edcb43fcb376c680a0cdfe81f844a898b64
multicluster-engine/cluster-curator-controller-rhel8@sha256:7f115848660571349ef69849be7e31777f159f5156022525011e21f90ebeb5b8
multicluster-engine/cluster-image-set-controller-rhel8@sha256:3eae46845050663f6c86d0f2f3447cad198bd1548cd3e21ccc29732660b50e3c
multicluster-engine/cluster-proxy-addon-rhel8@sha256:85f9e08be24f1c0ed2a983246aa5eaa1fa8a95d437feefe2c39f5cce3cba49d2
multicluster-engine/cluster-proxy-rhel8@sha256:2cea33d15e4345726ef75fe3dbef3aa9122a42a973daa206c2bfd91a1feb3e0c
multicluster-engine/clusterclaims-controller-rhel8@sha256:39eeb28b5739d9285addf2efb4c6929c2086345c4508769f16ed766cc8af5784
multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:5db362ac9cacd6e4e598c5e792f951c82958e45e764053362836e6cdaf492896
multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:8439c1387dad32f0c3bad8fde8e894fce85a4080edf214d950eb03daafde78fe
multicluster-engine/console-mce-rhel8@sha256:8439c1387dad32f0c3bad8fde8e894fce85a4080edf214d950eb03daafde78fe
multicluster-engine/discovery-rhel8@sha256:ad5b199f8d4e0c7b51723d5611560bbb4d570f79abfd97b01282f9194a3cab4e
multicluster-engine/hive-rhel8@sha256:33f19bde33a453c15a182ee1c4631d0141d1e4073c7003c317f89551855e6f53
multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:e1a340a056b690e43f236a17094b79d5af76a88fbb99becb3111e2a694d86a12
multicluster-engine/hypershift-addon-rhel8-operator@sha256:e1a340a056b690e43f236a17094b79d5af76a88fbb99becb3111e2a694d86a12
multicluster-engine/hypershift-cli-rhel8@sha256:ff9c43bedf69c494f94bb196e0393ed4908a0fb6a827dd18e81023ed96a3abef
multicluster-engine/hypershift-rhel8-operator@sha256:f7cab32ba3fbad2c0369b628a3b83c360a0f035b5abfe9bcc12540a41930aee5
multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:0222c9c148d9f8842e848faccdc1c2b4d7c062876473c8376c481c75b3593b26
multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:6d69212b58623df24eea1714b42171bf503fe6ff0e9be3225eacbdbb533da090
multicluster-engine/managed-serviceaccount-rhel8@sha256:6d69212b58623df24eea1714b42171bf503fe6ff0e9be3225eacbdbb533da090
multicluster-engine/managedcluster-import-controller-rhel8@sha256:94373785c37bf93f295d9092920f1f400ba8743574e41b1885d194972e5e7423
multicluster-engine/mce-operator-bundle@sha256:6fe0b220921b83a3be3a6393f9b93911ccf858fd113ba81f189618ced63614d8
multicluster-engine/multicloud-manager-rhel8@sha256:748532ba704c17d02917a9d849cfd747e6cc4010eca466b99ea8bf2fce1f2f92
multicluster-engine/must-gather-rhel8@sha256:f8e609f47fa235e70f7ad3dfd4623c45db945ea4ec548d3ffc908c5c9d8dc157
multicluster-engine/placement-rhel8@sha256:5fa6f37d1d2f85cee68d55d6a1400b96a531a7857ede37d722a0daece7185af7
multicluster-engine/provider-credential-controller-rhel8@sha256:7ed60daf7afd9d1820dceda1df8d58cb728b66905d08cca113ffd8f8be080539
multicluster-engine/registration-operator-rhel8@sha256:09f9573b0746e8a261b464b0eb7ab7c70111b084dbd422bf50415b746c1a03f2
multicluster-engine/registration-rhel8@sha256:952e3af060823aaca27b058465ec27b58a0749054af5f02663e6ff24b10b36d8
multicluster-engine/work-rhel8@sha256:8a670a0a7cb01ed821835fd55914bb4517148293d25ac03f242f69fd14102455
s390x
multicluster-engine/addon-manager-rhel8@sha256:54adbdee8e5fbc411d857b0a4bdeabda7744cf6c8d397301bc719a893b5296d1
multicluster-engine/agent-service-rhel8@sha256:da33576df3a7718afc5ad1603d4816ba9a46eabd9a9af4155302ef540909b3af
multicluster-engine/apiserver-network-proxy-rhel8@sha256:87d60142d3fe1b4e75f2a194ee556f085f68d714a585460996797a5c6f33fa15
multicluster-engine/assisted-image-service-rhel8@sha256:2292ad3a2aadb560b099c2163fdfb32497338df969bece375cd97176cb4ad666
multicluster-engine/assisted-installer-agent-rhel8@sha256:9c35030639867192c4ce7b60bc233e531f6f8b609c6cf75fd752cfbc27e9dea3
multicluster-engine/assisted-installer-reporter-rhel8@sha256:a34a40ff9d2042815efddba3655812bbfbbc5bbe8af178350b7de1ee7993cc1e
multicluster-engine/assisted-installer-rhel8@sha256:586eccddc812f15f7d02df23d03da22ad9447369344f4142f138f20ef47476f0
multicluster-engine/aws-encryption-provider-rhel8@sha256:d86149264b2f670b390ffe672c6dc5058dff4eae1d21b2cbc4cd67701fff18b7
multicluster-engine/backplane-rhel8-operator@sha256:21c6ea817e688cb59924ead25ccfa0509593c6e0137cbe3aceca7b30a7bbb1da
multicluster-engine/cluster-api-provider-agent-rhel8@sha256:e99428415a09ce52415363c2b4c164d299d89ed5c86e5cbdfe85f64c51fcd6c0
multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:e99428415a09ce52415363c2b4c164d299d89ed5c86e5cbdfe85f64c51fcd6c0
multicluster-engine/cluster-api-provider-aws-rhel8@sha256:7a44b3cbce709b21467f0a71690ada0180ebbb7de2b25841ace1911f24d4c9d9
multicluster-engine/cluster-api-provider-azure-rhel8@sha256:b3521a9484f440e7b41b2b171f92e4511fb77b5b1012385a958992810bace687
multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:68cd241061427d944a22a33132a7b2e4e967b8b08ffdd6d4342e783acbdb95d1
multicluster-engine/cluster-api-rhel8@sha256:52151cf90b8a4be56c9c45cfee8fd58f34e2e69f5c2fbd3ffcf2a1e9dd61020d
multicluster-engine/cluster-curator-controller-rhel8@sha256:3c4344fcd556a8036dcfe90f8c04ec7474bf442a4ac8f1757d00301298038504
multicluster-engine/cluster-image-set-controller-rhel8@sha256:955101925dfd3a9e928ad697eae4c880faa47271308f80452fffa58e9c0cc80c
multicluster-engine/cluster-proxy-addon-rhel8@sha256:c08598a3607c7a1587831da6b75d35740cb91a14990489eecd103fb8b738aa76
multicluster-engine/cluster-proxy-rhel8@sha256:e46cfa55bdd13fd76d51b5f8269bdbc096e102186fd4d56fe8562004a43d102c
multicluster-engine/clusterclaims-controller-rhel8@sha256:847d1b68543c69c040c0c9b0bd10c2fae191abcef90af86b936b0f8814bf7758
multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:b158e8826b8f1b6e27bfef3fc0a21af880bd83039c24d5ea6805d38ff51a5d04
multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:4f175c645f891fe131f8ff4ca34e06d14c388929ca0c5af1d2da1c1f20a7dda7
multicluster-engine/console-mce-rhel8@sha256:4f175c645f891fe131f8ff4ca34e06d14c388929ca0c5af1d2da1c1f20a7dda7
multicluster-engine/discovery-rhel8@sha256:1d78e9a96c11ddeff5fa4889a85d5da79e278e28e3ea300d6c787e21eff4f38a
multicluster-engine/hive-rhel8@sha256:397d852b561fcc77f300ffb08a6a3941683a66858b026ca91a7c5c6392f43973
multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:350fa5b7097a8793a00293510c8100f9d2f55a27c0739fb9ff02a164f2d4aae4
multicluster-engine/hypershift-addon-rhel8-operator@sha256:350fa5b7097a8793a00293510c8100f9d2f55a27c0739fb9ff02a164f2d4aae4
multicluster-engine/hypershift-cli-rhel8@sha256:32b58c257ccad6377a95db5ecf7eabb2f0613c725a74a079e79d6daa8cf2e2bd
multicluster-engine/hypershift-rhel8-operator@sha256:e08f13b210f7d76349e65071b43f87210f0fb6fb00c715fb58a9dc1b7737f8c6
multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:75aa6df38240de0a86e7d5275367f71e06e7ed19383f8d3f55de2492333e4672
multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:3f83e60a99387aaae33e0f3c455937fe65c0ddd843b97e7a804ee1e522304f42
multicluster-engine/managed-serviceaccount-rhel8@sha256:3f83e60a99387aaae33e0f3c455937fe65c0ddd843b97e7a804ee1e522304f42
multicluster-engine/managedcluster-import-controller-rhel8@sha256:8f0c5e3b938685035c4d586770f8dee2f178d3376de3cb26555f025cdc139479
multicluster-engine/mce-operator-bundle@sha256:e685fa0a06084822ddf8c1ce4bd8802dfd10609adf425445f66443bb39546daa
multicluster-engine/multicloud-manager-rhel8@sha256:b3e9409dbac68f48d4c469e523679e9213cccdfa718f2c3902598aa20459351b
multicluster-engine/must-gather-rhel8@sha256:dd66b1990607ea4020cdc755257a08cc049fb38cb832048be1d0d50d4fbd4e77
multicluster-engine/placement-rhel8@sha256:5b8cdb1bda3cfa94ce254e87d1c8f1c54a01600dbbbd2bc06c42628f5aafdc92
multicluster-engine/provider-credential-controller-rhel8@sha256:a2fd2ac2b75f3395627aa7252ca4740e2c4b1e9115f8afc42f107495669def1e
multicluster-engine/registration-operator-rhel8@sha256:b620ca3fd1466373704ee0c8afd8082fe10312830eafc5e4c4f3e91f3768008a
multicluster-engine/registration-rhel8@sha256:2dad0e98417ae0578265522896e46008daed65c49829fe969f1739b61c318823
multicluster-engine/work-rhel8@sha256:2e074c89e8966855cb4c54e842a6ce6553a99565a7e8932dc6bea83e91c5f87f
x86_64
multicluster-engine/addon-manager-rhel8@sha256:1807f5f9ce189c5cdb28c1d1db8e991b82cfffbb0923df5bf7f6196d8f833c57
multicluster-engine/agent-service-rhel8@sha256:569abf6a5ee0f48305526c3911f4886f6e10244aecbecb53a9e08e34c0601a81
multicluster-engine/apiserver-network-proxy-rhel8@sha256:2f42dbc7d706e6fc1d652c0e7b5ed3b6e19a5a46df5dd19af01072070203f4dd
multicluster-engine/assisted-image-service-rhel8@sha256:5f740cd07c6b3200a920e1acdc798747adbe31c31e3d99b07465bc371139550b
multicluster-engine/assisted-installer-agent-rhel8@sha256:67549cefddb9f310269fe9e49a9a70e4a056b7e54c041114620de97db1b296d0
multicluster-engine/assisted-installer-reporter-rhel8@sha256:5bae0d3ce3995302b1fd64b01486fb58b301ff3ba601e24f53e21003120a39d5
multicluster-engine/assisted-installer-rhel8@sha256:d7106b2420380ba9dca36679da2c4e4cc8a274f0307728336a6dd83bda17e913
multicluster-engine/aws-encryption-provider-rhel8@sha256:392f73969fac4348340eb8af2ea8de3c5c66d5b6b33296026d8537432e6c0871
multicluster-engine/backplane-rhel8-operator@sha256:bcaa2146ebaf2f1c64ba579f38498ca763e788bb8f1407ca893e8a4beb9c717a
multicluster-engine/cluster-api-provider-agent-rhel8@sha256:7d2ade974ea592bf83d30504977bc6986592785b02417bf5020337bedbfd8e75
multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:7d2ade974ea592bf83d30504977bc6986592785b02417bf5020337bedbfd8e75
multicluster-engine/cluster-api-provider-aws-rhel8@sha256:c77b06fc16d50806a8bb8ce5a58f64a965d172c2355323b9bc620977f8d10865
multicluster-engine/cluster-api-provider-azure-rhel8@sha256:26621801541c1cb710de725a55c89003d9e85a35058012b15963a84ca5804f42
multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:cec5a2eba165b45aea5eb129ffc5a18881c81b1a994b6ca00273705bb271a3ad
multicluster-engine/cluster-api-rhel8@sha256:c76aaacb9982c9938d3b70ca6097fac2df6facd3ceb1fad269de3595ad62ec75
multicluster-engine/cluster-curator-controller-rhel8@sha256:27db1955111ff76ec315e8c20e4ee6ae9dd57d678f63559f665f5ffbc20a5581
multicluster-engine/cluster-image-set-controller-rhel8@sha256:dcd1fb2fb1fbd09de17ca4df0d7e621d72c1d417913b2358b929723db8e17108
multicluster-engine/cluster-proxy-addon-rhel8@sha256:64b341a61948392634da678a9595a6dac6e7d7e9e3e353ce9a36459e760b009f
multicluster-engine/cluster-proxy-rhel8@sha256:0940f05e058bf02ed819989d995e46d4d4deaeec76bead3f5d3119f9b03a4f4c
multicluster-engine/clusterclaims-controller-rhel8@sha256:efa9a4b936528c07ede42e1f4a18a46f678fa2bd98c907d22b25877921282393
multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:b0803428e2c927edbdb03eb997674234187d18552331eed214ace04e620d6fcd
multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:5c0e8e8cf00cd94a67dfca379c8daed9ae8a18bcab70d60072684475e810a4c0
multicluster-engine/console-mce-rhel8@sha256:5c0e8e8cf00cd94a67dfca379c8daed9ae8a18bcab70d60072684475e810a4c0
multicluster-engine/discovery-rhel8@sha256:d03a93762c65fd3134d895a90121cd2ddd795e6541512143bda890026d0226c2
multicluster-engine/hive-rhel8@sha256:30fbfb2f3d0a0d49c92de733c42680a08d3b7e69d85259318b9ef6616006ce36
multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:b802d1e6b574b897923f088637209fd49fa0afd87f73d8ea1207c7410f5e0a1b
multicluster-engine/hypershift-addon-rhel8-operator@sha256:b802d1e6b574b897923f088637209fd49fa0afd87f73d8ea1207c7410f5e0a1b
multicluster-engine/hypershift-cli-rhel8@sha256:d3eed22fef6dffade42dc06b51213d386f77a0609025acdb275a6b2e7872640d
multicluster-engine/hypershift-rhel8-operator@sha256:469d8b927fda714d01afa7d7062a0d55cab41f4c7d4fb40dfe73f4f8e676bc4a
multicluster-engine/klusterlet-operator-bundle@sha256:91fcc59f2ca9ae81b691051a749e5a5ef28012c71d7cb1383d91dd05c4e6e8e2
multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:c3398c6278c6903f0afc4797cf3deb98d5132f2e2b44f584e7a76025190a93da
multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:d5b98337b4f883a04ba81b7a5e13f291543cb29cff67d0653bd85978fc8495d3
multicluster-engine/managed-serviceaccount-rhel8@sha256:d5b98337b4f883a04ba81b7a5e13f291543cb29cff67d0653bd85978fc8495d3
multicluster-engine/managedcluster-import-controller-rhel8@sha256:1dbc29aa753466d14b917f3620f53381661ebe53b6041247a7976fdd9b24167d
multicluster-engine/mce-operator-bundle@sha256:f3a2fbc22d2b1e7020f36db834dfba83b41a248f2cd3d50c664a682cf0f280cf
multicluster-engine/multicloud-manager-rhel8@sha256:bb4f6af5fa116dd7f1ecda065035b1f6e93af59bc9698ddf70218eb473b472b3
multicluster-engine/must-gather-rhel8@sha256:10f5e4e33b5b3d48ac3985d25913d7d183d43ff758dafd21e39c0951ef9cd60e
multicluster-engine/placement-rhel8@sha256:59da6adcb72a1f1a9804bcd1fcf64241ce74976410ad42d01ea013ac87502f1a
multicluster-engine/provider-credential-controller-rhel8@sha256:74f9d4634431e33286523745bfc65799b788b29d53935d4a41a383b6c2a835f8
multicluster-engine/registration-operator-rhel8@sha256:9687f08d869266aacf38f8ae27fc29d51a80a5b5ca064820a4f31a769b2bef86
multicluster-engine/registration-rhel8@sha256:befd92ac757213788835a2010e4385aeb70c72be0ef37942e348bb827b857540
multicluster-engine/work-rhel8@sha256:2cc89f2d299c5c14d49bfedd06445fb972d3137c8c22647217f38e0d6c42ed64
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4862-01 - Multicluster Engine for Kubernetes 2.3.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat OpenShift Serverless 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.
In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. ### Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. ### Patches None. ### Workarounds None. ### References PoC is to be disclosed on or after the 8th of August. ### For more information If you have any questions or comments about this advisory: - Open an issue in [VM2](https://github.com/patriksimek/vm2)
Red Hat Security Advisory 2023-3924-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.23.
Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...
Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.
Red Hat Security Advisory 2023-3914-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44.
Red Hat Security Advisory 2023-3911-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.63.
Red Hat Security Advisory 2023-3910-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.63.
Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server...
Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS...