Headline
RHSA-2023:5442: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.2 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
- CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a ‘/’ character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.
- CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution.
- CVE-2023-26136: A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
- CVE-2023-29400: A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, “attr={{.}}”) executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.
Issued:
2023-10-04
Updated:
2023-10-04
RHSA-2023:5442 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: Red Hat Advanced Cluster Management 2.8.2 security and bug fix updates
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General
Availability release images, which provide security updates and fix bugs.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Description
Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/release_notes/
Jira issues resolved:
- ACM-5398: ACM ignores Policies about empty label/field
- ACM-6003: UI throws “ClusterSets failed to load” error while deploying application set based applications from console
- ACM-6171: Policy shows as “Compliant” despite there being violations
Security fix(es):
- CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
- CVE-2022-41721 x/net/http2/h2c: request smuggling
- CVE-2023-24539 html/template: improper sanitization of CSS values
- CVE-2023-24540 html/template: improper handling of JavaScript whitespace
- CVE-2023-29400 html/template: improper handling of empty HTML attributes
Affected Products
- Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64
Fixes
- BZ - 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling
- BZ - 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values
- BZ - 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
- BZ - 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes
- BZ - 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
- ACM-5398 - ACM ignores Policies about empty label/field
- ACM-6003 - UI throws “ClusterSets failed to load” error while deploying application set based applications from console
- ACM-6171 - [2.8] Policy shows as “Compliant” despite there being violations
CVEs
- CVE-2022-41721
- CVE-2023-24539
- CVE-2023-24540
- CVE-2023-26136
- CVE-2023-29400
- CVE-2023-29491
- CVE-2023-30630
aarch64
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:fb8b1d4a605c371f204a566f67e853bd935ad5c4412b2e168fc4e7e3391cb8b8
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:7eb243eb0fb6b544a2d261e3aec7dbe41cef7603c87d4685ea0e2c52179d975e
rhacm2/acm-grafana-rhel8@sha256:aaf5d0b2e58793287ee5bef98adf6ef6a4d4114d5457aca0ea30ea48fa1eafaf
rhacm2/acm-must-gather-rhel8@sha256:eee689e19af1918ca932de62c9787ec0f1502c61586f278810991d680916b6fe
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:1387465efe62d7c4b38651bb9c59615cb793fa9affacbdc33baaedce60706f68
rhacm2/acm-prometheus-rhel8@sha256:48bf1a25e9b2b82d4e89de9b11ae87f07a9aeea73b47e307b5ca00742a970f8d
rhacm2/acm-search-indexer-rhel8@sha256:95da6f25543490c764c75ba402961c2848bf6f924f4e8e504d745be7bb05f224
rhacm2/acm-search-v2-api-rhel8@sha256:34cf44189e94e52a254372813359337543755106cd4f53e6c0a8921af99d54cb
rhacm2/acm-search-v2-rhel8@sha256:ff5b478c75ee33ccd5ecb13fff2e3e0f63f705821ce7b13c0bda840d3cd51827
rhacm2/acm-volsync-addon-controller-rhel8@sha256:685359e38f9d9d724525ce05e075548e0470fcd8017772ee940d6d40aed2fffe
rhacm2/cert-policy-controller-rhel8@sha256:883b8feb03a389da12075f8d15c90b30316e12507306e3529f9ab6678899fd61
rhacm2/cluster-backup-rhel8-operator@sha256:3ee3c8df1fa09d4541ac3c6bb31ba8f997d41eeae6ffb50f5867c5bb9c08beb3
rhacm2/config-policy-controller-rhel8@sha256:df5bacc7b937163ddc441fcaffdb4bf083e92169344584d009c3654500a8503a
rhacm2/console-rhel8@sha256:3a88e67b8fc264f52db41157981cc5503ca250c9e2fd2f6f56d9c233a0299edc
rhacm2/endpoint-monitoring-rhel8-operator@sha256:8f944c11e591fc8be2fbebe49506ed52e0063d5b1b8095587ef1313366cf9cdf
rhacm2/governance-policy-propagator-rhel8@sha256:62e3bab21452e7a18e5e3af4493bdf0d354aa816621a7f227adf77665173c4be
rhacm2/grafana-dashboard-loader-rhel8@sha256:bef8f2feebbc684a00fb6bff864b2914fc4cc83d4f11c7135a0cacb89e19b2ad
rhacm2/iam-policy-controller-rhel8@sha256:fb6417515d0e33fda2c54ad742bbb8f5bdaa24aa5240faa01c0446ed9d9791f7
rhacm2/insights-client-rhel8@sha256:c652d956129688df049211a9afcbe613ad53c85d72f78b6d7d4dcda6356e36e8
rhacm2/insights-metrics-rhel8@sha256:59f23f669f48db0aa1338cbc03fe49f763133be7fd0b211ba18fecc4731b68dc
rhacm2/klusterlet-addon-controller-rhel8@sha256:4fa20cb3536c8ea79726e6791ea9adc76aec160470e599a3ddf9e2f128ab1ff7
rhacm2/kube-rbac-proxy-rhel8@sha256:856445f150d069fe993646e0480a624b33fb61ce8ef802fc687d9de0e73a7498
rhacm2/kube-state-metrics-rhel8@sha256:7fb05f06f8e2d1f144008bad14e0db5306906ac8c32272a89dfbf225e6b4cc16
rhacm2/memcached-exporter-rhel8@sha256:465bbe2194718f4c261fd014a6034653a75fba877428478d308e675e0906b5f2
rhacm2/memcached-rhel8@sha256:4cbac7d0e0c318f8f55675fd26cc4e49a8839aad9826ce4a8afea65a49461b20
rhacm2/metrics-collector-rhel8@sha256:dee3a073a9530326f7274281a6eb158c42ee5855a21197c49d9d029c1aaebef8
rhacm2/multicloud-integrations-rhel8@sha256:8993d510a11c696843c8635b3b78cd2a6e1c05250925c5bed20f3c3a4521d580
rhacm2/multicluster-observability-rhel8-operator@sha256:b722021744228a4d636e30cf460a4d0b51e2d81f35eddee668861e35e95d19e4
rhacm2/multicluster-operators-application-rhel8@sha256:c2602fd9c92dd38d5343ca0f65346dc3f85ae7758e896eca18314f48ca82c0f6
rhacm2/multicluster-operators-channel-rhel8@sha256:8506d3f1f9be81842490f8e9dba2fd64fafc09506c6c7304aa37cebf5577ffc2
rhacm2/multicluster-operators-subscription-rhel8@sha256:c7534c4c1da9408c8e11ccc2532813287b9c8cb7e3fd63bd7383e0920ace47b7
rhacm2/multiclusterhub-rhel8@sha256:83ca4923717a9cfc724e541fc76b9dd731aac39b8dcf73152ff8ff0d609ae832
rhacm2/node-exporter-rhel8@sha256:81218319df14316443ebce0721dc8636d3322a2ac077499451bd3a360822fd56
rhacm2/observatorium-rhel8@sha256:2e25e7f578d346cf83b7e9dcb4c56db6b81346318bf374604800930ff59f0ed9
rhacm2/observatorium-rhel8-operator@sha256:92205f1cf5df4547a33df2172501d5814cea90e75cfff01d23c893500169f175
rhacm2/prometheus-alertmanager-rhel8@sha256:ac361cac344b7e866c166bdfe37844a7d1717bc7a6d9c25574d89a1697ae8e6d
rhacm2/prometheus-rhel8@sha256:fb7069d6ad6bb88622ee0ba027e509ead74895dc22e3c49c17f4c8c415e332ef
rhacm2/rbac-query-proxy-rhel8@sha256:62153442e216e29420f9a0c3576f8fcb94e3c13195c71d035a43aca1ef8d201c
rhacm2/search-collector-rhel8@sha256:dbee682eee7f999c8f0fd4fb9ee778b41d3a271b3aa3efa6eed2c54073da803f
rhacm2/submariner-addon-rhel8@sha256:a2fba0ea504b02855ba4336f8b4befa48c854c233d99bab81c7b488b34ca6c8c
rhacm2/thanos-receive-controller-rhel8@sha256:5120c8794b93d170039148261c7e9152ebaf26a6974cb963f4faeeb95ecc3de2
rhacm2/thanos-rhel8@sha256:7f130d3e7c904a07e7613a01710d9652ecfe994c3013808e17ccc8c82a287025
ppc64le
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:24c073c9701f4f454539c09ed284d695299395635ebbebf6c4fef525e58ace92
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:e2b8eac5ee26300dd55dd1f18631e5ce2fb0213be03a73a7df6e8dd44062f41b
rhacm2/acm-grafana-rhel8@sha256:95db781a2b9a788f7ff6b3f30b9dc4076fea9e4db68ddde7fe25a92000e95395
rhacm2/acm-must-gather-rhel8@sha256:fc22b4ca62f4173e26d12233d8ec1f57055ca49d494d4638ee21132df0848bf4
rhacm2/acm-operator-bundle@sha256:f6a1c1f5bd266b3c94397e4d169990ac9ed22269d239cc3a04d68e547acaff93
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:bbd860db9a27ef00fb4bc978163f4091d7c012f10ee500b8f8d0efd817ca6c85
rhacm2/acm-prometheus-rhel8@sha256:38887a5b78ec70f72bcb3ad9a858273d9ff57e80852dbbbe9ab6945c0b8f4c7b
rhacm2/acm-search-indexer-rhel8@sha256:2aefbb1d9031cd54e061a7e0d1ceaf5ef2052cf5ad26fc5fe6ddcf6ce3d07b86
rhacm2/acm-search-v2-api-rhel8@sha256:666f1dc385c5fbb1187de99e238c024dae1cb4a0f26579561efc85cca2851914
rhacm2/acm-search-v2-rhel8@sha256:3842c2d8277faba6f253cf2a1ab7fd97e94f467b3ac60797e9054ca8849df045
rhacm2/acm-volsync-addon-controller-rhel8@sha256:b6e1416bbfa75c74e938411fd7117883ae633732821b444ff058c3efe875da88
rhacm2/cert-policy-controller-rhel8@sha256:2de4ad0479ceb968f0f1ea368cfc406bf550a033e91dcc8e97612f66e0672e64
rhacm2/cluster-backup-rhel8-operator@sha256:c208153e03fe3da4155fe5fbf962366a636df8735d1d2087c5e79b4f773eb844
rhacm2/config-policy-controller-rhel8@sha256:f0f5bfc811f85d9a93aee7571aa472b1e9c64dc492c7cb7a10c40c6e57bc6595
rhacm2/console-rhel8@sha256:e63d60be9a19fb9b44bbfb9f86ddfcc02a24cc202035e40b3b72e2307b02b0cb
rhacm2/endpoint-monitoring-rhel8-operator@sha256:9f5253b811f5d6d83192d7fac782cca89fecffb447128c3d2618cbd04aba8edd
rhacm2/governance-policy-propagator-rhel8@sha256:c072b0f189f8482c039d13e0bbf2786fd8fa61b22acbb017058917a2b7dfea14
rhacm2/grafana-dashboard-loader-rhel8@sha256:6903c611d487d8c889550dfdde397aa172d4fb917fcc506c4ff1e4fbf9504b03
rhacm2/iam-policy-controller-rhel8@sha256:4266ece0663e004668f7420b47dc1381d15bbde14c9298d46132582c088e2433
rhacm2/insights-client-rhel8@sha256:40d15006492e64d3d1fe790b9fe02f3b51e940d3ef1838f7cf225debf8bf4c0c
rhacm2/insights-metrics-rhel8@sha256:046133f007fefb266f06b88512c752fe77ab89494cfd7989a0d974ec3a47a193
rhacm2/klusterlet-addon-controller-rhel8@sha256:da8db1f91c434a6b5966e9709b1393b1faa7add5c2128f8485755e792cd73027
rhacm2/kube-rbac-proxy-rhel8@sha256:bc7b122a505d73f04e27b8a22eac1035032295e64213fe50923de359cb357b8c
rhacm2/kube-state-metrics-rhel8@sha256:e5d488d3c0a764bfda3d0b3a93344963b32f7365fb8246494de7ba1ed3fc03b0
rhacm2/memcached-exporter-rhel8@sha256:e54ee5087de8ce420a3036761ef08fa6c54c1dec1f2e347f1789213251fed650
rhacm2/memcached-rhel8@sha256:bc514240edb4907c78cdfe5d6abbc3bacf3c9104d274271ab6fc8631d10e08b8
rhacm2/metrics-collector-rhel8@sha256:83e784ed368313840d020a2d07b0ac5baee85f9687d4227ff1dcbfb740e0f166
rhacm2/multicloud-integrations-rhel8@sha256:f85373ac74bcfc54343b5569136fe890c547701ae64a83fbfc3ac83de0dcb741
rhacm2/multicluster-observability-rhel8-operator@sha256:337b01d1e2b9dffd9630df86a3f4ea7d6204fa402e8eec4302e2c1cf317617f2
rhacm2/multicluster-operators-application-rhel8@sha256:8cccd8f8bdfa74e7b19edbd2cd8b22d142507a7254e044463bd5e4420da7bfaf
rhacm2/multicluster-operators-channel-rhel8@sha256:679becd95c55281626748a146eba393c62481cf8dea539f646ca804bd8e464a7
rhacm2/multicluster-operators-subscription-rhel8@sha256:3de52aeade3c7716416594ffa266d09cae79e1e3ec31d095d38303ec829a6063
rhacm2/multiclusterhub-rhel8@sha256:6c1ea0edd3a47c56475586be1db7c9cb6f1c25f341ef88704318792469c6b075
rhacm2/node-exporter-rhel8@sha256:934dbc40e0b6579778bbea9cae591ef473d2b3da04c7b081f7f2cf9fc867fae4
rhacm2/observatorium-rhel8@sha256:1af62556dddb3f202925ddb19e3e6eef2142e7a26b9322a62bd05c2718bfc803
rhacm2/observatorium-rhel8-operator@sha256:d249262f968bda91bbb0ecf979de7f4b227433b77330ba7f6df695a066aab9c3
rhacm2/prometheus-alertmanager-rhel8@sha256:716e27bbc9293926f814c966b8e8adda68f6bcf9cc10e26fca80b73aabc49ba9
rhacm2/prometheus-rhel8@sha256:26ad9cdc6672ce15344ce14675abfcc34a95b89a67927341067e339298bf4b8b
rhacm2/rbac-query-proxy-rhel8@sha256:afba558202a82dbabe166a1f309bf7ac77ae79e98ed82a1d94c9848a9b2be9e4
rhacm2/search-collector-rhel8@sha256:809e0130e6e5ddeb25f41d6aa55bf0eb1a74d0487cf8fbb162b29e5a6df81d6e
rhacm2/submariner-addon-rhel8@sha256:dd35a4b89ed6e4884b24d12dded6e66729d98bb3141a800ca122a4a422300da2
rhacm2/thanos-receive-controller-rhel8@sha256:2acd40ecd7a317808b633e82cca7a6f4ef1bcc0c4f34a029283615d6e1031799
rhacm2/thanos-rhel8@sha256:3c7e49320556285362e81a66709b8ea6a4df6caa2c98f6605b1bd668efdd0ecf
s390x
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:ad7cf140b8b5df9e98b2258e299e296debd61aa9d236d2d4e55c5673a0219fc6
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:fecd2b6ad9158aa72b43c70309114bf8dd1c9a73944505a38eeb56df740d9c48
rhacm2/acm-grafana-rhel8@sha256:e1ccb22d42ef8d0c78acb7fe3b0d6d697c3fdd133ee9fedfce735ddd316ebe3b
rhacm2/acm-must-gather-rhel8@sha256:1e78fefaad8d840fbc8969e322b9c27d440e1cf6abb8766d62a5d2f797aa705d
rhacm2/acm-operator-bundle@sha256:308c7525174e282b71462cdabb7aa3bd661685d02a4e549e60770a4f5fe697a7
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:1f2422ea50582a13b8488a3069f77cec68df18c8c2ee1431659a78850da496af
rhacm2/acm-prometheus-rhel8@sha256:ccb67736ecba81978c4862234eb21cf0c073ba1358c0e7a236352983ffa46a91
rhacm2/acm-search-indexer-rhel8@sha256:2278dcac3bc53c3083ff707554a8b23d26f1b5db5f0845428e2b3ee85230f5c8
rhacm2/acm-search-v2-api-rhel8@sha256:7ba6518a1ed6defbe5ebdc2592a6829339a598d2420c2091072b79edf4b044f7
rhacm2/acm-search-v2-rhel8@sha256:c045f710a4e56b026670e7e257c4696facac64256a0c331a8d7f6a46f5a13464
rhacm2/acm-volsync-addon-controller-rhel8@sha256:f18cf29543fb749e15614702fa1049994ae91e8b4908b80878541a7ce22226a2
rhacm2/cert-policy-controller-rhel8@sha256:a663aa3eb7105b4a986ba95141eec73a319422199eceab2c1acdf1b5dc1751b8
rhacm2/cluster-backup-rhel8-operator@sha256:5b62e6b9bbe0729be1a0f7cf9bb126f9bbebb0a56e2f95dcbb3c61ed7f7f7ba5
rhacm2/config-policy-controller-rhel8@sha256:3599542fa69201c53d89bc75bb169bc7d69b61509d8c8668a3156997d9e65a5f
rhacm2/console-rhel8@sha256:a93cd2893d3b9cce71c904da913044fa46dcf17c11d074bdce6d39940f8fac5e
rhacm2/endpoint-monitoring-rhel8-operator@sha256:3139f038ff8446bdf342acafd07f3e6ee3180f1d15e08e80049c9943bb8a28f5
rhacm2/governance-policy-propagator-rhel8@sha256:db1ebc41a04d9b044155bc096e7ddc5eb6d74493c332a90e2e200c79da1d2f25
rhacm2/grafana-dashboard-loader-rhel8@sha256:8ee41a10d03f21a84f30a8515634d97357c98c38bcbd6ad64936deb66de5f2c0
rhacm2/iam-policy-controller-rhel8@sha256:830fa91bdf8702dcdaab668a3ff134160d850b45c8e5c059f7838381ffbceaf4
rhacm2/insights-client-rhel8@sha256:01b3ee721802d7db765fbead458212654f3195728a59e16508296962f0a2f1c7
rhacm2/insights-metrics-rhel8@sha256:0417836739e62034b26d91715eb344f1971cc8fd3650eb50c1d9213d9c244563
rhacm2/klusterlet-addon-controller-rhel8@sha256:aa3f51e5145ab5c62a34707fac154aa5207910c43d12549774f8d6e7f36c2cb8
rhacm2/kube-rbac-proxy-rhel8@sha256:73d55e87fbe682c70b43b2cbdc8d9488d88b8eaa3e85ea8d788ec37414a9058b
rhacm2/kube-state-metrics-rhel8@sha256:077eb4b6d832b9591a68453c73e2dcd573ab87eb7187cf698373b0713fa3a213
rhacm2/memcached-exporter-rhel8@sha256:395d4995e32e07329d2ffc8617dc527285cefe28d6abc7dcefc13f38049b2f3a
rhacm2/memcached-rhel8@sha256:bda65a45dd76cd1d3ff116115e5c3ea4179514603c5acae99a5ab7f393f80b7e
rhacm2/metrics-collector-rhel8@sha256:2dc6914b409b58aa791e59a3e42c4632695123e8d59001b8a0f13595168b7a90
rhacm2/multicloud-integrations-rhel8@sha256:94e04aad2884b79a60255bcac63f72b7bd984f5708b3656426052627eefa8922
rhacm2/multicluster-observability-rhel8-operator@sha256:7cc7db4a655628785a69bd35db379ff5596fe0e88cbe5a916aa2a431bf5edaec
rhacm2/multicluster-operators-application-rhel8@sha256:952c1ee7fddaf3003f9f5ed7b82a48fcfb871f3f5e1f9e1de9ebe240c26f3887
rhacm2/multicluster-operators-channel-rhel8@sha256:a76333d720dab354b5899cebf72f5cf88f048337bf525a45cd70b25d2d6de227
rhacm2/multicluster-operators-subscription-rhel8@sha256:d489fd760207be57f26d1331fbe9a490678beb4054dc270c49c2431a6aff74ad
rhacm2/multiclusterhub-rhel8@sha256:1b8ffbe2259594249d54047fd5923311a0efbb6dec06bbd53c95d58b1ecf35fc
rhacm2/node-exporter-rhel8@sha256:d8bc9cb50254691e161c62ddce4b129801d389f4827ecefa36890d7094ceeff2
rhacm2/observatorium-rhel8@sha256:c8be68eba9d4202aab079a9c0bc294217d2514266df5326d7bbcf7989a153319
rhacm2/observatorium-rhel8-operator@sha256:6df2ad514432f974c5644fa944e892388929b845078faf50b6a78e593d9f1d63
rhacm2/prometheus-alertmanager-rhel8@sha256:141c998f09f075526120c7f44028c94d6383dd2b19a75c1938aafb12e5a21019
rhacm2/prometheus-rhel8@sha256:3a625696a259e76fb81797b84c23037843500bd8669a2a5bb45138e659367cc6
rhacm2/rbac-query-proxy-rhel8@sha256:3137d0aec4f0c8929d37eb7ef328827ef5d278f320c43d5448a95b9abc8a5e17
rhacm2/search-collector-rhel8@sha256:2de1cc33e516e7b03f6006185a15511b4a8d498c5e03c9cd5ea2392bc6123b4e
rhacm2/submariner-addon-rhel8@sha256:a23840634c64ba05632a88300ac1ebc2ca648c4a42734844468fb5f750e63e8c
rhacm2/thanos-receive-controller-rhel8@sha256:65f7480a3ee3cc5e25f62f0b21ec45a5cab2c10ca921a268c3b1d76e26909b49
rhacm2/thanos-rhel8@sha256:2d02d4213ea9df3c49d5ddbc8149d355078913358a35e6a231a463445d3ffade
x86_64
rhacm2/acm-governance-policy-addon-controller-rhel8@sha256:4727f9767b25b4f8fb138e946ad0c2847d50299f5a0cd3aa6e48776ab67e52eb
rhacm2/acm-governance-policy-framework-addon-rhel8@sha256:574dc1067acdffcad490df92e2016092a2d04c912170edc5d8dd7ef5ecf4271d
rhacm2/acm-grafana-rhel8@sha256:deba5ae05c46b6fb1591ca9edbaa34387655f1636b892c0cbcf5dcf87a100f0f
rhacm2/acm-must-gather-rhel8@sha256:30d9960ae02803286951a370c306f0ff30abbb3fb0c13981e131161666296ade
rhacm2/acm-operator-bundle@sha256:5048535e91b1b45a6550cf634886ef377366e90a8e55d3eab4d2b5cd7eacc471
rhacm2/acm-prometheus-config-reloader-rhel8@sha256:1ba9adc5f25bf34c03a00b5a908654e271901f34f05a3e5868beb7c5fe6684f9
rhacm2/acm-prometheus-rhel8@sha256:3021d66f6eeeac0bce22d6a306c2c3ea2791ecd12c00430cafae02c97ea3d461
rhacm2/acm-search-indexer-rhel8@sha256:d45beda01da2b6a7757db364729b3552a9c34cbaff1cc4f67242222cf1fcc50a
rhacm2/acm-search-v2-api-rhel8@sha256:414a8d4095a70beb138a5aff278b4f7afa2dba1cd7a28575d0e6e70cb2aeba90
rhacm2/acm-search-v2-rhel8@sha256:4ce1f4bb20493d8db93d71e62ba8e604dddb7ac20c9df3d6888b1f24cd787a03
rhacm2/acm-volsync-addon-controller-rhel8@sha256:b75eb3c229bc66bbac4a9fd4dbf7433247d96495731cd770a82e4bc2ca854273
rhacm2/cert-policy-controller-rhel8@sha256:2448be4137c76e27296e9fe75d79eaaca66ffadc87dd2e8766606838349c717d
rhacm2/cluster-backup-rhel8-operator@sha256:1e971c500e4bf9d3bb66fe644fbbed143e4f05501c0f79a8affb17b5854d264d
rhacm2/config-policy-controller-rhel8@sha256:d27a7d7223bee707d57a0e495fc3e6416cd1d2e92d197b7b26da78159d9a5a4b
rhacm2/console-rhel8@sha256:a4c0f5affbefa4b0a1ffa0c05cfca71967df0140849999bca11c1db64ccf6502
rhacm2/endpoint-monitoring-rhel8-operator@sha256:ad4840a23541fbc6b8b84ea9be6cfca2c819844e33ea397ff5ee43e23823564d
rhacm2/governance-policy-propagator-rhel8@sha256:2ab9ac7026e9e35e3afaa932deeeb39c6d249536a62bbf172e8035ce7a48db1d
rhacm2/grafana-dashboard-loader-rhel8@sha256:5591b8ac7492d1d68df1a2cad015bf0725b5e0c9580c35d7a7997ebfd414d769
rhacm2/iam-policy-controller-rhel8@sha256:eb6d1474b7d2f796f86e378be57134212fe24409f6e83a5d4cd2d44da093276a
rhacm2/insights-client-rhel8@sha256:8ae122e3c10b81518326e4db5a6839e3c47eaf1da3dc0686553285b5adf807e4
rhacm2/insights-metrics-rhel8@sha256:1c821d8d1f7dbe68110103a58ebcc7785b525605e8d650231cc6f44c82dd92c9
rhacm2/klusterlet-addon-controller-rhel8@sha256:df587b4faa7cdc9717d46c8fd62ef5574c3c5097b3ad3c71e867e586965b0e48
rhacm2/kube-rbac-proxy-rhel8@sha256:e666e971673f0282ce3828da913dde1a4e06b15f27a1103046a7a49a3185561e
rhacm2/kube-state-metrics-rhel8@sha256:e7cc8297df0f7aded5ad8c54d8ffe5a84472b66e722964b8795e6e96d17358f1
rhacm2/memcached-exporter-rhel8@sha256:fcaf25589efe8ecd5d1e7be493d4505bc8c29d1b8c42f57ba85caf526073f142
rhacm2/memcached-rhel8@sha256:43d7f357d1104dbd16c7ccfcf2148256a38bb2e1376f55e7387f9199822e5219
rhacm2/metrics-collector-rhel8@sha256:61b1e31f13bb5654f47ee7ac540a8273cbfa21a59383fa3c9028d2fa8b5d9473
rhacm2/multicloud-integrations-rhel8@sha256:103633ffd3060cf210a7d8f06983eb58f4ff7960bd5783522ad3610a0d87cba6
rhacm2/multicluster-observability-rhel8-operator@sha256:fa3c857a6809221369347378091636e444d481dbacdd165c8052f6ebcc9564ba
rhacm2/multicluster-operators-application-rhel8@sha256:a00dde4d3c61ca6e6a498f870b4459b384d127ed9109facbe0237aa93cf3de74
rhacm2/multicluster-operators-channel-rhel8@sha256:eb669584297e421318af3333ba6fb609a7d10bdbed03b19718f7ebaa443725a5
rhacm2/multicluster-operators-subscription-rhel8@sha256:8419c1581ebd0bd038b1794e894f8eed6b987e545e59209955815f49bea2d11f
rhacm2/multiclusterhub-rhel8@sha256:fe5ceac23608d3ca063f21d5304d5955a1ac277b5d8c28f9a768fa3ce7ae3b8a
rhacm2/node-exporter-rhel8@sha256:00ce9d18315c5955d69e7c939c6aaeae1f71c3c2cf5460edadc2addeb006b118
rhacm2/observatorium-rhel8@sha256:7fdee0a4226cfa46039d9dae7ef59d32d1bcd5bfa3ac5e209aa44a6a0dd597b5
rhacm2/observatorium-rhel8-operator@sha256:09f59568c7d5148bf54b0a8747a2f0e4ea5aab1adab6436dc6f7f440bdf99938
rhacm2/prometheus-alertmanager-rhel8@sha256:37735cd8439e0e05bbaf753106986721a3afe83727c0c04155dcb329caf1e2a7
rhacm2/prometheus-rhel8@sha256:bf4f21fab83a4ab1a0769b03074732d96d9a048efe712036cf4125f0473a24cf
rhacm2/rbac-query-proxy-rhel8@sha256:9373d08cf87768d69c3409e6c1165b122a9d25ef799db40b7c8a9c6ea78e0ae8
rhacm2/search-collector-rhel8@sha256:731a47164330f3f19da311e9975c57effb1b2dd8fa496af060057fd09e3f6271
rhacm2/submariner-addon-rhel8@sha256:84be8168283e0c29b1e73343108fd36ea67ed3ab98697a949c3aeda21a52907a
rhacm2/thanos-receive-controller-rhel8@sha256:df8f6782accd933ff97f6cf673804ce56098ad3e5755973142f95a76d4f21d5d
rhacm2/thanos-rhel8@sha256:1d9d38bebaf47d5df103a01d7f5a41060cde43360307aca7c32871fc460f25c5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202407-26 - A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Versions greater than or equal to 3.5 are affected.
Red Hat Security Advisory 2023-7361-01 - An update for ncurses is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5485-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5484-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of servi...
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...
Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-5249-01 - The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.
An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious
Red Hat Security Advisory 2023-5061-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.
Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.
Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.
Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1260: An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "po...
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1260: An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "po...
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service. * CVE-2023-26136: A flaw was found in the tough-cookie package. Affec...
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...
Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS...
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted input. * CVE-2023-24540: A flaw was found in golang,...
Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted input. * CVE-2023-24540: A flaw was found in golang,...
Red Hat Security Advisory 2023-3612-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. Issues addressed include a denial of service vulnerability.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Red Hat OpenShift Container Platform release 4.12.21 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside ...
Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.
An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted inpu...
An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted inpu...
Red Hat Security Advisory 2023-3318-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler.
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.