#kubernetes

### Summary  The AWS Load Balancer Controller includes an optional, default-enabled feature that manages WAF WebACLs on Application Load Balancers (ALBs) on your behalf. In versions 2.8.1 and earlier, if the WebACL annotation [1] [alb.ingress.kubernetes.io/wafv2-acl-arn](http://alb.ingress.kubernetes.io/wafv2-acl-arn) or [alb.ingress.kubernetes.io/waf-acl-id](http://alb.ingress.kubernetes.io/waf-acl-id) was absent on Ingresses, the controller would automatically disassociate any existing WebACL from the ALBs, including those associated by AWS Firewall Manager (FMS). Customers on impacted versions should upgrade to prevent this issue from occurring. ### Impact  WebACLs attached to ALBs managed by the AWS Load Balancer Controller through methods other than Ingress annotations may be automatically removed, leaving the ALBs unprotected by WebACL.  Impacted versions: [>=2.0.0;<2.8.2]  ### Patches  We addressed this issue in version 2.8.2 [2] and recommend customers upgrade. Now, if t...

Red Hat Security Advisory 2024-8238-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-8232-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8229-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-8228-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs.

As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by secretly injecting malware into the software supply chain. This illicit code allows them to turn a software component into a Trojan horse of sorts, resulting in software infected with malicious code which allows cyber criminals to open the "doors to the kingdom" from the inside.A recent report from BlackBe

Red Hat Security Advisory 2024-7759-03 - Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.

Red Hat Security Advisory 2024-7944-03 - Red Hat OpenShift Container Platform release 4.16.17 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-7941-03 - Red Hat OpenShift Container Platform release 4.13.52 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include an open redirection vulnerability.

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue