#kubernetes

One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.

### Impact Note: "Pebble" here refers to [Canonical's service manager](https://github.com/canonical/pebble), not the [Let's Encrypt ACME test server](https://github.com/letsencrypt/pebble). The API behind `pebble pull`, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and the charm run as root, so they have full access. But if another restricted unix user gains local access to the container host, they could hit the Pebble `GET /v1/files?action=read` API and would be allowed to read any file in the workload container, for example an ssh key or database password or other sensitive information. If there are ssh keys they could then potentially ssh into the workload, or if something like a database password they could log into the database. Note that this requires local user access to the host machine. It seems unlikely that an attacker could gain this level of access in a Juju Ku...

Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.

Red Hat Security Advisory 2024-1574-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1572-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1563-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1561-03 - Red Hat build of MicroShift release 4.15.6 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2024-1559-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements.

Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.

Red Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.