#kubernetes

Red Hat Security Advisory 2024-0766-03 - Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in runc which is consumed by Azure Kubernetes Service. The mitigation for this vulnerability requires a security update, and a corresponding Azure Kubernetes Service update enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the Azure Kubernetes Service build published on January 31, 2024 is no longer vulnerable. Please see CVE-2024-21626 for more information.

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

Welcome to part 4 of this miniseries on the concept of Environment as a Service. As discussed in part one, an environment comprises everything that is needed to run an application and, in a kubernetes-centric platform, it starts with the provisioning of a namespace.Sometimes, though, we need components and configurations to exist outside of our namespace for our applications to run properly.These external configurations may involve everything from external global load balancers, external firewalls, provisioning of certificates from external PKI’s, and more… just to name a few. Sometimes, t

### Impact For Cilium users who have enabled [an external kvstore](https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore) and [Wireguard transparent encryption](https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg), traffic between pods in the affected cluster is not encrypted. ### Patches This issue affects Cilium v1.14 before v1.14.7. This issue has been patched in Cilium v1.14.7. ### Workarounds There is no workaround to this issue - affected users are encouraged to upgrade. ### Acknowledgements The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @giorio94 and @gandro for their work on triaging and remediating this issue. ### For more information If you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack). If you think you found a related vu...

Red Hat Security Advisory 2024-0820-03 - Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

By Uzair Amir Infrastructure-as-code (IaC) continues to gain traction and is even hailed for having changed software development towards greater efficiency… This is a post from HackRead.com Read the original post: 5 Ways to Maximize the Impact of IaC Scans