#kubernetes

Red Hat Security Advisory 2024-8228-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs.

As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by secretly injecting malware into the software supply chain. This illicit code allows them to turn a software component into a Trojan horse of sorts, resulting in software infected with malicious code which allows cyber criminals to open the "doors to the kingdom" from the inside.A recent report from BlackBe

Red Hat Security Advisory 2024-7759-03 - Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.

Red Hat Security Advisory 2024-7944-03 - Red Hat OpenShift Container Platform release 4.16.17 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-7941-03 - Red Hat OpenShift Container Platform release 4.13.52 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include an open redirection vulnerability.

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue

Red Hat Security Advisory 2024-7925-03 - Red Hat OpenShift Container Platform release 4.17.1 is now available with updates to packages and images that fix several bugs and add enhancements.

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.

Debian Linux Security Advisory 5790-1 - It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS.