what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01
Posted May 3, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-3841, CVE-2022-40897, CVE-2022-4269, CVE-2022-4304, CVE-2022-4378, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0266
SHA-256 | 73a3a6d4835d6deabe73aac1424fead885072ae86393a0569e27f07803acfe01
Download | Favorite | View

Red Hat Security Advisory 2023-2083-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes
Advisory ID:       RHSA-2023:2083-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2083
Issue date:        2023-05-02
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-3841 
                   CVE-2022-4269 CVE-2022-4304 CVE-2022-4378 
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-25881 
                   CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 
                   CVE-2023-0215 CVE-2023-0266 CVE-2023-0286 
                   CVE-2023-0361 CVE-2023-0386 CVE-2023-23916 
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General
Availability release images, which fix bugs and security updates container
images.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fix(es):
* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service
(ReDoS) vulnerability
* CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint

Jira issues addressed:
* ACM-3516: ACM 2.6.5 images

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

4. Bugs fixed (https://bugzilla.redhat.com/):

2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint
2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

5. JIRA issues fixed (https://issues.jboss.org/):

ACM-3516 - ACM 2.6.5 Images

6. References:

https://access.redhat.com/security/cve/CVE-2020-10735
https://access.redhat.com/security/cve/CVE-2021-28861
https://access.redhat.com/security/cve/CVE-2022-3841
https://access.redhat.com/security/cve/CVE-2022-4269
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4378
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-25881
https://access.redhat.com/security/cve/CVE-2022-40897
https://access.redhat.com/security/cve/CVE-2022-45061
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0266
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-0386
https://access.redhat.com/security/cve/CVE-2023-23916
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZFFOn9zjgjWX9erEAQj+jQ//SEjgQpVdMTwbzqrKnwWrIuGaZpgduNIV
KWh4YtsCRxkPOdEw2JXDu1ApTJjCrAmd4VCPmsKdYfsWqeIrLlTgOxjL8P31uoSG
B6wP2CDYC93KD0ucier97XWAMpM8MToFJqD7aKRwZaJRUeR7hySx/5mS5BqLsyay
Bm0sc4Fo6W7qjTPp9/NKQhx/f1zkR3dpXit+Y9BfhPZMJan4BksEHx4j4qFv3J+g
GN+KNQb3wu1GvOQB6dt8VEeCZaLUf3iiCAOLaYLjUnj4SH4qpeMYb7Fslc4nbRuQ
KtuBzvL5a3FN6XcQ6bfanU+WHchn2qmHCB7oocdDY3kPjUOqiUdU5NDE9ix7eHCh
MeBADYXfYo65BnRFGqBer7y6YcNEFO4S0mJOWcACcfBeOVt3NcN+wruWCWO8Wagm
Fi6XQmop+uRFZlUeYtOXdDTtifZuZW9+fpzTCddZMK9oAmc4n4J0WSmpuaE0k9YW
gJ6Gi0gsq/B68l3XblYpXg+kORJpIt5aFAbrirM7pUk3KdxI+lHA9S9UVxZR1v1g
13tHm9rcFeX0y4JGY47SPiOYIruE9MS1/6UTK4ceqIHmfO6+ghDEwzyI9dui1hCu
YnxE0t3ppVL3DT1tlonLs+hRNssByTtvcAbxej50s4mj9Hpr+Ar3wsd1+gEH93pJ
bqaQqtqDjvM=
=g85t
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    53 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close