-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates
Advisory ID:       RHSA-2023:3356-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3356
Issue date:        2023-05-30
CVE Names:         CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 
                   CVE-2022-1462 CVE-2022-1679 CVE-2022-1789 
                   CVE-2022-2196 CVE-2022-2663 CVE-2022-2795 
                   CVE-2022-3028 CVE-2022-3204 CVE-2022-3239 
                   CVE-2022-3522 CVE-2022-3524 CVE-2022-3564 
                   CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 
                   CVE-2022-3623 CVE-2022-3625 CVE-2022-3627 
                   CVE-2022-3628 CVE-2022-3707 CVE-2022-3970 
                   CVE-2022-4129 CVE-2022-20141 CVE-2022-25265 
                   CVE-2022-30594 CVE-2022-36227 CVE-2022-39188 
                   CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 
                   CVE-2022-41973 CVE-2022-42703 CVE-2022-42720 
                   CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 
                   CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 
                   CVE-2023-1195 CVE-2023-1582 CVE-2023-1999 
                   CVE-2023-22490 CVE-2023-23454 CVE-2023-23946 
                   CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 
                   CVE-2023-29007 CVE-2023-32313 CVE-2023-32314 
====================================================================
1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General
Availability release images, which fix security issues and update container
images.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Security fix(es):
* CVE-2023-32314 vm2: Sandbox Escape
* CVE-2023-32313 vm2: Inspect Manipulation

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions about installing this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

4. Bugs fixed (https://bugzilla.redhat.com/):

2208376 - CVE-2023-32314 vm2: Sandbox Escape
2208377 - CVE-2023-32313 vm2: Inspect Manipulation

5. References:

https://access.redhat.com/security/cve/CVE-2021-26341
https://access.redhat.com/security/cve/CVE-2021-33655
https://access.redhat.com/security/cve/CVE-2021-33656
https://access.redhat.com/security/cve/CVE-2022-1462
https://access.redhat.com/security/cve/CVE-2022-1679
https://access.redhat.com/security/cve/CVE-2022-1789
https://access.redhat.com/security/cve/CVE-2022-2196
https://access.redhat.com/security/cve/CVE-2022-2663
https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/cve/CVE-2022-3028
https://access.redhat.com/security/cve/CVE-2022-3204
https://access.redhat.com/security/cve/CVE-2022-3239
https://access.redhat.com/security/cve/CVE-2022-3522
https://access.redhat.com/security/cve/CVE-2022-3524
https://access.redhat.com/security/cve/CVE-2022-3564
https://access.redhat.com/security/cve/CVE-2022-3566
https://access.redhat.com/security/cve/CVE-2022-3567
https://access.redhat.com/security/cve/CVE-2022-3619
https://access.redhat.com/security/cve/CVE-2022-3623
https://access.redhat.com/security/cve/CVE-2022-3625
https://access.redhat.com/security/cve/CVE-2022-3627
https://access.redhat.com/security/cve/CVE-2022-3628
https://access.redhat.com/security/cve/CVE-2022-3707
https://access.redhat.com/security/cve/CVE-2022-3970
https://access.redhat.com/security/cve/CVE-2022-4129
https://access.redhat.com/security/cve/CVE-2022-20141
https://access.redhat.com/security/cve/CVE-2022-25265
https://access.redhat.com/security/cve/CVE-2022-30594
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-39188
https://access.redhat.com/security/cve/CVE-2022-39189
https://access.redhat.com/security/cve/CVE-2022-41218
https://access.redhat.com/security/cve/CVE-2022-41674
https://access.redhat.com/security/cve/CVE-2022-41973
https://access.redhat.com/security/cve/CVE-2022-42703
https://access.redhat.com/security/cve/CVE-2022-42720
https://access.redhat.com/security/cve/CVE-2022-42721
https://access.redhat.com/security/cve/CVE-2022-42722
https://access.redhat.com/security/cve/CVE-2022-43750
https://access.redhat.com/security/cve/CVE-2022-47929
https://access.redhat.com/security/cve/CVE-2023-0394
https://access.redhat.com/security/cve/CVE-2023-0461
https://access.redhat.com/security/cve/CVE-2023-1195
https://access.redhat.com/security/cve/CVE-2023-1582
https://access.redhat.com/security/cve/CVE-2023-1999
https://access.redhat.com/security/cve/CVE-2023-22490
https://access.redhat.com/security/cve/CVE-2023-23454
https://access.redhat.com/security/cve/CVE-2023-23946
https://access.redhat.com/security/cve/CVE-2023-25652
https://access.redhat.com/security/cve/CVE-2023-25815
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/cve/CVE-2023-29007
https://access.redhat.com/security/cve/CVE-2023-32313
https://access.redhat.com/security/cve/CVE-2023-32314
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZHsDMdzjgjWX9erEAQizYhAAgojSi/Dpw4kJE0u2IgcMVr+9lW8tikZV
GccB3XSq3RVKsJ+iG+yAE+jDoaaRsWyvSQfR2oZ1Bvd9SzBJGeAehu1Dvstvvv2Z
oW6zGDOxAXraxaxVxlM7l9oblu+HUSDyzwShhyTCbfHwJ7VZA7Q+0phzkEFuhdG0
r0SCN704hEykVNcsJrHu08GznGqzy4uMns2Zqy24ZAP36ASRU2Yf0kyDWYpd+YOl
qnC8BLI88TtOBZ1R2JDF2PJhwtaj6A7Mdk53QL4yXU+GCK2Hf1YRfPnBHs/DxvvA
LPlp96ECR8sbcBi4WLoWNlCVPjShesBkij03lbnD7SHL631ev4fPO4NEa3BZq8yK
MxtfyUikpCzTpizu3sTVPEYrZOaPWth55dcuZLaxBhjlvQfyG8bi/0CSlEVdEs8d
kKQK0F3fbzg813HCb+RWgkDugjzTDzF0WU3+Cnj9ljq5SAcbleCOxn2rPvUk9o5V
eJ4VEGnkJB2Dh+ksttx5KA3QOs4RMj1d0nejIZ3O83aq692+5RRHejvjxBxvmjKL
Ns02sdx0qsqFU+1oZShxFXeBtLWXrf4oTKVCj1VExT4Td5eCyOFAAYrOYww3kNTV
zse4ZmCsb9uTx9vSmCD48o0IpCGW0umTXuE/q/zN8suDXbu+Hs3emO0pssWjcMMJ
4Xfns6sfgw4=gXAt
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-3356:01 Critical: Red Hat Advanced Cluster Management

Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General Availability release images, which fix security issues and update container images

Summary

Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fix(es): * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation



Summary


Solution

For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions about installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

References

https://access.redhat.com/security/cve/CVE-2021-26341 https://access.redhat.com/security/cve/CVE-2021-33655 https://access.redhat.com/security/cve/CVE-2021-33656 https://access.redhat.com/security/cve/CVE-2022-1462 https://access.redhat.com/security/cve/CVE-2022-1679 https://access.redhat.com/security/cve/CVE-2022-1789 https://access.redhat.com/security/cve/CVE-2022-2196 https://access.redhat.com/security/cve/CVE-2022-2663 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-3028 https://access.redhat.com/security/cve/CVE-2022-3204 https://access.redhat.com/security/cve/CVE-2022-3239 https://access.redhat.com/security/cve/CVE-2022-3522 https://access.redhat.com/security/cve/CVE-2022-3524 https://access.redhat.com/security/cve/CVE-2022-3564 https://access.redhat.com/security/cve/CVE-2022-3566 https://access.redhat.com/security/cve/CVE-2022-3567 https://access.redhat.com/security/cve/CVE-2022-3619 https://access.redhat.com/security/cve/CVE-2022-3623 https://access.redhat.com/security/cve/CVE-2022-3625 https://access.redhat.com/security/cve/CVE-2022-3627 https://access.redhat.com/security/cve/CVE-2022-3628 https://access.redhat.com/security/cve/CVE-2022-3707 https://access.redhat.com/security/cve/CVE-2022-3970 https://access.redhat.com/security/cve/CVE-2022-4129 https://access.redhat.com/security/cve/CVE-2022-20141 https://access.redhat.com/security/cve/CVE-2022-25265 https://access.redhat.com/security/cve/CVE-2022-30594 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-39188 https://access.redhat.com/security/cve/CVE-2022-39189 https://access.redhat.com/security/cve/CVE-2022-41218 https://access.redhat.com/security/cve/CVE-2022-41674 https://access.redhat.com/security/cve/CVE-2022-41973 https://access.redhat.com/security/cve/CVE-2022-42703 https://access.redhat.com/security/cve/CVE-2022-42720 https://access.redhat.com/security/cve/CVE-2022-42721 https://access.redhat.com/security/cve/CVE-2022-42722 https://access.redhat.com/security/cve/CVE-2022-43750 https://access.redhat.com/security/cve/CVE-2022-47929 https://access.redhat.com/security/cve/CVE-2023-0394 https://access.redhat.com/security/cve/CVE-2023-0461 https://access.redhat.com/security/cve/CVE-2023-1195 https://access.redhat.com/security/cve/CVE-2023-1582 https://access.redhat.com/security/cve/CVE-2023-1999 https://access.redhat.com/security/cve/CVE-2023-22490 https://access.redhat.com/security/cve/CVE-2023-23454 https://access.redhat.com/security/cve/CVE-2023-23946 https://access.redhat.com/security/cve/CVE-2023-25652 https://access.redhat.com/security/cve/CVE-2023-25815 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29007 https://access.redhat.com/security/cve/CVE-2023-32313 https://access.redhat.com/security/cve/CVE-2023-32314 https://access.redhat.com/security/updates/classification/#critical

Package List


Severity
Advisory ID: RHSA-2023:3356-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3356
Issued Date: : 2023-05-30
CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-1789 CVE-2022-2196 CVE-2022-2663 CVE-2022-2795 CVE-2022-3028 CVE-2022-3204 CVE-2022-3239 CVE-2022-3522 CVE-2022-3524 CVE-2022-3564 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3627 CVE-2022-3628 CVE-2022-3707 CVE-2022-3970 CVE-2022-4129 CVE-2022-20141 CVE-2022-25265 CVE-2022-30594 CVE-2022-36227 CVE-2022-39188 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41973 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 CVE-2023-1195 CVE-2023-1582 CVE-2023-1999 CVE-2023-22490 CVE-2023-23454 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 CVE-2023-29007 CVE-2023-32313 CVE-2023-32314

Topic

Red Hat Advanced Cluster Management for Kubernetes 2.5.9 GeneralAvailability release images, which fix security issues and update containerimages.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2208376 - CVE-2023-32314 vm2: Sandbox Escape

2208377 - CVE-2023-32313 vm2: Inspect Manipulation


Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved