what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-3297-01

Red Hat Security Advisory 2023-3297-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2023-0361, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-27535, CVE-2023-29007, CVE-2023-32313, CVE-2023-32314
SHA-256 | a9c95cee3c3f2ef8153d088eeac3a325877fe0187e2772e5100d0e99f69c0a20
Download | Favorite | View

Red Hat Security Advisory 2023-3297-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates
Advisory ID:       RHSA-2023:3297-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3297
Issue date:        2023-05-24
CVE Names:         CVE-2022-36227 CVE-2023-0361 CVE-2023-22490 
                   CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 
                   CVE-2023-27535 CVE-2023-29007 CVE-2023-32313 
                   CVE-2023-32314 
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General
Availability release images, which fix security issues and update container
images.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/

Security fix(es):
* CVE-2023-32314 vm2: Sandbox Escape
* CVE-2023-32313 vm2: Inspect Manipulation

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on installing this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html-single/install/index#installing

4. Bugs fixed (https://bugzilla.redhat.com/):

2208376 - CVE-2023-32314 vm2: Sandbox Escape
2208377 - CVE-2023-32313 vm2: Inspect Manipulation

5. References:

https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-22490
https://access.redhat.com/security/cve/CVE-2023-23946
https://access.redhat.com/security/cve/CVE-2023-25652
https://access.redhat.com/security/cve/CVE-2023-25815
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/cve/CVE-2023-29007
https://access.redhat.com/security/cve/CVE-2023-32313
https://access.redhat.com/security/cve/CVE-2023-32314
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZG5wNtzjgjWX9erEAQhtig//Z/qbgBp0IoWqglFZ5bkFe1AAvUQYHDrT
6iuglIY5Lmi71ezBt4DEqEs0pZjJ4u3dm/ikQxyg3AuBNGtcRkxI3hNJMia3uKYW
jsCP8oBPGnsyQ/f9IiupbYScEula3pl50yu3CvXQNtG5hcNbIDU1HctlVeOH9VOi
ZTYB+7Lfw39ENh4EArkz7wUP8Vg2oE9Pc+pfau+OJQ+NmUX1Uc6kio6UMR8s/qPw
X1e8pl+qDiDIQj6iODF44scLZGbCS5OzrZs8rLn9KpA1Upo6sjStz+H1DnAGkCu5
Nq4xcaif63cS2+mar/6yXMd46vHHUQZc4Nyrgl+IzLeiTy5TfUWKzkNgcd+d09ff
t0nxDN2/wnQTo5h1FhJzdYOwP9CG9t7XjAZvj/CwlrZtw4LBiEpZqhNwuTFqzfRP
EA4GDUNqXEKrDiNXecL/MId+QGcu2lJx/19yENF6csIIMJZzPljtCM5NdRXK2LO8
JJppnE13Pa0HCA9fwVCHgpWbKRi3l95uJrS1XOdJeBhZ8az/ky/TSBqtn9tzd8ih
yDhSZCTYcRmnUfpxzq7c4tZHeeYFVuUSxOCHYTY35YFS2tD5TGOliGCszfl60zYB
Q9hS9VdbiI7wi7+6AaTlYZb4ZkfZ5/DK7ADZeSgFY6CJLWBQidnBKSpG5x6CAqaT
B6U0UG3yYqc=
=WYPq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close