Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Red Hat Advanced Cluster Management
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Red Hat Advanced Cluster Management
ID: RHSA-2022:9040-01
Distribution: Red Hat
Plattformen: Red Hat ACM
Datum: Do, 15. Dezember 2022, 07:28
Referenzen: https://access.redhat.com/security/cve/CVE-2022-41912
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-0617
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-21499
https://access.redhat.com/security/cve/CVE-2022-1016
https://access.redhat.com/security/cve/CVE-2020-36516
https://access.redhat.com/security/cve/CVE-2022-28893
https://access.redhat.com/security/cve/CVE-2021-3640
https://access.redhat.com/security/cve/CVE-2022-24448
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-25255
https://access.redhat.com/security/cve/CVE-2022-26373
https://access.redhat.com/security/cve/CVE-2022-42898
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-29581
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-0854
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-0908
https://access.redhat.com/security/cve/CVE-2022-28390
https://access.redhat.com/security/cve/CVE-2022-27950
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-1852
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-1048
https://access.redhat.com/security/cve/CVE-2022-2586
https://access.redhat.com/security/cve/CVE-2021-30002
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-1055
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2022-0909
https://access.redhat.com/security/cve/CVE-2020-36558
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-0924
https://access.redhat.com/security/cve/CVE-2022-1184
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-3517
https://access.redhat.com/security/cve/CVE-2022-20368
https://access.redhat.com/security/cve/CVE-2022-36946
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-23960
https://access.redhat.com/security/cve/CVE-2022-0891
https://access.redhat.com/security/cve/CVE-2022-2639
https://access.redhat.com/security/cve/CVE-2022-0561
https://access.redhat.com/security/cve/CVE-2022-22844
https://access.redhat.com/security/cve/CVE-2022-0562
https://access.redhat.com/security/cve/CVE-2022-2938
https://access.redhat.com/security/cve/CVE-2022-0865
https://access.redhat.com/security/cve/CVE-2022-0168
https://access.redhat.com/security/cve/CVE-2022-1355
https://access.redhat.com/security/cve/CVE-2022-2078
Applikationen: Red Hat Advanced Cluster Management

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Advanced Cluster Management 2.6.3
 security update
Advisory ID:       RHSA-2022:9040-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9040
Issue date:        2022-12-14
CVE Names:         CVE-2016-3709 CVE-2020-36516 CVE-2020-36558 
                   CVE-2021-3640 CVE-2021-30002 CVE-2022-0168 
                   CVE-2022-0561 CVE-2022-0562 CVE-2022-0617 
                   CVE-2022-0854 CVE-2022-0865 CVE-2022-0891 
                   CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 
                   CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 
                   CVE-2022-1184 CVE-2022-1304 CVE-2022-1355 
                   CVE-2022-1852 CVE-2022-2078 CVE-2022-2586 
                   CVE-2022-2639 CVE-2022-2938 CVE-2022-3517 
                   CVE-2022-20368 CVE-2022-21499 CVE-2022-22624 
                   CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 
                   CVE-2022-22844 CVE-2022-23960 CVE-2022-24448 
                   CVE-2022-25255 CVE-2022-26373 CVE-2022-26700 
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-27950 
                   CVE-2022-28390 CVE-2022-28893 CVE-2022-29581 
                   CVE-2022-30293 CVE-2022-36946 CVE-2022-37434 
                   CVE-2022-41912 CVE-2022-42898 
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General
Availability release images, which provide security updates, fix bugs, and
update container images.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Bugs addressed:

* clusters belong to global clusterset is not selected by placement when
rescheduling (BZ# 2129679)

* RHACM 2.6.3 images (BZ# 2139085)

Security fixes:

* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 
  Security

* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML
responses containing multiple Assertion elements

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on installing this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing

4. Bugs fixed (https://bugzilla.redhat.com/):

2129679 - clusters belong to global clusterset is not selected by placement
 when rescheduling
2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function
2139085 - RHACM 2.6.3 images
2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing
 SAML responses containing multiple Assertion elements

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2020-36516
https://access.redhat.com/security/cve/CVE-2020-36558
https://access.redhat.com/security/cve/CVE-2021-3640
https://access.redhat.com/security/cve/CVE-2021-30002
https://access.redhat.com/security/cve/CVE-2022-0168
https://access.redhat.com/security/cve/CVE-2022-0561
https://access.redhat.com/security/cve/CVE-2022-0562
https://access.redhat.com/security/cve/CVE-2022-0617
https://access.redhat.com/security/cve/CVE-2022-0854
https://access.redhat.com/security/cve/CVE-2022-0865
https://access.redhat.com/security/cve/CVE-2022-0891
https://access.redhat.com/security/cve/CVE-2022-0908
https://access.redhat.com/security/cve/CVE-2022-0909
https://access.redhat.com/security/cve/CVE-2022-0924
https://access.redhat.com/security/cve/CVE-2022-1016
https://access.redhat.com/security/cve/CVE-2022-1048
https://access.redhat.com/security/cve/CVE-2022-1055
https://access.redhat.com/security/cve/CVE-2022-1184
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-1355
https://access.redhat.com/security/cve/CVE-2022-1852
https://access.redhat.com/security/cve/CVE-2022-2078
https://access.redhat.com/security/cve/CVE-2022-2586
https://access.redhat.com/security/cve/CVE-2022-2639
https://access.redhat.com/security/cve/CVE-2022-2938
https://access.redhat.com/security/cve/CVE-2022-3517
https://access.redhat.com/security/cve/CVE-2022-20368
https://access.redhat.com/security/cve/CVE-2022-21499
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-22844
https://access.redhat.com/security/cve/CVE-2022-23960
https://access.redhat.com/security/cve/CVE-2022-24448
https://access.redhat.com/security/cve/CVE-2022-25255
https://access.redhat.com/security/cve/CVE-2022-26373
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2022-27950
https://access.redhat.com/security/cve/CVE-2022-28390
https://access.redhat.com/security/cve/CVE-2022-28893
https://access.redhat.com/security/cve/CVE-2022-29581
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-36946
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-41912
https://access.redhat.com/security/cve/CVE-2022-42898
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY5qj0dzjgjWX9erEAQhFqA/8DZy1ZnL7VmBeHUO2lMosz2PcFW9BdHpv
r6H/1LECRRU0uZ2AKbqnaY3upDNFxxvu2/rTo20TzSxTNTOATzH5zLWNhkcNpzGK
w9zWg0FdhlskPIQFD2Ld0dan+0hTlJGqlr71H4BjS8IDUJxjwCeuoiVHPUU3lJXZ
c1zTtLl6kdJBuHQB6wQ03rZP+GtMHuOxOKUvFyNFm8TJksc+US/F9lpe/qEzXbfy
4SWWNDysT4naITX6QImyCYAcvh/FLhdsDKv3G3sYGdinXJHJTeGlikGAjywCj9Tu
QjVlJ6eO5Olmur/x4KMIcZo8W5dxOHFsT3s3+hfgAcndFgH/Azb10DnkNc4/x6Yk
5dndPpkDagITgBB57FGMk66ruoXvisvxt9I/zNhIVXCQk0HiyeN1lwj1OtSyn69i
r4FQ4pYm1+0M3itbxbpzcwg4gsKyWUzkuRWeuprCFSFQE1SE8z/Biv+oMr5JcCLw
ltadJfcECSVQ6QKwc1l5h+3AU0nklPuzgV4oeqI0x1rBD1WLeYJWNfNQkQpHz+mw
aM3q13/pnCrB/wCGb/tnzrROKrM3UnPsFNew1/2v6KhTphFmH3DcZuGbwMMrzbdk
8TLILCPAXmmcqajELZUetPi8UOvhp5BLgtNvXkXHAVOKgpIN2MVi3oGFp39rzgtR
RaBDmvKMVxk=
=ttV/
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung