VolSync v0.11.1 general availability release images, which provide
enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

VolSync v0.11.1 is a Kubernetes operator that enables asynchronous replication
 of persistent volumes within a cluster, or across clusters. After deploying
the VolSync operator, it can create and maintain copies of your persistent
data.

For more information about VolSync, see:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync

or the VolSync open source community website at:
https://volsync.readthedocs.io/en/stable/.

This advisory contains enhancements and updates to the VolSync
container images.

Security fix(es):

* quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on
 Linux (CVE-2024-53259) 
* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto (CVE-2024-45337)
* golang.org/x/net/html: Non-linear parsing of case-insensitive content in
golang.org/x/net/html (CVE-2024-45338)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-45337: Improper Authorization (CWE-285)
CVE-2024-45338: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2024-53259: Insufficient Verification of Data Authenticity (CWE-345)