{"id":21794,"date":"2022-03-15T20:59:52","date_gmt":"2022-03-15T17:59:52","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166309\/RHSA-2022-0856-01.txt"},"modified":"2022-03-16T08:28:28","modified_gmt":"2022-03-16T04:58:28","slug":"red-hat-security-advisory-2022-0856-01","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/red-hat-security-advisory-2022-0856-01\/","title":{"rendered":"Red Hat Security Advisory 2022-0856-01"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n

=====================================================================
\nRed Hat Security Advisory<\/p>\n

Synopsis: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
\nAdvisory ID: RHSA-2022:0856-01
\nProduct: Red Hat ACM
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0856
\nIssue date: 2022-03-14
\nCVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751
\nCVE-2019-17594 CVE-2019-17595 CVE-2019-18218
\nCVE-2019-19603 CVE-2019-20838 CVE-2020-0465
\nCVE-2020-0466 CVE-2020-12762 CVE-2020-13435
\nCVE-2020-14155 CVE-2020-16135 CVE-2020-24370
\nCVE-2020-25709 CVE-2020-25710 CVE-2021-0920
\nCVE-2021-3200 CVE-2021-3426 CVE-2021-3445
\nCVE-2021-3521 CVE-2021-3564 CVE-2021-3572
\nCVE-2021-3573 CVE-2021-3580 CVE-2021-3712
\nCVE-2021-3752 CVE-2021-3800 CVE-2021-3872
\nCVE-2021-3984 CVE-2021-4019 CVE-2021-4122
\nCVE-2021-4155 CVE-2021-4192 CVE-2021-4193
\nCVE-2021-20231 CVE-2021-20232 CVE-2021-22876
\nCVE-2021-22898 CVE-2021-22925 CVE-2021-23434
\nCVE-2021-25214 CVE-2021-27645 CVE-2021-28153
\nCVE-2021-33560 CVE-2021-33574 CVE-2021-35942
\nCVE-2021-36084 CVE-2021-36085 CVE-2021-36086
\nCVE-2021-36087 CVE-2021-39241 CVE-2021-40346
\nCVE-2021-42574 CVE-2022-0155 CVE-2022-0185
\nCVE-2022-0330 CVE-2022-22942 CVE-2022-24407
\n=====================================================================<\/p>\n

1. Summary:<\/p>\n

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 General
\nAvailability release images, which provide one or more container updates
\nand bug fixes.<\/p>\n

Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,
\nwhich gives a detailed severity rating, is available for each vulnerability
\nfrom the CVE link(s) in the References section.<\/p>\n

2. Description:<\/p>\n

Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images<\/p>\n

Red Hat Advanced Cluster Management for Kubernetes provides the
\ncapabilities to address common challenges that administrators and site
\nreliability engineers face as they work across a range of public and
\nprivate cloud environments.<\/p>\n

Clusters and applications are all visible and managed from a single console
\n\u2014 with security policy built in.<\/p>\n

This advisory contains the container images for Red Hat Advanced Cluster
\nManagement for Kubernetes, which provide security fixes, bug fixes and
\ncontainer upgrades. See the following Release Notes documentation, which
\nwill be updated shortly for this release, for additional details about this
\nrelease:<\/p>\n

https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_advanced_cluster_management_for_kubernetes\/2.2\/html\/release_notes\/<\/p>\n

Security updates:<\/p>\n

* object-path: Type confusion vulnerability can lead to a bypass of
\nCVE-2020-15256 (CVE-2021-23434)<\/p>\n

* follow-redirects: Exposure of Private Personal Information to an
\nUnauthorized Actor (CVE-2022-0155)<\/p>\n

Related bugs:<\/p>\n

* RHACM 2.2.11 images (Bugzilla #2029508)<\/p>\n

* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
\n#2030859)<\/p>\n

3. Solution:<\/p>\n

For Red Hat Advanced Cluster Management for Kubernetes, see the following
\ndocumentation, which will be updated shortly for this release, for
\nimportant instructions on how to upgrade your cluster and fully apply this
\nasynchronous errata update:<\/p>\n

https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_advanced_cluster_management_for_kubernetes\/2.2\/html\/release_notes\/index<\/p>\n

For details on how to apply this update, refer to:<\/p>\n

https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_advanced_cluster_management_for_kubernetes\/2.2\/html-single\/install\/index#installing<\/p>\n

4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n

1999810 – CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256
\n2029508 – RHACM 2.2.11 images
\n2030859 – ClusterImageSet has 4.5 which is not supported in ACM 2.2.10
\n2044556 – CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor<\/p>\n

5. References:<\/p>\n

https:\/\/access.redhat.com\/security\/cve\/CVE-2019-5827
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-13750
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-13751
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-17594
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-17595
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-18218
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-19603
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-20838
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-0465
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-0466
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-12762
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-13435
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-14155
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-16135
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-24370
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-25709
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-25710
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-0920
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3200
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3426
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3445
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3521
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3564
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3572
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3573
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3580
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3712
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3752
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3800
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3872
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3984
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4019
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4122
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4155
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4192
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4193
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-20231
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-20232
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-22876
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-22898
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-22925
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-23434
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-25214
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-27645
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-28153
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-33560
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-33574
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-35942
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-36084
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-36085
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-36086
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-36087
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-39241
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-40346
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-42574
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0155
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0185
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0330
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-22942
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24407
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate<\/p>\n

6. Contact:<\/p>\n

The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n

Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n

iQIVAwUBYi+vA9zjgjWX9erEAQgTqA\/+J2DQsJewk+7lcFiIFg2V\/pbB8hc0RsP5
\nKbxZaTfWXw0Awen3M5xN9iwKH8v3zdgwKMiEdPi4STFxQEoyOATJ6f8n1tIrZtEv
\nyvR4I\/fCTeQZYZJDPuCaUl0xkL7yFMqKumSsVeTI\/zUWDQB5Ifv30KMX68FV2UUW
\n1T\/A0gMzdsCOGNh89jw1tvehqsxfUsBZbv2oqTJkSGsCeBQohuP58MHUeYXzGy5M
\nHAJhRfgJYTcQneRiUt3PIlH737YjkXW5vO4sYqmyS30SvEtT7HK12qnw9DuBk7bs
\ntPDvuNy2DFF7S3HARQAgsPDWJQvMBdu96Vm9XHsVHYs\/jSrj2B05wAwvYKp5J2q8
\nWhghlFQnU2QJvaDslUhnC6gz6CqHhU971qSSRWdyrdOLe+56pTg1g1YgJ2V46sIv
\nb6+9UIFMg0IgHuX9Ys\/MVMqXaNOv3tvglmzIGbGsFKE8afZ8FPykaWx1His8fg1b
\nLxDe8x1eBHDGL28Q4fPmTRcZ6kusODotZPnc8Bv1Y8z+EdDBATI7OZhx9ePpb1fL
\nGsXBkFvFEaVwTHKWwA3RwTV3uj2rUP7ZCHJuJSaVuZPxhlhY\/Q1bXZhSh5aY1oSk
\n+YUU9HGz9zRJMVHFiuFYp0zrrOFOGw7PGXUr4\/+\/pPFJkWOVApYvlsgx7DvkyYmB
\nXdiu19jyuh4=
\n=lH1Z
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes Advisory ID: RHSA-2022:0856-01 Product: Red Hat ACM Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0856 Issue date: 2022-03-14 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-0465 CVE-2020-0466 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-25709 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21794","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21794"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21794\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}