{"id":25592,"date":"2022-06-09T20:28:27","date_gmt":"2022-06-09T16:28:27","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167459\/RHSA-2022-4956-01.txt"},"modified":"2022-06-14T11:59:40","modified_gmt":"2022-06-14T07:29:40","slug":"red-hat-security-advisory-2022-4956-01","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/red-hat-security-advisory-2022-4956-01\/","title":{"rendered":"Red Hat Security Advisory 2022-4956-01"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n

=====================================================================
\nRed Hat Security Advisory<\/p>\n

Synopsis: Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes
\nAdvisory ID: RHSA-2022:4956-01
\nProduct: Red Hat ACM
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:4956
\nIssue date: 2022-06-08
\nCVE Names: CVE-2020-0404 CVE-2020-4788 CVE-2020-13974
\nCVE-2020-19131 CVE-2020-27820 CVE-2021-0941
\nCVE-2021-3612 CVE-2021-3634 CVE-2021-3669
\nCVE-2021-3737 CVE-2021-3743 CVE-2021-3744
\nCVE-2021-3752 CVE-2021-3759 CVE-2021-3764
\nCVE-2021-3772 CVE-2021-3773 CVE-2021-3918
\nCVE-2021-4002 CVE-2021-4037 CVE-2021-4083
\nCVE-2021-4157 CVE-2021-4189 CVE-2021-4197
\nCVE-2021-4203 CVE-2021-20322 CVE-2021-21781
\nCVE-2021-26401 CVE-2021-29154 CVE-2021-37159
\nCVE-2021-41190 CVE-2021-41864 CVE-2021-42739
\nCVE-2021-43056 CVE-2021-43389 CVE-2021-43565
\nCVE-2021-43816 CVE-2021-43858 CVE-2021-43976
\nCVE-2021-44733 CVE-2021-45485 CVE-2021-45486
\nCVE-2022-0001 CVE-2022-0002 CVE-2022-0235
\nCVE-2022-0286 CVE-2022-0322 CVE-2022-0778
\nCVE-2022-1011 CVE-2022-21803 CVE-2022-23806
\nCVE-2022-24450 CVE-2022-24778 CVE-2022-24785
\nCVE-2022-27191 CVE-2022-29810
\n=====================================================================<\/p>\n

1. Summary:<\/p>\n

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally
\navailable.<\/p>\n

Red Hat Product Security has rated this update as having a security impact
\nof Important. A Common Vulnerability Scoring System (CVSS) base score,
\nwhich
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE links in the References section.<\/p>\n

2. Description:<\/p>\n

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images<\/p>\n

Red Hat Advanced Cluster Management for Kubernetes provides the
\ncapabilities to address common challenges that administrators and site
\nreliability engineers face as they work across a range of public and
\nprivate cloud environments. Clusters and applications are all visible and
\nmanaged from a single console\u2014with security policy built in.<\/p>\n

This advisory contains the container images for Red Hat Advanced Cluster
\nManagement for Kubernetes, which fix several bugs and security issues. See
\nthe following Release Notes documentation, which will be updated shortly
\nfor this release, for additional details about this release:<\/p>\n

https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_advanced_cluster_management_for_kubernetes\/2.5\/html\/release_notes\/<\/p>\n

Security fixes:<\/p>\n

* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)<\/p>\n

* containerd: Unprivileged pod may bind mount any privileged regular file
\non disk (CVE-2021-43816)<\/p>\n

* minio: user privilege escalation in AddUser() admin API (CVE-2021-43858)<\/p>\n

* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing
\ncertificates (CVE-2022-0778)<\/p>\n

* imgcrypt: Unauthorized access to encryted container image on a shared
\nsystem due to missing check in CheckAuthorization() code path
\n(CVE-2022-24778)<\/p>\n

* golang.org\/x\/crypto: empty plaintext packet causes panic (CVE-2021-43565)<\/p>\n

* node-fetch: exposure of sensitive information to an unauthorized actor
\n(CVE-2022-0235)<\/p>\n

* nconf: Prototype pollution in memory store (CVE-2022-21803)<\/p>\n

* golang: crypto\/elliptic IsOnCurve returns true for invalid field elements
\n(CVE-2022-23806)<\/p>\n

* nats-server: misusing the “dynamically provisioned sandbox accounts”
\nfeature authenticated user can obtain the privileges of the System account
\n(CVE-2022-24450)<\/p>\n

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)<\/p>\n

* golang: crash in a golang.org\/x\/crypto\/ssh server (CVE-2022-27191)<\/p>\n

* go-getter: writes SSH credentials into logfile, exposing sensitive
\ncredentials to local uses (CVE-2022-29810)<\/p>\n

* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)<\/p>\n

Bug fixes:<\/p>\n

* RFE Copy secret with specific secret namespace, name for source and name,
\nnamespace and cluster label for target (BZ# 2014557)<\/p>\n

* RHACM 2.5.0 images (BZ# 2024938)<\/p>\n

* [UI] When you delete host agent from infraenv no confirmation message
\nappear (Are you sure you want to delete x?) (BZ#2028348)<\/p>\n

* Clusters are in ‘Degraded’ status with upgrade env due to obs-controller
\nnot working properly (BZ# 2028647)<\/p>\n

* create cluster pool -> choose infra type, As a result infra providers
\ndisappear from UI. (BZ# 2033339)<\/p>\n

* Restore\/backup shows up as Validation failed but the restore backup
\nstatus in ACM shows success (BZ# 2034279)<\/p>\n

* Observability – OCP 311 node role are not displayed completely (BZ#
\n2038650)<\/p>\n

* Documented uninstall procedure leaves many leftovers (BZ# 2041921)<\/p>\n

* infrastructure-operator pod crashes due to insufficient privileges in ACM
\n2.5 (BZ# 2046554)<\/p>\n

* Acm failed to install due to some missing CRDs in operator (BZ# 2047463)<\/p>\n

* Navigation icons no longer showing in ACM 2.5 (BZ# 2051298)<\/p>\n

* ACM home page now includes \/home\/ in url (BZ# 2051299)<\/p>\n

* proxy heading in Add Credential should be capitalized (BZ# 2051349)<\/p>\n

* ACM 2.5 tries to create new MCE instance when install on top of existing
\nMCE 2.0 (BZ# 2051983)<\/p>\n

* Create Policy button does not work and user cannot use console to create
\npolicy (BZ# 2053264)<\/p>\n

* No cluster information was displayed after a policyset was created (BZ#
\n2053366)<\/p>\n

* Dynamic plugin update does not take effect in Firefox (BZ# 2053516)<\/p>\n

* Replicated policy should not be available when creating a Policy Set (BZ#
\n2054431)<\/p>\n

* Placement section in Policy Set wizard does not reset when users click
\n“Back” to re-configured placement (BZ# 2054433)<\/p>\n

3. Solution:<\/p>\n

For Red Hat Advanced Cluster Management for Kubernetes, see the following
\ndocumentation, which will be updated shortly for this release, for
\nimportant
\ninstructions on installing this release:<\/p>\n

https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_advanced_cluster_management_for_kubernetes\/2.5\/html-single\/install\/index#installing<\/p>\n

4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n

2014557 – RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target
\n2024702 – CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability
\n2024938 – CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
\n2028224 – RHACM 2.5.0 images
\n2028348 – [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?)
\n2028647 – Clusters are in ‘Degraded’ status with upgrade env due to obs-controller not working properly
\n2030787 – CVE-2021-43565 golang.org\/x\/crypto: empty plaintext packet causes panic
\n2033339 – create cluster pool -> choose infra type , As a result infra providers disappear from UI.
\n2034279 – Restore\/backup shows up as Validation failed but the restore backup status in ACM shows success
\n2036252 – CVE-2021-43858 minio: user privilege escalation in AddUser() admin API
\n2038650 – Observability – OCP 311 node role are not displayed completely
\n2041921 – Documented uninstall procedure leaves many leftovers
\n2044434 – CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk
\n2044591 – CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
\n2046554 – infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5
\n2047463 – Acm failed to install due to some missing CRDs in operator
\n2051298 – Navigation icons no longer showing in ACM 2.5
\n2051299 – ACM home page now includes \/home\/ in url
\n2051349 – proxy heading in Add Credential should be capitalized
\n2051983 – ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0
\n2052573 – CVE-2022-24450 nats-server: misusing the “dynamically provisioned sandbox accounts” feature authenticated user can obtain the privileges of the System account
\n2053264 – Create Policy button does not work and user cannot use console to create policy
\n2053366 – No cluster information was displayed after a policyset was created
\n2053429 – CVE-2022-23806 golang: crypto\/elliptic IsOnCurve returns true for invalid field elements
\n2053516 – Dynamic plugin update does not take effect in Firefox
\n2054431 – Replicated policy should not be available when creating a Policy Set
\n2054433 – Placement section in Policy Set wizard does not reset when users click “Back” to re-configured placement
\n2054772 – credentialName is not parsed correctly in UI notifications\/alerts when creating\/updating a discovery config
\n2054860 – Cluster overview page crashes for on-prem cluster
\n2055333 – Unable to delete assisted-service operator
\n2055900 – If MCH is installed on existing MCE and both are in multicluster-engine namespace , uninstalling MCH terminates multicluster-engine namespace
\n2056485 – [UI] In infraenv detail the host list don’t have pagination
\n2056701 – Non platform install fails agentclusterinstall CRD is outdated in rhacm2.5
\n2057060 – [CAPI] Unable to create ClusterDeployment due to service account restrictions (ACM + Bundled Assisted)
\n2058435 – Label cluster.open-cluster-management.io\/backup-cluster stamped ‘unknown’ for velero backups
\n2059779 – spec.nodeSelector is missing in MCE instance created by MCH upon installing ACM on infra nodes
\n2059781 – Policy UI crashes when viewing details of configuration policies for backupschedule that does not exist
\n2060135 – [assisted-install] agentServiceConfig left orphaned after uninstalling ACM
\n2060151 – Policy set of the same name cannot be re-created after the previous one has been deleted
\n2060230 – [UI] Delete host modal has incorrect host’s name populated
\n2060309 – multiclusterhub stuck in installing on “ManagedClusterConditionAvailable” [intermittent]\n2060469 – The development branch of the Submariner addon deploys 0.11.0, not 0.12.0
\n2060550 – MCE installation hang due to no console-mce-console deployment available
\n2060603 – prometheus doesn’t display managed clusters
\n2060831 – Observability – prometheus-operator failed to start on *KS
\n2060934 – Cannot provision AWS OCP 4.9 cluster from Power Hub
\n2061260 – The value of the policyset placement should be filtered space when input cluster label expression
\n2061311 – Cleanup of installed spoke clusters hang on deletion of spoke namespace
\n2061659 – the network section in create cluster -> Networking include the brace in the network title
\n2061798 – [ACM 2.5] The service of Cluster Proxy addon was missing
\n2061838 – ACM component subscriptions are removed when enabling spec.disableHubSelfManagement in MCH
\n2062009 – No name validation is performed on Policy and Policy Set Wizards
\n2062022 – cluster.open-cluster-management.io\/backup-cluster of velero schedules should populate the corresponding hub clusterID
\n2062025 – No validation is done on yaml’s format or content in Policy and Policy Set wizards
\n2062202 – CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
\n2062337 – velero schedules get re-created after the backupschedule is in ‘BackupCollision’ phase
\n2062462 – Upgrade to 2.5 hang due to irreconcilable errors of grc-sub and search-prod-sub in MCH
\n2062556 – Always return the policyset page after created the policy from UI
\n2062787 – Submariner Add-on UI does not indicate on Broker error
\n2063055 – User with cluserrolebinding of open-cluster-management:cluster-manager-admin role can’t see policies and clusters page
\n2063341 – Release imagesets are missing in the console for ocp 4.10
\n2063345 – Application Lifecycle- UI shows white blank page when the page is Refreshed
\n2063596 – claim clusters from clusterpool throws errors
\n2063599 – Update the message in clusterset -> clusterpool page since we did not allow to add clusterpool to clusterset by resourceassignment
\n2063697 – Observability – MCOCR reports object-storage secret without AWS access_key in STS enabled env
\n2064231 – Can not clean the instance type for worker pool when create the clusters
\n2064247 – prefer UI can add the architecture type when create the cluster
\n2064392 – multicloud oauth-proxy failed to log users in on web
\n2064477 – Click at “Edit Policy” for each policy leads to a blank page
\n2064509 – No option to view the ansible job details and its history in the Automation wizard after creation of the automation job
\n2064516 – Unable to delete an automation job of a policy
\n2064528 – Columns of Policy Set, Status and Source on Policy page are not sortable
\n2064535 – Different messages on the empty pages of Overview and Clusters when policy is disabled
\n2064702 – CVE-2022-27191 golang: crash in a golang.org\/x\/crypto\/ssh server
\n2064722 – [Tracker] [DR][ACM 2.5] Applications are not getting deployed on managed cluster
\n2064899 – Failed to provision openshift 4.10 on bare metal
\n2065436 – “Filter” drop-down list does not show entries of the policies that have no top-level remediation specified
\n2066198 – Issues about disabled policy from UI
\n2066207 – The new created policy should be always shown up on the first line
\n2066333 – The message was confuse when the cluster status is Running
\n2066383 – MCE install failing on proxy disconnected environment
\n2066433 – Logout not working for ACM 2.5
\n2066464 – console-mce-console pods throw ImagePullError after upgrading to ocp 4.10
\n2066475 – User with view-only rolebinding should not be allowed to create policy, policy set and automation job
\n2066544 – The search box can’t work properly in Policies page
\n2066594 – RFE: Can’t open the helm source link of the backup-restore-enabled policy from UI
\n2066650 – minor issues in cluster curator due to the startup throws errors
\n2066751 – the image repo of application-manager did not updated to use the image repo in MCE\/MCH configuration
\n2066834 – Hibernating cluster(s) in cluster pool stuck in ‘Stopping’ status after restore activation
\n2066842 – cluster pool credentials are not backed up
\n2066914 – Unable to remove cluster value during configuration of the label expressions for policy and policy set
\n2066940 – Validation fired out for https proxy when the link provided not starting with https
\n2066965 – No message is displayed in Policy Wizard to indicate a policy externally managed
\n2066979 – MIssing groups in policy filter options comparing to previous RHACM version
\n2067053 – I was not able to remove the image mirror content when create the cluster
\n2067067 – Can’t filter the cluster info when clicked the cluster in the Placement section
\n2067207 – Bare metal asset secrets are not backed up
\n2067465 – Categories,Standards, and Controls annotations are not updated after user has deleted a selected template
\n2067713 – Columns on policy’s “Results” are not sort-able as in previous release
\n2067728 – Can’t search in the policy creation or policyset creation Yaml editor
\n2068304 – Application Lifecycle- Replicasets arent showing the logs console in Topology
\n2068309 – For policy wizard in dynamics plugin environment, buttons at the bottom should be sticky and the contents of the Policy should scroll
\n2068312 – Application Lifecycle – Argo Apps are not showing overview details and topology after upgrading from 2.4
\n2068313 – Application Lifecycle – Refreshing overview page leads to a blank page
\n2068328 – A cluster’s “View history” page should not contain all clusters’ violations history
\n2068387 – Observability – observability operator always CrashLoopBackOff in FIPS upgrading hub
\n2068993 – Observability – Node list is not filtered according to nodeType on OCP 311 dashboard
\n2069329 – config-policy-controller addon with “Unknown” status in OCP 3.11 managed cluster after upgrade hub to 2.5
\n2069368 – CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
\n2069469 – Status of unreachable clusters is not reported in several places on GRC panels
\n2069615 – The YAML editor can’t work well when login UI using dynamic console plugin
\n2069622 – No validation for policy template’s name
\n2069698 – After claim a cluster from clusterpool, the cluster pages become very very slow
\n2069867 – Error occurs when trying to edit an application set\/subscription
\n2069870 – ACM\/MCE Dynamic Plugins – 404: Page Not Found Error Occurs – intermittent crashing
\n2069875 – Cluster secrets are not being created in the managed cluster’s namespace
\n2069895 – Application Lifecycle – Replicaset and Pods gives error messages when Yaml is selected on sidebar
\n2070203 – Blank Application is shown when editing an Application with AnsibleJobs
\n2070782 – Failed Secret Propagation to the Same Namespace as the AnsibleJob CR
\n2070846 – [ACM 2.5] Can’t re-add the default clusterset label after removing it from a managedcluster on BM SNO hub
\n2071066 – Policy set details panel does not work when deployed into namespace different than “default”
\n2071173 – Configured RunOnce automation job is not displayed although the policy has no violation
\n2071191 – MIssing title on details panel after clicking “view details” of a policy set card
\n2071769 – Placement must be always configured or error is reported when creating a policy
\n2071818 – ACM logo not displayed in About info modal
\n2071869 – Topology includes the status of local cluster resources when Application is only deployed to managed cluster
\n2072009 – CVE-2022-24785 Moment.js: Path traversal in moment.locale
\n2072097 – Local Cluster is shown as Remote on the Application Overview Page and Single App Overview Page
\n2072104 – Inconsistent “Not Deployed” Icon Used Between 2.4 and 2.5 as well as the Overview and Topology
\n2072177 – Cluster Resource Status is showing App Definition Statuses as well
\n2072227 – Sidebar Statuses Need to Be Updated to Reflect Cluster List and Cluster Resource Statuses
\n2072231 – Local Cluster not included in the appsubreport for Helm Applications Deployed on All Clusters
\n2072334 – Redirect URL is now to the details page after created a policy
\n2072342 – Shows “NaN%” in the ring chart when add the disabled policy into policyset and view its details
\n2072350 – CRD Deployed via Application Console does not have correct deployment status and spelling
\n2072359 – Report the error when editing compliance type in the YAML editor and then submit the changes
\n2072504 – The policy has violations on the failed managed cluster
\n2072551 – URL dropdown is not being rendered with an Argo App with a new URL
\n2072773 – When a channel is deleted and recreated through the App Wizard, application creation stalls and warning pops up
\n2072824 – The edit\/delete policyset button should be greyed when using viewer check
\n2072829 – When Argo App with jsonnet object is deployed, topology and cluster status would fail to display the correct statuses.
\n2073179 – Policy controller was unable to retrieve violation status in for an OCP 3.11 managed cluster on ARM hub
\n2073330 – Observabilityy – memory usage data are not collected even collect rule is fired on SNO
\n2073355 – Get blank page when click policy with unknown status in Governance -> Overview page
\n2073508 – Thread responsible to get insights data from *ks clusters is broken
\n2073557 – appsubstatus is not deleted for Helm applications when changing between 2 managed clusters
\n2073726 – Placement of First Subscription gets overlapped by the Cluster Node in Application Topology
\n2073739 – Console\/App LC – Error message saying resource conflict only shows up in standalone ACM but not in Dynamic plugin
\n2073740 – Console\/App LC- Apps are deployed even though deployment do not proceed because of “resource conflict” error
\n2074178 – Editing Helm Argo Applications does not Prune Old Resources
\n2074626 – Policy placement failure during ZTP SNO scale test
\n2074689 – CVE-2022-21803 nconf: Prototype pollution in memory store
\n2074803 – The import cluster YAML editor shows the klusterletaddonconfig was required on MCE portal
\n2074937 – UI allows creating cluster even when there are no ClusterImageSets
\n2075416 – infraEnv failed to create image after restore
\n2075440 – The policyreport CR is created for spoke clusters until restarted the insights-client pod
\n2075739 – The lookup function won’t check the referred resource whether exist when using template policies
\n2076421 – Can’t select existing placement for policy or policyset when editing policy or policyset
\n2076494 – No policyreport CR for spoke clusters generated in the disconnected env
\n2076502 – The policyset card doesn’t show the cluster status(violation\/without violation) again after deleted one policy
\n2077144 – GRC Ansible automation wizard does not display error of missing dependent Ansible Automation Platform operator
\n2077149 – App UI shows no clusters cluster column of App Table when Discovery Applications is deployed to a managed cluster
\n2077291 – Prometheus doesn’t display acm_managed_cluster_info after upgrade from 2.4 to 2.5
\n2077304 – Create Cluster button is disabled only if other clusters exist
\n2077526 – ACM UI is very very slow after upgrade from 2.4 to 2.5
\n2077562 – Console\/App LC- Helm and Object bucket applications are not showing as deployed in the UI
\n2077751 – Can’t create a template policy from UI when the object’s name is referring Golang text template syntax in this policy
\n2077783 – Still show violation for clusterserviceversions after enforced “Detect Image vulnerabilities ” policy template and the operator is installed
\n2077951 – Misleading message indicated that a placement of a policy became one managed only by policy set
\n2078164 – Failed to edit a policy without placement
\n2078167 – Placement binding and rule names are not created in yaml when editing a policy previously created with no placement
\n2078373 – Disable the hyperlink of *ks node in standalone MCE environment since the search component was not exists
\n2078617 – Azure public credential details get pre-populated with base domain name in UI
\n2078952 – View pod logs in search details returns error
\n2078973 – Crashed pod is marked with success in Topology
\n2079013 – Changing existing placement rules does not change YAML file
\n2079015 – Uninstall pod crashed when destroying Azure Gov cluster in ACM
\n2079421 – Hyphen(s) is deleted unexpectedly in UI when yaml is turned on
\n2079494 – Hitting Enter in yaml editor caused unexpected keys “key00x:” to be created
\n2079533 – Clusters with no default clusterset do not get assigned default cluster when upgrading from ACM 2.4 to 2.5
\n2079585 – When an Ansible Secret is propagated to an Ansible Application namespace, the propagated secret is shown in the Credentials page
\n2079611 – Edit appset placement in UI with a different existing placement causes the current associated placement being deleted
\n2079615 – Edit appset placement in UI with a new placement throws error upon submitting
\n2079658 – Cluster Count is Incorrect in Application UI
\n2079909 – Wrong message is displayed when GRC fails to connect to an ansible tower
\n2080172 – Still create policy automation successfully when the PolicyAutomation name exceed 63 characters
\n2080215 – Get a blank page after go to policies page in upgraded env when using an user with namespace-role-binding of default view role
\n2080279 – CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses
\n2080503 – vSphere network name doesn’t allow entering spaces and doesn’t reflect YAML changes
\n2080567 – Number of cluster in violation in the table does not match other cluster numbers on the policy set details page
\n2080712 – Select an existing placement configuration does not work
\n2080776 – Unrecognized characters are displayed on policy and policy set yaml editors
\n2081792 – When deploying an application to a clusterpool claimed cluster after upgrade, the application does not get deployed to the cluster
\n2081810 – Type ‘-‘ character in Name field caused previously typed character backspaced in in the name field of policy wizard
\n2081829 – Application deployed on local cluster’s topology is crashing after upgrade
\n2081938 – The deleted policy still be shown on the policyset review page when edit this policy set
\n2082226 – Object Storage Topology includes residue of resources after Upgrade
\n2082409 – Policy set details panel remains even after the policy set has been deleted
\n2082449 – The hypershift-addon-agent deployment did not have imagePullSecrets
\n2083038 – Warning still refers to the `klusterlet-addon-appmgr` pod rather than the `application-manager` pod
\n2083160 – When editing a helm app with failing resources to another, the appsubstatus and the managedclusterview do not get updated
\n2083434 – The provider-credential-controller did not support the RHV credentials type
\n2083854 – When deploying an application with ansiblejobs multiple times with different namespaces, the topology shows all the ansiblejobs rather than just the one within the namespace
\n2083870 – When editing an existing application and refreshing the `Select an existing placement configuration`, multiple occurrences of the placementrule gets displayed
\n2084034 – The status message looks messy in the policy set card, suggest one kind status one a row
\n2084158 – Support provisioning bm cluster where no provisioning network provided
\n2084622 – Local Helm application shows cluster resources as `Not Deployed` in Topology [Upgrade]\n2085083 – Policies fail to copy to cluster namespace after ACM upgrade
\n2085237 – Resources referenced by a channel are not annotated with backup label
\n2085273 – Error querying for ansible job in app topology
\n2085281 – Template name error is reported but the template name was found in a different replicated policy
\n2086389 – The policy violations for hibernated cluster still be displayed on the policy set details page
\n2087515 – Validation thrown out in configuration for disconnect install while creating bm credential
\n2088158 – Object Storage Application deployed to all clusters is showing unemployed in topology [Upgrade]\n2088511 – Some cluster resources are not showing labels that are defined in the YAML<\/p>\n

5. References:<\/p>\n

https:\/\/access.redhat.com\/security\/cve\/CVE-2020-0404
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-4788
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-13974
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-19131
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-27820
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-0941
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3612
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3634
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3669
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3737
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3743
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3744
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3752
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3759
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3764
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3772
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3773
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3918
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4002
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4037
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4083
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4157
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4189
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4197
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4203
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-20322
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-21781
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-26401
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-29154
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-37159
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-41190
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-41864
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-42739
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43056
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43389
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43565
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43816
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43858
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43976
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-44733
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-45485
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-45486
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0001
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0002
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0235
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0286
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0322
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0778
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1011
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-21803
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-23806
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24450
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24778
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24785
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27191
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-29810
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#important<\/p>\n

6. Contact:<\/p>\n

The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n

Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n

iQIVAwUBYqGh9NzjgjWX9erEAQioMQ\/+N4V24GgHpDTRxKavLHSpma22mLya2Xgu
\n3zrYbLvVELbdqPyzke5T5cJ\/4ElXTr9s2Ev6KKoCXMmYKm3TKFnW9Y3J9XA7l7xk
\n8sWcAXzqWIgFdOXwzNOhKqn6PsHgZrbwH8UOYsThla+Qc1scK4LtTj67pEn0dqcv
\njl0PuRkgQb+tmdAbssXaKyrJeAPYk4B69iDwPoGdG5GJLkJybTs8KZrduZNnjMre
\nf5hRZHZU6AQlWv\/MH9m8Qh+F3O38Yu8I+sc71OGT7JVY4wcIuzCG2D21jdGcuQUh
\ngtnH5Ma17d2IqaJaX1KYGcdBu4F4bCKW581j8SBX2S7TGXhe9K1+If1ra47eIgeK
\n8DM\/qadQ52GhTK7Voh2EUvG0nQt2iOs6i6V3unCc9wCTZheJPsJHz3G\/9HKbWT54
\n4rsLjjdq\/9lMhU3eV4VzSxntCkXgISHmqFoEswCX6YmNeEDMeE6rPsO5+81ObA3n
\nbOXscXbYscj1FCfW5OboKpAtdtpQbajnS+46lUkW2y0jUyi5vRqWgx5mDQcbpiBj
\n0uGL7VSADIwKY\/i93itqYbVFyu7lsQI3FtQr+akOmaWm7MlDykbb81lyNByi6y86
\ng34x7lXyjuA+QW862w8v9NINUI7Csja0nnKHDe5XJdWO9cMHuyk6YrM9mv\/FpTb4
\nU39I87cKxqA=
\n=tOMt
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes Advisory ID: RHSA-2022:4956-01 Product: Red Hat ACM Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:4956 Issue date: 2022-06-08 CVE Names: CVE-2020-0404 CVE-2020-4788 CVE-2020-13974 CVE-2020-19131 CVE-2020-27820 CVE-2021-0941 CVE-2021-3612 CVE-2021-3634 CVE-2021-3669 CVE-2021-3737 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-25592","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=25592"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25592\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=25592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=25592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=25592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}