[RHSA-2023:3356-01] Critical: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates
Advisory ID: RHSA-2023:3356-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3356
Issue date: 2023-05-30
CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656
CVE-2022-1462 CVE-2022-1679 CVE-2022-1789
CVE-2022-2196 CVE-2022-2663 CVE-2022-2795
CVE-2022-3028 CVE-2022-3204 CVE-2022-3239
CVE-2022-3522 CVE-2022-3524 CVE-2022-3564
CVE-2022-3566 CVE-2022-3567 CVE-2022-3619
CVE-2022-3623 CVE-2022-3625 CVE-2022-3627
CVE-2022-3628 CVE-2022-3707 CVE-2022-3970
CVE-2022-4129 CVE-2022-20141 CVE-2022-25265
CVE-2022-30594 CVE-2022-36227 CVE-2022-39188
CVE-2022-39189 CVE-2022-41218 CVE-2022-41674
CVE-2022-41973 CVE-2022-42703 CVE-2022-42720
CVE-2022-42721 CVE-2022-42722 CVE-2022-43750
CVE-2022-47929 CVE-2023-0394 CVE-2023-0461
CVE-2023-1195 CVE-2023-1582 CVE-2023-1999
CVE-2023-22490 CVE-2023-23454 CVE-2023-23946
CVE-2023-25652 CVE-2023-25815 CVE-2023-27535
CVE-2023-29007 CVE-2023-32313 CVE-2023-32314
=====================================================================
1. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General
Availability release images, which fix security issues and update container
images.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
2. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fix(es):
* CVE-2023-32314 vm2: Sandbox Escape
* CVE-2023-32313 vm2: Inspect Manipulation
3. Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions about installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing
4. Bugs fixed ( https://bugzilla.redhat.com/):
2208376 - CVE-2023-32314 vm2: Sandbox Escape
2208377 - CVE-2023-32313 vm2: Inspect Manipulation
5. References:
https://access.redhat.com/security/cve/CVE-2021-26341
https://access.redhat.com/security/cve/CVE-2021-33655
https://access.redhat.com/security/cve/CVE-2021-33656
https://access.redhat.com/security/cve/CVE-2022-1462
https://access.redhat.com/security/cve/CVE-2022-1679
https://access.redhat.com/security/cve/CVE-2022-1789
https://access.redhat.com/security/cve/CVE-2022-2196
https://access.redhat.com/security/cve/CVE-2022-2663
https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/cve/CVE-2022-3028
https://access.redhat.com/security/cve/CVE-2022-3204
https://access.redhat.com/security/cve/CVE-2022-3239
https://access.redhat.com/security/cve/CVE-2022-3522
https://access.redhat.com/security/cve/CVE-2022-3524
https://access.redhat.com/security/cve/CVE-2022-3564
https://access.redhat.com/security/cve/CVE-2022-3566
https://access.redhat.com/security/cve/CVE-2022-3567
https://access.redhat.com/security/cve/CVE-2022-3619
https://access.redhat.com/security/cve/CVE-2022-3623
https://access.redhat.com/security/cve/CVE-2022-3625
https://access.redhat.com/security/cve/CVE-2022-3627
https://access.redhat.com/security/cve/CVE-2022-3628
https://access.redhat.com/security/cve/CVE-2022-3707
https://access.redhat.com/security/cve/CVE-2022-3970
https://access.redhat.com/security/cve/CVE-2022-4129
https://access.redhat.com/security/cve/CVE-2022-20141
https://access.redhat.com/security/cve/CVE-2022-25265
https://access.redhat.com/security/cve/CVE-2022-30594
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-39188
https://access.redhat.com/security/cve/CVE-2022-39189
https://access.redhat.com/security/cve/CVE-2022-41218
https://access.redhat.com/security/cve/CVE-2022-41674
https://access.redhat.com/security/cve/CVE-2022-41973
https://access.redhat.com/security/cve/CVE-2022-42703
https://access.redhat.com/security/cve/CVE-2022-42720
https://access.redhat.com/security/cve/CVE-2022-42721
https://access.redhat.com/security/cve/CVE-2022-42722
https://access.redhat.com/security/cve/CVE-2022-43750
https://access.redhat.com/security/cve/CVE-2022-47929
https://access.redhat.com/security/cve/CVE-2023-0394
https://access.redhat.com/security/cve/CVE-2023-0461
https://access.redhat.com/security/cve/CVE-2023-1195
https://access.redhat.com/security/cve/CVE-2023-1582
https://access.redhat.com/security/cve/CVE-2023-1999
https://access.redhat.com/security/cve/CVE-2023-22490
https://access.redhat.com/security/cve/CVE-2023-23454
https://access.redhat.com/security/cve/CVE-2023-23946
https://access.redhat.com/security/cve/CVE-2023-25652
https://access.redhat.com/security/cve/CVE-2023-25815
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/cve/CVE-2023-29007
https://access.redhat.com/security/cve/CVE-2023-32313
https://access.redhat.com/security/cve/CVE-2023-32314
https://access.redhat.com/security/updates/classification/#critical
6. Contact:
The Red Hat security contact is [secalert@redhat.com]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
--
A Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates has been released.