Red Hat 9062 Published by

Updated Red Hat Advanced Cluster Management for Kubernetes version 2.0.4 images has been released.



RHSA-2020:4304-01: Moderate: Red Hat Advanced Cluster Management for Kubernetes version 2.0.4 images



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Advanced Cluster Management for Kubernetes version 2.0.4 images
Advisory ID: RHSA-2020:4304-01
Product: Red Hat ACM
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:4304
Issue date: 2020-10-22
CVE Names: CVE-2020-25655
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.0.4 General
Availability release.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

RHACM 2.0.4 images

Red Hat Advanced Cluster Management provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

See the following Release Notes documentation for details about this
release:

  https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana
gement_for_kubernetes/2.0/html/release_notes/

Security Fix(es):

* open-cluster-management: RBAC bypass may disclose cluster secrets to
other users (CVE-2020-25655)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

  https://access.redhat.com/articles/11258

4. Bugs fixed (  https://bugzilla.redhat.com/):

1882496 - RHACM 2.0.4 images
1882748 - search-operator Pod OOMKilled After Upgrading OpenShift
1884295 - Trying to install ACM and multi cluster hub is not deploying
1888475 - CVE-2020-25655 open-cluster-management: RBAC bypass may disclose cluster secrets to other users

5. References:

  https://access.redhat.com/security/cve/CVE-2020-25655
  https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.