RHSA-2021:5038-04: Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes

Red Hat 9043 Published by

A Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes has been released.



RHSA-2021:5038-04: Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes



=====================================================================
Red Hat Security Advisory

Synopsis: Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes
Advisory ID: RHSA-2021:5038-01
Product: Red Hat ACM
Advisory URL:   https://access.redhat.com/errata/RHSA-2021:5038
Issue date: 2021-12-08
CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750
CVE-2019-13751 CVE-2019-17594 CVE-2019-17595
CVE-2019-18218 CVE-2019-19603 CVE-2019-20838
CVE-2020-12762 CVE-2020-13435 CVE-2020-14145
CVE-2020-14155 CVE-2020-16135 CVE-2020-24370
CVE-2020-36385 CVE-2021-3200 CVE-2021-3426
CVE-2021-3445 CVE-2021-3572 CVE-2021-3580
CVE-2021-3733 CVE-2021-3778 CVE-2021-3795
CVE-2021-3796 CVE-2021-3800 CVE-2021-20231
CVE-2021-20232 CVE-2021-20266 CVE-2021-20271
CVE-2021-20317 CVE-2021-22876 CVE-2021-22898
CVE-2021-22925 CVE-2021-22946 CVE-2021-22947
CVE-2021-23440 CVE-2021-23840 CVE-2021-23841
CVE-2021-27645 CVE-2021-28153 CVE-2021-33560
CVE-2021-33574 CVE-2021-33928 CVE-2021-33929
CVE-2021-33930 CVE-2021-33938 CVE-2021-35942
CVE-2021-36084 CVE-2021-36085 CVE-2021-36086
CVE-2021-36087 CVE-2021-37750 CVE-2021-42574
CVE-2021-43267 CVE-2021-43527
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.2.10 General
Availability release images, which provide one or more container updates
and bug fixes.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score,
which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments.

Clusters and applications are all visible and managed from a single console
— with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which provide security fixes, bug fixes and
container upgrades. See the following Release Notes documentation, which
will be updated shortly for this release, for additional details about this
release:

  https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Security fixes:

* CVE-2021-3795 semver-regex: inefficient regular expression complexity

* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of
CVE-2019-10747

Related bugs:

* RHACM 2.2.10 images (Bugzilla #2013652)

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important instructions on how to upgrade your cluster and fully apply this
asynchronous errata update:

  https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

For details on how to apply this update, refer to:

  https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

4. Bugs fixed (  https://bugzilla.redhat.com/):

2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity
2013652 - RHACM 2.2.10 images

5. References:

  https://access.redhat.com/security/cve/CVE-2018-20673
  https://access.redhat.com/security/cve/CVE-2019-5827
  https://access.redhat.com/security/cve/CVE-2019-13750
  https://access.redhat.com/security/cve/CVE-2019-13751
  https://access.redhat.com/security/cve/CVE-2019-17594
  https://access.redhat.com/security/cve/CVE-2019-17595
  https://access.redhat.com/security/cve/CVE-2019-18218
  https://access.redhat.com/security/cve/CVE-2019-19603
  https://access.redhat.com/security/cve/CVE-2019-20838
  https://access.redhat.com/security/cve/CVE-2020-12762
  https://access.redhat.com/security/cve/CVE-2020-13435
  https://access.redhat.com/security/cve/CVE-2020-14145
  https://access.redhat.com/security/cve/CVE-2020-14155
  https://access.redhat.com/security/cve/CVE-2020-16135
  https://access.redhat.com/security/cve/CVE-2020-24370
  https://access.redhat.com/security/cve/CVE-2020-36385
  https://access.redhat.com/security/cve/CVE-2021-3200
  https://access.redhat.com/security/cve/CVE-2021-3426
  https://access.redhat.com/security/cve/CVE-2021-3445
  https://access.redhat.com/security/cve/CVE-2021-3572
  https://access.redhat.com/security/cve/CVE-2021-3580
  https://access.redhat.com/security/cve/CVE-2021-3733
  https://access.redhat.com/security/cve/CVE-2021-3778
  https://access.redhat.com/security/cve/CVE-2021-3795
  https://access.redhat.com/security/cve/CVE-2021-3796
  https://access.redhat.com/security/cve/CVE-2021-3800
  https://access.redhat.com/security/cve/CVE-2021-20231
  https://access.redhat.com/security/cve/CVE-2021-20232
  https://access.redhat.com/security/cve/CVE-2021-20266
  https://access.redhat.com/security/cve/CVE-2021-20271
  https://access.redhat.com/security/cve/CVE-2021-20317
  https://access.redhat.com/security/cve/CVE-2021-22876
  https://access.redhat.com/security/cve/CVE-2021-22898
  https://access.redhat.com/security/cve/CVE-2021-22925
  https://access.redhat.com/security/cve/CVE-2021-22946
  https://access.redhat.com/security/cve/CVE-2021-22947
  https://access.redhat.com/security/cve/CVE-2021-23440
  https://access.redhat.com/security/cve/CVE-2021-23840
  https://access.redhat.com/security/cve/CVE-2021-23841
  https://access.redhat.com/security/cve/CVE-2021-27645
  https://access.redhat.com/security/cve/CVE-2021-28153
  https://access.redhat.com/security/cve/CVE-2021-33560
  https://access.redhat.com/security/cve/CVE-2021-33574
  https://access.redhat.com/security/cve/CVE-2021-33928
  https://access.redhat.com/security/cve/CVE-2021-33929
  https://access.redhat.com/security/cve/CVE-2021-33930
  https://access.redhat.com/security/cve/CVE-2021-33938
  https://access.redhat.com/security/cve/CVE-2021-35942
  https://access.redhat.com/security/cve/CVE-2021-36084
  https://access.redhat.com/security/cve/CVE-2021-36085
  https://access.redhat.com/security/cve/CVE-2021-36086
  https://access.redhat.com/security/cve/CVE-2021-36087
  https://access.redhat.com/security/cve/CVE-2021-37750
  https://access.redhat.com/security/cve/CVE-2021-42574
  https://access.redhat.com/security/cve/CVE-2021-43267
  https://access.redhat.com/security/cve/CVE-2021-43527
  https://access.redhat.com/security/updates/classification/#low

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.

Fedora 35 Update: libopenmpt-0.5.14-1.fc35

ALSA-2021:4903 Critical: nss security update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...