-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Gatekeeper Operator v0.2 security fixes and enhancements
Advisory ID:       RHSA-2023:4475-01
Product:           Red Hat ACM
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4475
Issue date:        2023-08-03
CVE Names:         CVE-2020-24736 CVE-2022-36227 CVE-2023-1667 
                   CVE-2023-2283 CVE-2023-3089 CVE-2023-26604 
                   CVE-2023-27535 
=====================================================================

1. Summary:

Gatekeeper Operator v0.2 security fixes and enhancements

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include bug
fixes and container upgrades.

Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security fix(es):

* CVE-2023-3089 openshift: OCP & FIPS mode

3. Solution:

IMPORTANT: This release removes `PodSecurityPolicy` resource references, a
deprecated Kubernetes construct, from the operator. Gatekeeper constraints
based on the resource may no longer work.

The Gatekeeper operator that is installed by the Gatekeeper operator policy
has `installPlanApproval` set to `Automatic`. This setting means the
operator is upgraded automatically when there is a new version of the
operator. No further action is required for upgrade. If you changed the
setting to `Manual`, then you must view each cluster to manually approve
the upgrade to the operator.

4. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJkzAz/AAoJENzjgjWX9erEndsP/ifzKa5y3lM6GfDXmENg56du
KQliejD5fDaVz+FJOcvzbqrSdjPV5yLsyM0G3CEWxYUvV0CXNnefkF9/cDzyXT4D
kcGjGlJaM1SFg7eLI9T9rz5CLVwQi7Va/fBIxLhmDlW3gc7M2k2UmuGKHHQUFFuF
uSSTMP4M3ygXComOEs2gLJkBA+PXkRRg+p0uS9+40fiPWZKIScjrDsous702uSGu
ynITaReQJfegN7Thv6IAuZ7iJxIJKYTjYPOgU3Mj9p1jAR2a7MUWCYdxwmTnfmkV
W1flnlAOVZcdRniOiLlj7bN3wnHFvNjyHbeWBCE205abg2EPZvjj9lPNCdkcPLSc
OHcfIG+I22GMfkIwHCE+WsCRtpoBvERfn2fC5up+ghmI1nTqX1Bna7wGh9+KnHxk
bQZvJxXZx+7S1HO/OUjqDwaTP0vHuFfPjwEzWuVNtbuUxJhhLurUInOSG9FEqxsy
m7piV7q/GgXxIJnD/mt3izseINRtrm/2iz6UDipcpGi4TeaoPMhene2vv40k9tGA
ezT2pyzsQnJVQesVHtWmNjNYzbpbAcYU5OO4Stt29l51uz1cbA+Rg8q8BM9MjpHT
9ueMyZn47SJaGXZCLToHiJ1JbuDMcsErBH9lBnOsAehEImD2NTDMs01H+PFlFzAX
8nDmKe1nqsDI7ca0SwEC
=JlO4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce