exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-1081-01

Red Hat Security Advisory 2022-1081-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1081-01 - Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23177, CVE-2021-28153, CVE-2021-31566, CVE-2021-3200, CVE-2021-33560, CVE-2021-3445, CVE-2021-3521, CVE-2021-3580, CVE-2021-36084
SHA-256 | 35e0984360562b4b8fbf9fe40fae589355479f6f0de58360c9bbc860cb6a290e

Red Hat Security Advisory 2022-1081-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes
Advisory ID: RHSA-2022:1081-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081
Issue date: 2022-03-28
CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751
CVE-2019-17594 CVE-2019-17595 CVE-2019-18218
CVE-2019-19603 CVE-2019-20838 CVE-2020-12762
CVE-2020-13435 CVE-2020-14155 CVE-2020-16135
CVE-2020-24370 CVE-2021-3200 CVE-2021-3445
CVE-2021-3521 CVE-2021-3580 CVE-2021-3712
CVE-2021-3800 CVE-2021-3999 CVE-2021-20231
CVE-2021-20232 CVE-2021-22876 CVE-2021-22898
CVE-2021-22925 CVE-2021-23177 CVE-2021-28153
CVE-2021-31566 CVE-2021-33560 CVE-2021-36084
CVE-2021-36085 CVE-2021-36086 CVE-2021-36087
CVE-2021-42574 CVE-2021-43565 CVE-2022-23218
CVE-2022-23219 CVE-2022-23308 CVE-2022-23806
CVE-2022-24407
====================================================================
1. Summary:

Gatekeeper Operator v0.2

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include
security updates, and container upgrades.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security updates:

* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

* golang: crypto/elliptic IsOnCurve returns true for invalid field elements
(CVE-2022-23806)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

The requirements to apply the upgraded images are different whether or not
you
used the operator. Complete the following steps, depending on your
installation:

- - Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
`installPlanApproval` set to `Automatic`. This setting means the operator
will
be upgraded automatically when there is a new version of the operator. No
further action is required for upgrade. If you changed the setting for
`installPlanApproval` to `manual`, then you must view each cluster to
manually
approve the upgrade to the operator.

- - Upgrade gatekeeper without the operator:
The gatekeeper version is specified as part of the Gatekeeper CR in the
gatekeeper operator policy. To upgrade the gatekeeper version:
a) Determine the latest version of gatekeeper by visiting:
https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.
b) Click the tag dropdown, and find the latest static tag. An example tag
is
'v3.3.0-1'.
c) Edit the gatekeeper operator policy and update the image tag to use the
latest static tag. For example, you might change this line to image:
'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.

Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/
for additional information.

4. Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements

5. References:

https://access.redhat.com/security/cve/CVE-2019-5827
https://access.redhat.com/security/cve/CVE-2019-13750
https://access.redhat.com/security/cve/CVE-2019-13751
https://access.redhat.com/security/cve/CVE-2019-17594
https://access.redhat.com/security/cve/CVE-2019-17595
https://access.redhat.com/security/cve/CVE-2019-18218
https://access.redhat.com/security/cve/CVE-2019-19603
https://access.redhat.com/security/cve/CVE-2019-20838
https://access.redhat.com/security/cve/CVE-2020-12762
https://access.redhat.com/security/cve/CVE-2020-13435
https://access.redhat.com/security/cve/CVE-2020-14155
https://access.redhat.com/security/cve/CVE-2020-16135
https://access.redhat.com/security/cve/CVE-2020-24370
https://access.redhat.com/security/cve/CVE-2021-3200
https://access.redhat.com/security/cve/CVE-2021-3445
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3580
https://access.redhat.com/security/cve/CVE-2021-3712
https://access.redhat.com/security/cve/CVE-2021-3800
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-20231
https://access.redhat.com/security/cve/CVE-2021-20232
https://access.redhat.com/security/cve/CVE-2021-22876
https://access.redhat.com/security/cve/CVE-2021-22898
https://access.redhat.com/security/cve/CVE-2021-22925
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-33560
https://access.redhat.com/security/cve/CVE-2021-36084
https://access.redhat.com/security/cve/CVE-2021-36085
https://access.redhat.com/security/cve/CVE-2021-36086
https://access.redhat.com/security/cve/CVE-2021-36087
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/cve/CVE-2021-43565
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23806
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43
9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG
k7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D
mrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07
+jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr
Ko/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx
ceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q
LimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej
mcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH
vsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK
lYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb
1PnhEG7/jO4=XPu4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close