exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-1081-01

Red Hat Security Advisory 2022-1081-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1081-01 - Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23177, CVE-2021-28153, CVE-2021-31566, CVE-2021-3200, CVE-2021-33560, CVE-2021-3445, CVE-2021-3521, CVE-2021-3580, CVE-2021-36084
SHA-256 | 35e0984360562b4b8fbf9fe40fae589355479f6f0de58360c9bbc860cb6a290e

Red Hat Security Advisory 2022-1081-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes
Advisory ID: RHSA-2022:1081-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081
Issue date: 2022-03-28
CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751
CVE-2019-17594 CVE-2019-17595 CVE-2019-18218
CVE-2019-19603 CVE-2019-20838 CVE-2020-12762
CVE-2020-13435 CVE-2020-14155 CVE-2020-16135
CVE-2020-24370 CVE-2021-3200 CVE-2021-3445
CVE-2021-3521 CVE-2021-3580 CVE-2021-3712
CVE-2021-3800 CVE-2021-3999 CVE-2021-20231
CVE-2021-20232 CVE-2021-22876 CVE-2021-22898
CVE-2021-22925 CVE-2021-23177 CVE-2021-28153
CVE-2021-31566 CVE-2021-33560 CVE-2021-36084
CVE-2021-36085 CVE-2021-36086 CVE-2021-36087
CVE-2021-42574 CVE-2021-43565 CVE-2022-23218
CVE-2022-23219 CVE-2022-23308 CVE-2022-23806
CVE-2022-24407
====================================================================
1. Summary:

Gatekeeper Operator v0.2

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include
security updates, and container upgrades.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security updates:

* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

* golang: crypto/elliptic IsOnCurve returns true for invalid field elements
(CVE-2022-23806)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

The requirements to apply the upgraded images are different whether or not
you
used the operator. Complete the following steps, depending on your
installation:

- - Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
`installPlanApproval` set to `Automatic`. This setting means the operator
will
be upgraded automatically when there is a new version of the operator. No
further action is required for upgrade. If you changed the setting for
`installPlanApproval` to `manual`, then you must view each cluster to
manually
approve the upgrade to the operator.

- - Upgrade gatekeeper without the operator:
The gatekeeper version is specified as part of the Gatekeeper CR in the
gatekeeper operator policy. To upgrade the gatekeeper version:
a) Determine the latest version of gatekeeper by visiting:
https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.
b) Click the tag dropdown, and find the latest static tag. An example tag
is
'v3.3.0-1'.
c) Edit the gatekeeper operator policy and update the image tag to use the
latest static tag. For example, you might change this line to image:
'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.

Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/
for additional information.

4. Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements

5. References:

https://access.redhat.com/security/cve/CVE-2019-5827
https://access.redhat.com/security/cve/CVE-2019-13750
https://access.redhat.com/security/cve/CVE-2019-13751
https://access.redhat.com/security/cve/CVE-2019-17594
https://access.redhat.com/security/cve/CVE-2019-17595
https://access.redhat.com/security/cve/CVE-2019-18218
https://access.redhat.com/security/cve/CVE-2019-19603
https://access.redhat.com/security/cve/CVE-2019-20838
https://access.redhat.com/security/cve/CVE-2020-12762
https://access.redhat.com/security/cve/CVE-2020-13435
https://access.redhat.com/security/cve/CVE-2020-14155
https://access.redhat.com/security/cve/CVE-2020-16135
https://access.redhat.com/security/cve/CVE-2020-24370
https://access.redhat.com/security/cve/CVE-2021-3200
https://access.redhat.com/security/cve/CVE-2021-3445
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3580
https://access.redhat.com/security/cve/CVE-2021-3712
https://access.redhat.com/security/cve/CVE-2021-3800
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-20231
https://access.redhat.com/security/cve/CVE-2021-20232
https://access.redhat.com/security/cve/CVE-2021-22876
https://access.redhat.com/security/cve/CVE-2021-22898
https://access.redhat.com/security/cve/CVE-2021-22925
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-33560
https://access.redhat.com/security/cve/CVE-2021-36084
https://access.redhat.com/security/cve/CVE-2021-36085
https://access.redhat.com/security/cve/CVE-2021-36086
https://access.redhat.com/security/cve/CVE-2021-36087
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/cve/CVE-2021-43565
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23806
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43
9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG
k7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D
mrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07
+jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr
Ko/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx
ceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q
LimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej
mcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH
vsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK
lYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb
1PnhEG7/jO4=XPu4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close