what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-1083-01

Red Hat Security Advisory 2022-1083-01
Posted Mar 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-23177, CVE-2021-23566, CVE-2021-31566, CVE-2021-3999, CVE-2021-4154, CVE-2021-45960, CVE-2021-46143, CVE-2022-0144, CVE-2022-0155, CVE-2022-0235, CVE-2022-0261, CVE-2022-0318, CVE-2022-0330, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0536, CVE-2022-0847, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825
SHA-256 | 9442197180deeb5f25977efd08ace4909b97f3f5729b4b0b9f276d27f078ba23

Red Hat Security Advisory 2022-1083-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates
Advisory ID: RHSA-2022:1083-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1083
Issue date: 2022-03-28
CVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154
CVE-2021-23177 CVE-2021-23566 CVE-2021-31566
CVE-2021-45960 CVE-2021-46143 CVE-2022-0144
CVE-2022-0155 CVE-2022-0235 CVE-2022-0261
CVE-2022-0318 CVE-2022-0330 CVE-2022-0359
CVE-2022-0361 CVE-2022-0392 CVE-2022-0413
CVE-2022-0435 CVE-2022-0492 CVE-2022-0516
CVE-2022-0536 CVE-2022-0847 CVE-2022-22822
CVE-2022-22823 CVE-2022-22824 CVE-2022-22825
CVE-2022-22826 CVE-2022-22827 CVE-2022-22942
CVE-2022-23218 CVE-2022-23219 CVE-2022-23308
CVE-2022-23852 CVE-2022-25235 CVE-2022-25236
CVE-2022-25315
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.3.8 General
Availability release images, which provide security and container updates.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security updates:

* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

* nodejs-shelljs: improper privilege management (CVE-2022-0144)

* follow-redirects: Exposure of Private Personal Information to an
Unauthorized Actor (CVE-2022-0155)

* node-fetch: exposure of sensitive information to an unauthorized actor
(CVE-2022-0235)

* follow-redirects: Exposure of Sensitive Information via Authorization
Header leak (CVE-2022-0536)

Bug fix:

* RHACM 2.3.8 images (Bugzilla #2062316)

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on how to upgrade your cluster and fully apply this
asynchronous
errata update:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

4. Bugs fixed (https://bugzilla.redhat.com/):

2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2062316 - RHACM 2.3.8 images

5. References:

https://access.redhat.com/security/cve/CVE-2021-0920
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-4154
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-23566
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-45960
https://access.redhat.com/security/cve/CVE-2021-46143
https://access.redhat.com/security/cve/CVE-2022-0144
https://access.redhat.com/security/cve/CVE-2022-0155
https://access.redhat.com/security/cve/CVE-2022-0235
https://access.redhat.com/security/cve/CVE-2022-0261
https://access.redhat.com/security/cve/CVE-2022-0318
https://access.redhat.com/security/cve/CVE-2022-0330
https://access.redhat.com/security/cve/CVE-2022-0359
https://access.redhat.com/security/cve/CVE-2022-0361
https://access.redhat.com/security/cve/CVE-2022-0392
https://access.redhat.com/security/cve/CVE-2022-0413
https://access.redhat.com/security/cve/CVE-2022-0435
https://access.redhat.com/security/cve/CVE-2022-0492
https://access.redhat.com/security/cve/CVE-2022-0516
https://access.redhat.com/security/cve/CVE-2022-0536
https://access.redhat.com/security/cve/CVE-2022-0847
https://access.redhat.com/security/cve/CVE-2022-22822
https://access.redhat.com/security/cve/CVE-2022-22823
https://access.redhat.com/security/cve/CVE-2022-22824
https://access.redhat.com/security/cve/CVE-2022-22825
https://access.redhat.com/security/cve/CVE-2022-22826
https://access.redhat.com/security/cve/CVE-2022-22827
https://access.redhat.com/security/cve/CVE-2022-22942
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23852
https://access.redhat.com/security/cve/CVE-2022-25235
https://access.redhat.com/security/cve/CVE-2022-25236
https://access.redhat.com/security/cve/CVE-2022-25315
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYkIo2dzjgjWX9erEAQhzdRAApzusRXUC+F2IeIQYZGDmY0HErMJjF6P8
NqLzhtVqzqrZB++i3JbWHcGR2SPKAPfyDrPBDYUH8l/BRVdjta5a50D6TX+D5nxl
CQLiApm2/m67F8hRHZCVL8CdorXUiV15lacbUMdfpuEKL6xuKM7bafBLBqUojdyA
T/hYI6se1bcO848DFW3lIft8wsQhvkxdJB4MUx73DhaTU6OpOb1rbokEOsGMEf7r
rAHsEqsa0HXELBGnYrOfo9iBqXxCdbRHzqfHnsjIFegq6mTabjWi6q+95KFOmT5s
z5mym/smRxFlchAjNonna4MiJCX4ko0wBdL5Dis7ZbjEF+f92TLaHElBczvKB695
hMK8ujF7/p+mHl44PSyQw3uDzIAqGH3aZJBUggeJ1ECueUu/FdRNbsQW7L8OX0i6
Aryhgxi2TS7MgfUPQJ1gz2oPa9wZHGtibczYuOIGFTTLNG/5+oZRfgxqn8kTQWhR
1lTGMAHbkrW2++5ZCbksrGVJZXxQWwaKq9HpofAzlAngTEBo2Xf1BCKN05/ZWZmO
0PopgYCzlWkZVnCSbXAyFnYg1lm5BgHA9PKEG+w1+6klG6YN1T2EPlPFQrDNfoka
K7ieQGJGafmME/Rd70Sz1F1NW+tkDgvRjQ60A59fIDmN99tDzpQEp/DkUgFwXGzZ
Frbe7GnlRyc=
=hLEP
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close