exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01
Posted Aug 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-2828, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-3089, CVE-2023-32681, CVE-2023-34969, CVE-2023-37903
SHA-256 | ac69f472969b30a30d818388809905d1aa907326f3cbbab1d0d441f5f823fd3d

Red Hat Security Advisory 2023-4650-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes
Advisory ID: RHSA-2023:4650-01
Product: multicluster engine for Kubernetes
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4650
Issue date: 2023-08-14
CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283
CVE-2023-2602 CVE-2023-2603 CVE-2023-2828
CVE-2023-3089 CVE-2023-27536 CVE-2023-28321
CVE-2023-28484 CVE-2023-29469 CVE-2023-32681
CVE-2023-34969 CVE-2023-37903 CVE-2023-38408
=====================================================================

1. Summary:

Multicluster Engine for Kubernetes 2.2.7 General Availability release
images, which provide security updates and fix bugs.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Multicluster Engine for Kubernetes 2.2.7 images

Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.

Security fix(es):
* CVE-2023-3089 openshift: OCP & FIPS mode
* CVE-2023-37903 vm2: custom inspect function allows attackers to escape
the sandbox and run arbitrary code

3. Solution:

For information and instructions for these updates, see the following
article: https://access.redhat.com/solutions/7022540.

For multicluster engine for Kubernetes, see the following documentation for
details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/clusters/cluster_mce_overview#installing-while-connected-online-mce

4. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-2828
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-27536
https://access.redhat.com/security/cve/CVE-2023-28321
https://access.redhat.com/security/cve/CVE-2023-28484
https://access.redhat.com/security/cve/CVE-2023-29469
https://access.redhat.com/security/cve/CVE-2023-32681
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/cve/CVE-2023-37903
https://access.redhat.com/security/cve/CVE-2023-38408
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oyOAAoJENzjgjWX9erES9IP/ia7OvrxHKrr9Y/vEtjWONNe
FuAcQnXYC+Z353sjLypA9aPb92zLkk6gdDlAASl5jJyJSCu8ArnDJbbuEsLTuDB4
7hpgyy+IE/0U1fCy4TaF87kRBjPHfPbyrlEJe2lpTJFFqPNxUXbDN1SMRB162cAN
ZVdhxbRbNKIo4B+dwmHG6S71qOlYYeD0ju9aRDQhFGlGKEj5JYFc2meFNdkE/07x
ah575UrYN2jtC0fepWPUny9EDotEtuYGAKyE7M5O+gHdNu5aBCCiizjcjZRgfX6a
FRRYuVrvE7qKjs6Z7/XAlUta1ut/LVUE0H+yAM8wLnLe0KcFVXgSeCe5+BX2IdrY
wtQ81kQqimqCuqugNNhILTJZvYfie6rxPsozJEycKwsAyHMzEnEJCToIdnroClX0
JzbZ9pypxzBRRxfe862GrXJ592rbsJJQFGNQgoOB+tsiOmbBQCDAOnCq3ZLIaBx8
NsBxcshlDlI7MnDgJz2+tN+nnMWK88tuR+4zI8iOqZlxxMQQshxJchTs+3ZckNwR
84rffOay80r6VwsUU4+p099CaNj3pI8VzzkLSQn7dZAOuK+L1NEc8TyAEAOHAMNi
lm/gDUy469tnGFHuJFi23ZAbyCLk5NTBLa0OvzqkuLQ4NqWzgI/n1YID9NxGISsY
Ne55NzOKyUQAul8Ktg5F
=Uuh2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close