-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes Advisory ID: RHSA-2022:6271-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:6271 Issue date: 2022-08-31 CVE Names: CVE-2020-26116 CVE-2020-26137 CVE-2021-3177 CVE-2021-40528 CVE-2022-1012 CVE-2022-1292 CVE-2022-1586 CVE-2022-1729 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-1966 CVE-2022-2068 CVE-2022-2097 CVE-2022-2526 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29154 CVE-2022-29824 CVE-2022-31129 CVE-2022-32206 CVE-2022-32208 CVE-2022-32250 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security fix: * CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS Bug fixes: * Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856) * RHACM 2.3.12 images (BZ# 2101411) 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. References: https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1729 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1966 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYw+LvtzjgjWX9erEAQiH2xAAlonZuJuvD+g1uHZL1CnTKXEuwG3e712o o/5hBwxDePmIVKOCNRLEnTIuUdnCZhFQ+o/mAmAtZWJ0rULPT79vUs96fhCecL6X eJ44HvhzGe1MuC7E7SpDtN7q7hvmANgAExydGTC1tdMq561SLZXQB9GYVsMOLU3D VJa0qgIzRkKACarcJZ8Ms6WcjySMU/pN15NGoERsOrWg9ErXFA4bo5OYjYKjQnW1 lXSK+Rkoxm/waLTEAmVO4nGIW8FKqBrnCgTKF/oXM+bM89NFVux5l3QncCkNby0r VtctViS0HFg1JZbjT3AZsscNhMR6CLa1r07QC3jLi33lO57C6KN7ut+/yqUyc7Ej hu4pmmrWZv3e4bJtTAcFwrbhH5caY1SE+RLmz82LRELOdmyRpeN+SMMHLcK0UUhI SAx7H3mGP48VUV4Jb6hL7opqelzewWxPPJHaccrlGBFWFf0YwuOpeZs6qxwIFxsC dHEIxMUjdqUwF97gp1kYE5kNN9N853LXI2ogUJc1qkmdUKvl3aSUJskfYOy2IWmF 2RaWZ76fbVWvs90IkSENDhMnjYT9h/ucABXnYvUbGd9DtTXmch05aVaeYV6V5p90 P4CDNjn4pd7LxcRe/JA0X+0/sfhxDpHkpRHIz/YiZL1/v693Gois2bInswh5/tuT k1eYrvaiMO8= =V1pA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce