Red Hat Security Advisory 2023-3297-01 – Torchsec
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates
Advisory ID: RHSA-2023:3297-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3297
Issue date: 2023-05-24
CVE Names: CVE-2022-36227 CVE-2023-0361 CVE-2023-22490
CVE-2023-23946 CVE-2023-25652 CVE-2023-25815
CVE-2023-27535 CVE-2023-29007 CVE-2023-32313
CVE-2023-32314
=====================================================================
1. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General
Availability release images, which fix security issues and update container
images.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
2. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/
Security fix(es):
* CVE-2023-32314 vm2: Sandbox Escape
* CVE-2023-32313 vm2: Inspect Manipulation
3. Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation, which will be updated shortly for this release, for
important
instructions on installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html-single/install/index#installing
4. Bugs fixed (https://bugzilla.redhat.com/):
2208376 - CVE-2023-32314 vm2: Sandbox Escape
2208377 - CVE-2023-32313 vm2: Inspect Manipulation
5. References:
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-22490
https://access.redhat.com/security/cve/CVE-2023-23946
https://access.redhat.com/security/cve/CVE-2023-25652
https://access.redhat.com/security/cve/CVE-2023-25815
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/cve/CVE-2023-29007
https://access.redhat.com/security/cve/CVE-2023-32313
https://access.redhat.com/security/cve/CVE-2023-32314
https://access.redhat.com/security/updates/classification/#critical
6. Contact:
The Red Hat security contact is
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZG5wNtzjgjWX9erEAQhtig//Z/qbgBp0IoWqglFZ5bkFe1AAvUQYHDrT
6iuglIY5Lmi71ezBt4DEqEs0pZjJ4u3dm/ikQxyg3AuBNGtcRkxI3hNJMia3uKYW
jsCP8oBPGnsyQ/f9IiupbYScEula3pl50yu3CvXQNtG5hcNbIDU1HctlVeOH9VOi
ZTYB+7Lfw39ENh4EArkz7wUP8Vg2oE9Pc+pfau+OJQ+NmUX1Uc6kio6UMR8s/qPw
X1e8pl+qDiDIQj6iODF44scLZGbCS5OzrZs8rLn9KpA1Upo6sjStz+H1DnAGkCu5
Nq4xcaif63cS2+mar/6yXMd46vHHUQZc4Nyrgl+IzLeiTy5TfUWKzkNgcd+d09ff
t0nxDN2/wnQTo5h1FhJzdYOwP9CG9t7XjAZvj/CwlrZtw4LBiEpZqhNwuTFqzfRP
EA4GDUNqXEKrDiNXecL/MId+QGcu2lJx/19yENF6csIIMJZzPljtCM5NdRXK2LO8
JJppnE13Pa0HCA9fwVCHgpWbKRi3l95uJrS1XOdJeBhZ8az/ky/TSBqtn9tzd8ih
yDhSZCTYcRmnUfpxzq7c4tZHeeYFVuUSxOCHYTY35YFS2tD5TGOliGCszfl60zYB
Q9hS9VdbiI7wi7+6AaTlYZb4ZkfZ5/DK7ADZeSgFY6CJLWBQidnBKSpG5x6CAqaT
B6U0UG3yYqc=
=WYPq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Gloss