First published: Mon Sep 26 2022(Updated: )
Red Hat Advanced Cluster Management for Kubernetes 2.4.6 images<br>Red Hat Advanced Cluster Management for Kubernetes provides the<br>capabilities to address common challenges that administrators and site<br>reliability engineers face as they work across a range of public and<br>private cloud environments. Clusters and applications are all visible and<br>managed from a single console—with security policy built in.<br>This advisory contains the container images for Red Hat Advanced Cluster<br>Management for Kubernetes, which fix several security issues and several bugs. See the following<br>Release Notes documentation, which will be updated shortly for this<br>release, for additional details about this release:<br><a href="https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/</a> Security fixes:<br><li> golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)</li> <li> moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)</li> <li> nodejs16: CRLF injection in node-undici (CVE-2022-31150)</li> <li> nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151)</li> <li> vm2: Sandbox Escape in vm2 (CVE-2022-36067)</li> Bug fixes:<br><li> RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)</li> <li> vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766)</li> <li> cluster update status is stuck, also update is not even visible (BZ# 2079418)</li> <li> Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486)</li> <li> Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490)</li> <li> ACM Console Becomes Unusable After a Time (BZ# 2097464)</li> <li> RHACM 2.4.6 images (BZ# 2100613)</li> <li> Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436)</li> <li> ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495)</li>
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Advanced Cluster Management |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2022:6696 is classified as important and requires timely attention.
You can fix RHSA-2022:6696 by updating to the latest version of Red Hat Advanced Cluster Management for Kubernetes.
RHSA-2022:6696 addresses multiple vulnerabilities that could affect system stability and security.
Yes, RHSA-2022:6696 specifically affects Red Hat Advanced Cluster Management for Kubernetes version 2.4.6.
No official workarounds are provided for RHSA-2022:6696, so it is recommended to apply the updates.