RHSA-2023:0631: Moderate: RHSA: Submariner 0.14 - bug fix and security updates

First published: Tue Feb 07 2023(Updated: )

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.<br>For more information about Submariner, see the Submariner open source community website at: <a href="https://submariner.io/." target="_blank">https://submariner.io/.</a> This advisory contains bug fixes and enhancements to the Submariner container images.<br>Security fixes:<br><li> CVE-2022-27664 golang: net/<a href="http:" target="_blank">http:</a> handle server errors after sending GOAWAY</li> <li> CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters</li> <li> CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps</li> <li> CVE-2022-41717 golang: net/<a href="http:" target="_blank">http:</a> An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests</li> Bugs addressed:<br><li> subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)</li> <li> [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)</li> <li> Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)</li> <li> submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)</li> <li> Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)</li> <li> unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)</li> <li> [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)</li> <li> Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)</li> <li> RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)</li> <li> Submariner OVN support (ACM-1358)</li> <li> Submariner Azure Console support (ACM-1388)</li> <li> ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)</li> <li> Submariner on disconnected ACM #22000 (ACM-1678)</li> <li> Submariner gateway: Error creating AWS security group if already exists (ACM-2055)</li> <li> Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)</li> <li> The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)</li> <li> The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)</li> <li> Subctl 0.14.0 prints version "vsubctl" (ACM-2132)</li> <li> managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145)</li> <li> Add support of ARO to Submariner deployment (ACM-2150)</li> <li> The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204)</li> <li> Gateway error shown "diagnose all" tests (ACM-2206)</li> <li> Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211)</li> <li> Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)</li> <li> Cannot use submariner with OSP and self signed certs (ACM-2274)</li> <li> Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)</li> <li> Subctl 0.14.1 prints version "devel" (ACM-2482)</li>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2023:0631
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type