- Vulnerability/
- RHSA-2023:1887
RHSA-2023:1887: Critical: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes
First published: Wed Apr 19 2023(Updated: )
Multicluster Engine for Kubernetes 2.2.3 images<br>Multicluster engine for Kubernetes provides the foundational components<br>that are necessary for the centralized management of multiple<br>Kubernetes-based clusters across data centers, public clouds, and private<br>clouds.<br>You can use the engine to create new Red Hat OpenShift Container Platform<br>clusters or to bring existing Kubernetes-based clusters under management by<br>importing them. After the clusters are managed, you can use the APIs that<br>are provided by the engine to distribute configuration based on placement<br>policy.<br>Security fix(es):<br><li> CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability</li> <li> CVE-2023-29017 vm2: Sandbox Escape</li> <li> CVE-2023-29199 vm2: Sandbox Escape</li> <li> CVE-2023-30547 vm2: Sandbox Escape when exception sanitization</li> Jira issue addressed: <br><li> ACM-4346: MCE 2.2.3 images</li>
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2165824
- https://bugzilla.redhat.com/show_bug.cgi?id=2185374
- https://bugzilla.redhat.com/show_bug.cgi?id=2187409
- https://bugzilla.redhat.com/show_bug.cgi?id=2187608
- https://access.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/errata/RHSA-2023:1887 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:1887
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type