RHSA-2025:1331: Important: Gatekeeper v3.17.1
First published: Tue Feb 11 2025(Updated: )
Gatekeeper v3.17.1<br>Starting in v3.17.1, users can specify a `containerArguments` list of names<br>and values for both the audit and webhook configurations to be passed to<br>the respective deployment. These will be ignored if the argument has<br>already been set by the operator or specifies an argument listed in the<br>deny list.<br>Starting in v3.17.1, the following namespaces are exempt from admission<br>control:<br><li> kube-*</li> <li> multicluster-engine</li> <li> hypershift</li> <li> hive</li> <li> rhacs-operator</li> <li> open-cluster-*</li> <li> openshift-*</li> To disable the default exempt namespaces, set the namespaces you want on<br>the object.<br>Security fix(es):<br><li> golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback might cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)</li> <li> golang.org/x/net/html: Non-linear parsing of case-insensitive content in</li> golang.org/x/net/html (CVE-2024-45338)<br>Additional Release Notes:<br><li> v3.17.0: </li> <a href="https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.17.0" target="_blank">https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.17.0</a> <li> v3.17.1: </li> <a href="https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.17.1" target="_blank">https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.17.1</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Gatekeeper |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2025:1331 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2331720
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122
- https://issues.redhat.com/browse/HYPBLD-545
- https://access.redhat.com/security/updates/classification/#important
- https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.17.0
- https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.17.1
- agent/severity
- agent/source
- agent/type
- collector/redhat-errata-latest
- source/Red Hat
- anchor-id/RHSA-2025:1331
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/redhat-errata
- agent/remedy
- agent/title
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/red hat
- canonical/red hat gatekeeper