Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:1168
HistoryApr 12, 2021 - 6:59 p.m.

(RHSA-2021:1168) Important: Red Hat Advanced Cluster Management 2.2.2 security and bug fix update

2021-04-1218:59:09
access.redhat.com
59

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Security Fix(es):

  • fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)

  • fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

  • nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)

  • go-slug: partial protection against zip slip attacks (CVE-2020-29529)

  • nodejs-lodash: command injection via template (CVE-2021-23337)

  • openssl: integer overflow in CipherUpdate (CVE-2021-23840)

  • openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528)

  • Importing of cluster fails due to error/typo in generated command (BZ#1936642)

  • RHACM 2.2.2 images (BZ#1938215)

  • 2.2 clusterlifecycle fails to allow provision fips: true clusters on aws, vsphere (BZ#1941778)

Related

oraclelinux 17
nessus 96
redhat 27
almalinux 3
osv 9
ubuntu 4
gentoo 1
cloudfoundry 2
virtuozzo 1
centos 2
cloudlinux 1
slackware 1
ibm 24
photon 1
suse 1
altlinux 2
amazon 1
freebsd_advisory 1
mageia 2
debian 2
rocky 1
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2021-04-07 00:00:00
Unbreakable Enterprise kernel-container security update
2021-03-18 00:00:00
Unbreakable Enterprise kernel-container security update
2021-03-17 00:00:00
nessus
nessus
RHEL 8 : kernel-rt (RHSA-2021:1081)
2021-04-07 00:00:00
RHEL 8 : kernel (RHSA-2021:1093)
2021-04-07 00:00:00
AlmaLinux 8 : kernel (ALSA-2021:1093)
2022-02-09 00:00:00
redhat
redhat
(RHSA-2021:1081) Important: kernel-rt security and bug fix update
2021-04-06 13:30:32
(RHSA-2021:1093) Important: kernel security, bug fix, and enhancement update
2021-04-06 13:33:17
(RHSA-2021:1369) Moderate: Red Hat Advanced Cluster Management 2.1.6 security and bug fix updates
2021-04-26 11:51:14
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2021-04-06 13:33:17
Moderate: openssl security and bug fix update
2021-11-09 09:21:13
Moderate: edk2 security, bug fix, and enhancement update
2021-11-09 08:37:02
osv
osv
Important: kernel security, bug fix, and enhancement update
2021-04-06 13:33:17
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2021-03-29 16:52:26
linux, linux-lts-xenial vulnerabilities
2021-03-25 03:09:57
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2021-04-06 00:00:00
Linux kernel vulnerabilities
2021-03-25 00:00:00
Linux kernel vulnerabilities
2021-03-29 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2021-03-31 00:00:00
cloudfoundry
cloudfoundry
USN-4883-1: Linux kernel vulnerabilities | Cloud Foundry
2021-04-14 00:00:00
USN-4738-1: OpenSSL vulnerabilities | Cloud Foundry
2021-03-02 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 125.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2021-04-05 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-04-10 17:09:38
openssl security update
2021-11-17 14:51:29
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-27364, CVE-2021-27363, CVE-2021-27365
2021-09-21 22:01:04
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2021-03-14 04:08:15
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products
2021-07-28 20:40:18
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 17:56:50
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.
2023-02-14 21:04:36
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0375
2021-03-27 00:00:00
suse
suse
Security update for openssl-1_0_0 (moderate)
2021-03-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1j-alt1
2021-03-17 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1j-alt1
2021-03-12 00:00:00
amazon
amazon
Medium: openssl
2021-02-23 20:18:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-21:17.openssl
2021-08-24 00:00:00
mageia
mageia
Updated openssl and compat-openssl10 packages fix security vulnerabilities
2021-03-04 19:53:32
Updated openssl packages fix security vulnerability
2021-04-05 18:54:07
debian
debian
[SECURITY] [DLA 2565-1] openssl1.0 security update
2021-02-18 18:10:13
[SECURITY] [DLA 2563-1] openssl security update
2021-02-18 12:11:49
rocky
rocky
edk2 security, bug fix, and enhancement update
2021-11-09 08:37:02

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON
Related for RHSA-2021:1168
oraclelinux17nessus96redhat27almalinux3osv9ubuntu4gentoo1cloudfoundry2virtuozzo1centos2cloudlinux1slackware1ibm24photon1suse1altlinux2amazon1freebsd_advisory1mageia2debian2rocky1