(RHSA-2022:6370) Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix security issues and several bugs. See the following Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fixes:

• CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

• CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

• CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header

• CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions

• CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip

• CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

• CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

• CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

• CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

• CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode

• CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

Bug fixes:

• assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)

• assisted-service-build image is too big in size (BZ# 2066059)

• assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)

• PXE artifacts need to be served via HTTP (BZ# 2078531)

• Implementing new service-agent protocol on agent side (BZ# 2081281)

• RHACM 2.6.0 images (BZ# 2090906)

• Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)

• Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)

• Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)

• Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)

• The pre-selected search keyword is not readable (BZ# 2107736)

• The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)