Lucene search

K
redhatRedHatRHSA-2023:0631
HistoryFeb 07, 2023 - 4:35 p.m.

(RHSA-2023:0631) Moderate: RHSA: Submariner 0.14 - bug fix and security updates

2023-02-0716:35:37
access.redhat.com
17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.1%

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

This advisory contains bug fixes and enhancements to the Submariner container images.

Security fixes:

  • CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
  • CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
  • CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
  • CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Bugs addressed:

  • subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
  • [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
  • Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
  • submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
  • Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
  • unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
  • [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
  • Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
  • RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
  • Submariner OVN support (ACM-1358)
  • Submariner Azure Console support (ACM-1388)
  • ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
  • Submariner on disconnected ACM #22000 (ACM-1678)
  • Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
  • Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
  • The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
  • The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
  • Subctl 0.14.0 prints version “vsubctl” (ACM-2132)
  • managedclusters “local-cluster” not found and missing Submariner Broker CRD (ACM-2145)
  • Add support of ARO to Submariner deployment (ACM-2150)
  • The e2e tests execution fails for “Basic TCP connectivity” tests (ACM-2204)
  • Gateway error shown “diagnose all” tests (ACM-2206)
  • Submariner does not support cluster “kube-proxy ipvs mode”(ACM-2211)
  • Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
  • Cannot use submariner with OSP and self signed certs (ACM-2274)
  • Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
  • Subctl 0.14.1 prints version “devel” (ACM-2482)

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.1%