(RHSA-2023:6200) Important: Multicluster Engine for Kubernetes 2.1.9 security updates and bug fixes

2023-10-3017:23:32

access.redhat.com

multicluster engine

kubernetes 2.1.9

security updates

bug fixes

centralized management

red hat openshift

container platform

cve-2023-44487

ddos attack

cve-2023-39325

cve-2023-39321

cve-2023-39319

cve-2023-39318

cve-2023-39322

7.4 High

AI Score

Confidence

Low

0.732 High

EPSS

Percentile

98.1%

JSON

The multicluster engine for Kubernetes operator 2.1.9 images

The multicluster engine for Kubernetes operator provides the foundational components that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.

Security fix(es):
CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack
CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work
CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
CVE-2023-39319 golang: html/template: improper handling of special tags within script contexts
CVE-2023-39318 golang: html/template: improper handling of HTML-like comments within script contexts
CVE-2023-39322 golang: crypto/tls: lack of a limit on buffered post-handshake