Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:1328
HistoryMar 14, 2024 - 1:24 p.m.

(RHSA-2024:1328) Moderate: Red Hat Advanced Cluster Management 2.9.3 security and bug fix container updates

2024-03-1413:24:22
access.redhat.com
8
red hat advanced cluster management
kubernetes
security fixes
bug fixes
release notes
jira issues addressed
cve-2023-45142
cve-2023-47108
cve-2024-25620

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.9.3 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/release_notes/

Security fix(es):
CVE-2023-45142 opentelemetry: DoS vulnerability in otelhttp
CVE-2023-47108 opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics
CVE-2024-25620 helm: Dependency management path traversal
CVE-2024-26147 helm: Missing YAML Content Leads To Panic

Jira issues addressed:

  • ACM-8728: Machine Pool scaling doesn’t work for Openstack cluster
  • ACM-8998: Dependency on ConstraintTemplate stuck in Pending state
  • ACM-9123: Trying to upgrade a managed cluster fails with user forbidden errors
  • ACM-9145: Unable to upgrade managed cluster from ACM
  • ACM-9186: search-postgres persists in CrashLoopBackOff while being included in the ACM CR with hugepages enabled
  • ACM-9311: hcp hypershift operator doesn’t support OCP 4.15
  • ACM-9467: [Doc bug] Update adding day2 master to unhealthy cluster procedure doc
  • ACM-9719: log error message when the restore cannot be created
  • ACM-9724: Console Search page flickering on initial loading
  • ACM-9746: Search collector logging excessively
  • ACM-9885: Console initial loading time increases over time [ACM 2.9.z]
  • ACM-9930: A misconfigured PlacementBinding halts root Policy updates
  • ACM-9947: The ACM topology view does not show the correct status when the subscription namespace differs from the resource namespace.

Related

redhat 26
almalinux 5
nessus 89
osv 7
oraclelinux 6
rocky 1
openvas 45
gentoo 1
redos 1
ibm 8
ubuntu 1
fedora 1
ubuntucve 2
nvd 1
prion 2
f5 1
amazon 2
redhat
redhat
(RHSA-2024:0820) Critical: Red Hat Advanced Cluster Management 2.8.5 security and bug fix container updates
2024-02-14 18:14:52
(RHSA-2024:0989) Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates
2024-02-26 16:05:42
(RHSA-2024:0998) Low: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containers
2024-02-27 02:22:10
almalinux
almalinux
Moderate: rpm security update
2024-02-01 00:00:00
Moderate: rpm security update
2024-01-25 00:00:00
Low: openssl security update
2023-12-19 00:00:00
nessus
nessus
RHEL 8 : rpm (RHSA-2024:0647)
2024-02-01 00:00:00
RHEL 9 : rpm (RHSA-2024:0435)
2024-01-25 00:00:00
RHEL 8 : rpm (RHSA-2024:0582)
2024-01-30 00:00:00
osv
osv
Moderate: rpm security update
2024-02-12 20:17:16
Moderate: rpm security update
2024-02-01 00:00:00
Moderate: rpm security update
2024-01-25 00:00:00
oraclelinux
oraclelinux
rpm security update
2024-01-25 00:00:00
rpm security update
2024-02-02 00:00:00
openssl security update
2023-12-18 00:00:00
rocky
rocky
rpm security update
2024-02-12 20:17:16
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1155)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1660)
2024-05-16 00:00:00
Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2024-1157)
2024-02-09 00:00:00
gentoo
gentoo
RPM: Multiple Vulnerabilities
2022-10-31 00:00:00
redos
redos
ROS-20240410-21
2024-04-10 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3
2024-01-30 08:30:04
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to denial of service due to OpenTelemetry go module ( CVE-2023-45142, CVE-2023-47108 )
2024-03-20 17:49:09
Security Bulletin: IBM Maximo Application Suite and IBM Truststore Manager uses urllib3-2.0.4-py3-none-any.whl and urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-45803 and CVE-2023-43804
2024-02-19 10:48:07
ubuntu
ubuntu
OpenSSL vulnerabilities
2024-03-21 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39
2023-11-03 19:01:21
ubuntucve
ubuntucve
CVE-2023-5678
2023-11-06 00:00:00
CVE-2023-3817
2023-07-31 00:00:00
nvd
nvd
CVE-2023-5678
2023-11-06 16:15:42
prion
prion
Design/Logic Flaw
2023-11-06 16:15:00
Design/Logic Flaw
2023-07-31 16:15:00
f5
f5
K000138242 : OpenSSL vulnerability CVE-2023-5678
2024-01-17 00:00:00
amazon
amazon
Medium: openssl11
2023-11-29 22:19:00
Medium: openssl
2023-11-29 23:18:00

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON
Related for RHSA-2024:1328
redhat26almalinux5nessus89osv7oraclelinux6rocky1openvas45gentoo1redos1ibm8ubuntu1fedora1ubuntucve2nvd1prion2f51amazon2