Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.0933 RHSA: Submariner 0.13.3 - security updates and bug fixes 16 February 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RHSA: Submariner Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-43680 CVE-2022-42898 CVE-2022-42012 CVE-2022-42011 CVE-2022-42010 CVE-2022-41974 CVE-2022-40674 CVE-2022-40304 CVE-2022-40303 CVE-2022-37434 CVE-2022-35737 CVE-2022-32149 CVE-2022-30699 CVE-2022-30698 CVE-2022-30293 CVE-2022-26719 CVE-2022-26717 CVE-2022-26716 CVE-2022-26710 CVE-2022-26709 CVE-2022-26700 CVE-2022-22662 CVE-2022-22629 CVE-2022-22628 CVE-2022-22624 CVE-2022-3821 CVE-2022-3787 CVE-2022-3775 CVE-2022-3515 CVE-2022-2601 CVE-2022-2509 CVE-2022-1304 CVE-2021-46848 CVE-2020-35527 CVE-2020-35525 CVE-2016-3709 Original Bulletin: https://access.redhat.com/errata/RHSA-2023:0795 Comment: CVSS (Max): 9.8 CVE-2022-3515 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes Advisory ID: RHSA-2023:0795-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:0795 Issue date: 2023-02-15 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2021-46848 CVE-2022-1304 CVE-2022-2509 CVE-2022-2601 CVE-2022-3515 CVE-2022-3775 CVE-2022-3787 CVE-2022-3821 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVE-2022-30698 CVE-2022-30699 CVE-2022-32149 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41974 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 ===================================================================== 1. Summary: Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. This advisory contains bug fixes and enhancements to the Submariner container images. Security fixes: * CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags Bugs addressed: * Build Submariner 0.13.3 (ACM-2226) * Verify Submariner with OCP 4.12 (ACM-2435) * Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821) 3. Solution: For details on how to install Submariner, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console and https://submariner.io/getting-started/ 4. Bugs fixed (https://bugzilla.redhat.com/): 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 5. JIRA issues fixed (https://issues.jboss.org/): ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode" 6. References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41974 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY+14wdzjgjWX9erEAQg+VBAAiiffNuiFJjmFzWkWuJNTUZnhDMxU+Vru gXNpBfqW5UJSC10TNoscMfRhwxfuHwf69w7Eina9mVVk5GrvRTv7UK2cq1bAq7D4 JZugqW3mRmauRy4iRPeH2GhVZxJta7Dvk6zEVRSqJgOXOU8METGJFTCwqgEdXB7x ekCO1d+7sGpVOblV4FoPd9VPaSBjxiaW+SQT9oXsrxYaHKwPL10uqyiXUrg1PhrC bbvLGfZgyTIMWGyyw572PDHUz60jEH1mEHaSe7Y8+fUEV7c6hK1q8U7fufCILyaM UV/Dn9zQpTWS3WbdDdvc6O+XUxTPTI7jfkmr/XGxGo3hG+3Wp+HUky1fJejayiTk HWCtVaXFOtf6jAul2VkXD0Z1gqhVYFQv7TynzZe/6JIDj5TZb6wqaGq6grpgnM3+ jJ+DDC5bM9CRqSFsxYGG/Cd8wpXA5FYFWxtUUmDnjCHIm5nH3iiHNGv5DgTloP92 AwGhHuzmkP+yEqUkGwYX1tB+ynnkhbwTLUOKImgih2aYbvKeGRuRdde+KnHp1bBm Yw6lRdbJGMcuYRc8g/0+33KEmfKeE+usUFJO1Vp1p+j3KIhlpeDFujkM4ywrMsUa zc+4uRPHGprC8+62UuPlNT1U8G7H6xcmZZGKH6OVo+9AEGOkDSEaykQIs/KtE2GS k56b0vf5fmc= =WGSE - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY+2ZmMkNZI30y1K9AQhyRQ/9EijR3x51FVcfxHwgTO5BYmkZYwtZHv6q KoR+1C2OJk19z/2PoAVq1b1mweWmVzdjCMQ4TiQzLEVfiTfckszCrqk7UMqPfpNn D6E3qmj4xZ/XpxlzeJxpD+01ZykFjUJDXjz7e02LahOirjy6Q/LJfFYVWUm77ecS AVlozxL6bMDeLJPIRzI02rjThXeuJAoyzcnNoDEKMwLNOlHqoeLpWzlfrR6jakST 5caP1H0Oaz7PXZ1te/jztoAZ1QUrnd7WNlEg4ujMcOaP8lYbpUaMOzPEScoSBJ7y FGvX2HXSOuC1hHLUMvpJrO+Ovb3TFGOfDCkThLNrIuIVZhvR0FHO3FSAZGngA/2W VZjNG9BeIxjSm1LtPGQFrde5HCd9cfOBwYLI5yVGiGG11huuaalzInEBkQDAm5qO Oa8i0sNyphj2yuz/UManL05BI3EIJKGGi6aLBK3X05dZq762P+F59OP2xSsddwYd pKN6Rl65T3ChUM8+Tx/UpeztKSOdbKVnneMHacf50RGfjIEgC0en3x7twpwlWY+g k/VoWoA/byMofzp8LUh5J/niWF/OwtzaMCzqN523oQAhZhoCzZFbjYRqpVxzB4H+ e5QjIa0mgcLKOWwgVKcnNHx0/7o3MGsNGEQGZMhqvMW2+4KWVDOxy8qH+hrwjbTD dBoOlyIptkM= =YOKd -----END PGP SIGNATURE-----