-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3176
   Red Hat Advanced Cluster Security for Kubernetes 3.73 security update
                                5 June 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat Advanced Cluster Security for Kubernetes 3.73
Publisher:         Red Hat
Operating System:  Red Hat
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-27535 CVE-2023-24540 CVE-2023-2491
                   CVE-2023-0361 CVE-2022-36227 CVE-2022-2795

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2023:3379

Comment: CVSS (Max):  7.8 CVE-2023-2491 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
         CVSS Source: Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update
Advisory ID:       RHSA-2023:3379-01
Product:           Red Hat Advanced Cluster Security for Kubernetes
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3379
Issue date:        2023-05-31
CVE Names:         CVE-2022-2795 CVE-2022-36227 CVE-2023-0361 
                   CVE-2023-2491 CVE-2023-24540 CVE-2023-27535 
=====================================================================

1. Summary:

Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes security fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

This release of RHACS includes a fix for CVE-2023-24540 by building RHACS
with updated Golang.

3. Solution:

If you are using an earlier version of RHACS 3.73, you are advised to
upgrade to patch release 3.73.5.

4. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

5. JIRA issues fixed (https://issues.redhat.com/):

ROX-17406 - Release RHACS 3.73.5

6. References:

https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-2491
https://access.redhat.com/security/cve/CVE-2023-24540
https://access.redhat.com/security/cve/CVE-2023-27535
https://docs.openshift.com/acs/3.73/release_notes/373-release-notes.html
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZHsDwtzjgjWX9erEAQi1Jg/9GRib0hiTt3nUfBw9k3ZW5M6hxBx93tuO
3LDo+bSFX0SjYkAPMrON+B6OvTkH1shLaVQN7XCVnZLzvKhR0JW6ssrLdM/0+JPN
BZ8L2HPTQnW1LWULcdJdEtXvQvFDceZSnppQnGB5UTwodFchy2u993todguPauYY
QNdTLuwkUNcuQwtqRe0wPBPoArM8qQvKa75FonV73twyf/OPsVfxZ7hnpqILH1rG
xLQCxUrYfr6Y68lqUXx36aGjSBXvALu8FcwrQms8BPR9SX3CPAr72HM5vzJ80Vc4
pfYxGXN1zrU7FgYdJHaKuumdWR4qx2PqnWiVGeZape5MWezMHfJZo/AbYheQY8eL
Bz558bKDKFRRXZgjruEwVAxzFgaGfeIHQNDbMFP+8BsYV5TkDAWcrDI0kInpjxvH
Tx/5jzl4QyRAAWQ9MJ/tsIQbc+KN+11biyj+n/j6uYv5oCsJmg4CLhCVQQe567YY
LdDxUBmH81v9WkRPa6uqOvqSBJYG6OFx9XAFLu2jjqVquwZ3qq+e2C6YbCWPZQ43
J9xhBpeby4EDkn9Vc1anUpxvmRmSQULAnZDg0bZygifaSaRcQjQZmPtGRDaeuZ/D
MlfynsBFMmeKrn8znn3JYTsiYnM7aMPPEBwp46Wj4oToPMFHhg0aVebqnwaoyVEs
UbUTcby9rGk=
=kgmy
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZH1FXskNZI30y1K9AQi3gxAAsJ5AniIQRihw2X8OsYq2hu9aX7wisjbg
BpEswPCTTnvMHaVA3LlVNbcLnN+gI5oM/9/jeLlM0CHsCL/km4aLEO+W7XQU65S3
8b/xYpKMN1nzdbE98d4nafFlM5WgdEnaK84PhsEhFYm1aNmBafu9wEIkda0luMfm
0uyQt8cVpa+CbrcVYHb6cAmuhHiUewXgYdath0+BqeXIMPQCYohsakSAVWK3IztY
+jjVcHaAGLhYlldlrGiOyZmxRX488srUjADsgHved4mvzrAl5C7Z6+Zt88BP1ZoX
EuqpQ4BphpZRHxQRDc42HHgqDWzX2UZATin5ohQHVv00udazUaam1fTv6cSfWPth
Q5ECFCSstevEf8NKmiMf4DaxbkyOCHRn3/lxLTPc4YuARD6x1eQ/FhkTLgzxPB1j
CxRNnDJ9emyXdBDezItIBJE/IVrLlx1dpzuqL2uBmnrerLX8TmVAnL8+eaubs9Th
GQ1X073MyUKq3LYcP3g2Wy9kAJ7XAw/i3MELTTWO6PYtmECN3jT7KIvlOLLEUbV+
Z/oCoJ7xAm8Fj+yBu8vH81COtGdv5YFyPkmGmeQ14TK9MwQcfz3/dIv/iF4yNUea
D/of+m5qXVVvXJmgoF4GjMNCqmbHuPqk6NHirv2ODVPnz5i92uh/1y7a9/9hG4iP
nH7mtd0eiq8=
=vj0r
-----END PGP SIGNATURE-----