Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.3176 Red Hat Advanced Cluster Security for Kubernetes 3.73 security update 5 June 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat Advanced Cluster Security for Kubernetes 3.73 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2023-27535 CVE-2023-24540 CVE-2023-2491 CVE-2023-0361 CVE-2022-36227 CVE-2022-2795 Original Bulletin: https://access.redhat.com/errata/RHSA-2023:3379 Comment: CVSS (Max): 7.8 CVE-2023-2491 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update Advisory ID: RHSA-2023:3379-01 Product: Red Hat Advanced Cluster Security for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:3379 Issue date: 2023-05-31 CVE Names: CVE-2022-2795 CVE-2022-36227 CVE-2023-0361 CVE-2023-2491 CVE-2023-24540 CVE-2023-27535 ===================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang. 3. Solution: If you are using an earlier version of RHACS 3.73, you are advised to upgrade to patch release 3.73.5. 4. Bugs fixed (https://bugzilla.redhat.com/): 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 5. JIRA issues fixed (https://issues.redhat.com/): ROX-17406 - Release RHACS 3.73.5 6. References: https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-27535 https://docs.openshift.com/acs/3.73/release_notes/373-release-notes.html https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZHsDwtzjgjWX9erEAQi1Jg/9GRib0hiTt3nUfBw9k3ZW5M6hxBx93tuO 3LDo+bSFX0SjYkAPMrON+B6OvTkH1shLaVQN7XCVnZLzvKhR0JW6ssrLdM/0+JPN BZ8L2HPTQnW1LWULcdJdEtXvQvFDceZSnppQnGB5UTwodFchy2u993todguPauYY QNdTLuwkUNcuQwtqRe0wPBPoArM8qQvKa75FonV73twyf/OPsVfxZ7hnpqILH1rG xLQCxUrYfr6Y68lqUXx36aGjSBXvALu8FcwrQms8BPR9SX3CPAr72HM5vzJ80Vc4 pfYxGXN1zrU7FgYdJHaKuumdWR4qx2PqnWiVGeZape5MWezMHfJZo/AbYheQY8eL Bz558bKDKFRRXZgjruEwVAxzFgaGfeIHQNDbMFP+8BsYV5TkDAWcrDI0kInpjxvH Tx/5jzl4QyRAAWQ9MJ/tsIQbc+KN+11biyj+n/j6uYv5oCsJmg4CLhCVQQe567YY LdDxUBmH81v9WkRPa6uqOvqSBJYG6OFx9XAFLu2jjqVquwZ3qq+e2C6YbCWPZQ43 J9xhBpeby4EDkn9Vc1anUpxvmRmSQULAnZDg0bZygifaSaRcQjQZmPtGRDaeuZ/D MlfynsBFMmeKrn8znn3JYTsiYnM7aMPPEBwp46Wj4oToPMFHhg0aVebqnwaoyVEs UbUTcby9rGk= =kgmy - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZH1FXskNZI30y1K9AQi3gxAAsJ5AniIQRihw2X8OsYq2hu9aX7wisjbg BpEswPCTTnvMHaVA3LlVNbcLnN+gI5oM/9/jeLlM0CHsCL/km4aLEO+W7XQU65S3 8b/xYpKMN1nzdbE98d4nafFlM5WgdEnaK84PhsEhFYm1aNmBafu9wEIkda0luMfm 0uyQt8cVpa+CbrcVYHb6cAmuhHiUewXgYdath0+BqeXIMPQCYohsakSAVWK3IztY +jjVcHaAGLhYlldlrGiOyZmxRX488srUjADsgHved4mvzrAl5C7Z6+Zt88BP1ZoX EuqpQ4BphpZRHxQRDc42HHgqDWzX2UZATin5ohQHVv00udazUaam1fTv6cSfWPth Q5ECFCSstevEf8NKmiMf4DaxbkyOCHRn3/lxLTPc4YuARD6x1eQ/FhkTLgzxPB1j CxRNnDJ9emyXdBDezItIBJE/IVrLlx1dpzuqL2uBmnrerLX8TmVAnL8+eaubs9Th GQ1X073MyUKq3LYcP3g2Wy9kAJ7XAw/i3MELTTWO6PYtmECN3jT7KIvlOLLEUbV+ Z/oCoJ7xAm8Fj+yBu8vH81COtGdv5YFyPkmGmeQ14TK9MwQcfz3/dIv/iF4yNUea D/of+m5qXVVvXJmgoF4GjMNCqmbHuPqk6NHirv2ODVPnz5i92uh/1y7a9/9hG4iP nH7mtd0eiq8= =vj0r -----END PGP SIGNATURE-----