Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1843
ACS 4.3 enhancement and security update
28 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ACS 4.3
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2019-25210 CVE-2024-26147 CVE-2023-49569
Original Bulletin:
https://access.redhat.com/errata/RHSA-2024:1549
Comment: CVSS (Max): 8.1 CVE-2023-49569 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: ACS 4.3 enhancement and security update
Advisory ID: RHSA-2024:1549
Product: RHACS 4.3 for RHEL 8
Advisory URL: https://access.redhat.com/errata/RHSA-2024:1549
Issue date: 2024-03-27
CVE Names: CVE-2019-25210 CVE-2023-49569 CVE-2024-26147
=====================================================================
1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes bug and security fixes.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
2. Relevant releases/architectures:
RHACS 4.3 for RHEL 8 - amd64, ppc64le, s390x
3. Description:
This release of RHACS 4.3.6 provides the following bug fix:
* Fixed an issue where an incorrectly configured Jira notifier causes the
Central component of RHACS to enter a crash loop
It provides the following security fixes:
* go-git: Maliciously crafted Git server replies can lead to path traversal and
RCE on go-git clients (CVE-2023-49569)
* helm: Missing YAML content leads to panic (CVE-2024-26147)
* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
4. Solution:
If you are using an earlier version of RHACS 4.3, you are advised to upgrade to
patch release 4.3.6.
5. Bugs fixed (https://bugzilla.redhat.com/):
2268201 - CVE-2019-25210 - helm: shows secrets with --dry-run option in clear
text
2258143 - CVE-2023-49569 - go-git: Maliciously crafted Git server replies can
lead to path traversal and RCE on go-git clients
2265440 - CVE-2024-26147 - helm: Missing YAML Content Leads To Panic
6. Package List:
RHACS 4.3 for RHEL 8
3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:736e3e62434ec2a5839d49
b343543eaa7ccb20711e6165e0bb158c82e74b2cbc_s390x:
advanced-cluster-security/rhacs-central-db-rhel8@sha256:736e3e62434ec2a5839d49b3
43543eaa7ccb20711e6165e0bb158c82e74b2cbc_s390x.rpm
3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:91cdf66dc5d25146583cf8
84a3ccebe2103f1a3796033b821079b132ee1a4079_amd64:
advanced-cluster-security/rhacs-central-db-rhel8@sha256:91cdf66dc5d25146583cf884
a3ccebe2103f1a3796033b821079b132ee1a4079_amd64.rpm
3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ef866fef476c2c3ba1288
feb26efc396ccc59bf85825cffd9ce28e541115d4b_ppc64le:
advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ef866fef476c2c3ba1288fe
b26efc396ccc59bf85825cffd9ce28e541115d4b_ppc64le.rpm
3:advanced-cluster-security/rhacs-collector-rhel8@sha256:686ad91f440de57326855aa
496f83deb40cbaf2095eec1a20eb1c8024a1f3879_s390x:
advanced-cluster-security/rhacs-collector-rhel8@sha256:686ad91f440de57326855aa49
6f83deb40cbaf2095eec1a20eb1c8024a1f3879_s390x.rpm
3:advanced-cluster-security/rhacs-collector-rhel8@sha256:a6748d3781ec5cef0492864
6aed6eeb6d13f9552cb0978bc513968de03d04693_amd64:
advanced-cluster-security/rhacs-collector-rhel8@sha256:a6748d3781ec5cef04928646a
ed6eeb6d13f9552cb0978bc513968de03d04693_amd64.rpm
3:advanced-cluster-security/rhacs-collector-rhel8@sha256:d83a8ed415a0af5f5e1b92b
d7eba83c94418f068c87aee3a2a6c0aa2f70cdb1c_ppc64le:
advanced-cluster-security/rhacs-collector-rhel8@sha256:d83a8ed415a0af5f5e1b92bd7
eba83c94418f068c87aee3a2a6c0aa2f70cdb1c_ppc64le.rpm
3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:12e2005d9402116dd7
40f2c0bece212fc17a319862d84780d9d491cdc563e83c_s390x:
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:12e2005d9402116dd740
f2c0bece212fc17a319862d84780d9d491cdc563e83c_s390x.rpm
3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4b2bbb4058d5924128
1a66bfb93f7828991c5947cc82b63812e67a2c17533824_amd64:
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4b2bbb4058d59241281a
66bfb93f7828991c5947cc82b63812e67a2c17533824_amd64.rpm
3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6a9d0b641d5c5583a1
d0a8bc2ab6cf70210d09506640e0f3910214b0abeed016_ppc64le:
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6a9d0b641d5c5583a1d0
a8bc2ab6cf70210d09506640e0f3910214b0abeed016_ppc64le.rpm
3:advanced-cluster-security/rhacs-main-rhel8@sha256:10eeb829065e404a5232a9a4d33f
238556958e03b827d3c88dbb7a859d20a3d6_amd64:
advanced-cluster-security/rhacs-main-rhel8@sha256:10eeb829065e404a5232a9a4d33f23
8556958e03b827d3c88dbb7a859d20a3d6_amd64.rpm
3:advanced-cluster-security/rhacs-main-rhel8@sha256:6cd8653ccb833a2175c5fb691ca1
718a66b9885304cc15bbf14db789e17baffd_ppc64le:
advanced-cluster-security/rhacs-main-rhel8@sha256:6cd8653ccb833a2175c5fb691ca171
8a66b9885304cc15bbf14db789e17baffd_ppc64le.rpm
3:advanced-cluster-security/rhacs-main-rhel8@sha256:90818fa0d83c71c7312964b559ba
57637f6684d3956280e616608a3384a18df9_s390x:
advanced-cluster-security/rhacs-main-rhel8@sha256:90818fa0d83c71c7312964b559ba57
637f6684d3956280e616608a3384a18df9_s390x.rpm
3:advanced-cluster-security/rhacs-operator-bundle@sha256:355567de35493ef1122e8a6
0385828c98ba62272aaf60d4ab6336466418ec6c9_amd64:
advanced-cluster-security/rhacs-operator-bundle@sha256:355567de35493ef1122e8a603
85828c98ba62272aaf60d4ab6336466418ec6c9_amd64.rpm
3:advanced-cluster-security/rhacs-operator-bundle@sha256:3fcd7214658eefa2ee8df68
fa84468b88c6f967c2685de7b1dcf51ead3bd3384_s390x:
advanced-cluster-security/rhacs-operator-bundle@sha256:3fcd7214658eefa2ee8df68fa
84468b88c6f967c2685de7b1dcf51ead3bd3384_s390x.rpm
3:advanced-cluster-security/rhacs-operator-bundle@sha256:59317dcd8a520e3840ac191
c634ec808339e7ac2779652530bbe35d5206a19d3_ppc64le:
advanced-cluster-security/rhacs-operator-bundle@sha256:59317dcd8a520e3840ac191c6
34ec808339e7ac2779652530bbe35d5206a19d3_ppc64le.rpm
3:advanced-cluster-security/rhacs-rhel8-operator@sha256:4068b92d696b38aaf9a5e02d
7286caf3d0b850b445c83f604693e71bd8b99fc1_amd64:
advanced-cluster-security/rhacs-rhel8-operator@sha256:4068b92d696b38aaf9a5e02d72
86caf3d0b850b445c83f604693e71bd8b99fc1_amd64.rpm
3:advanced-cluster-security/rhacs-rhel8-operator@sha256:52055750c7ebac6cc8da8094
476048485f2d588b13e52bc6ae2aeda27e775276_s390x:
advanced-cluster-security/rhacs-rhel8-operator@sha256:52055750c7ebac6cc8da809447
6048485f2d588b13e52bc6ae2aeda27e775276_s390x.rpm
3:advanced-cluster-security/rhacs-rhel8-operator@sha256:cec628e76d2b083fe3bdd063
3fbe9512f93879bac8415a737c5b724daf6aecdc_ppc64le:
advanced-cluster-security/rhacs-rhel8-operator@sha256:cec628e76d2b083fe3bdd0633f
be9512f93879bac8415a737c5b724daf6aecdc_ppc64le.rpm
3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:06fd6c23e567a898abe781090c
28d4fb21c659ecfbc3ab7be67239295979ab62_ppc64le:
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:06fd6c23e567a898abe781090c28
d4fb21c659ecfbc3ab7be67239295979ab62_ppc64le.rpm
3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7e4a97c0ad170ecffcf7880958
0bff38158feca5967f53272848e758aed80577_amd64:
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7e4a97c0ad170ecffcf78809580b
ff38158feca5967f53272848e758aed80577_amd64.rpm
3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b684f6d10a29563ba568a4a764
498898d60cfe6cd3ffb0baac288bf9103b440d_s390x:
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b684f6d10a29563ba568a4a76449
8898d60cfe6cd3ffb0baac288bf9103b440d_s390x.rpm
3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3dba7e060bd7940b58e64d
df9d5fcfa8295161bbd9ae685f75b4a98a652f0060_amd64:
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3dba7e060bd7940b58e64ddf
9d5fcfa8295161bbd9ae685f75b4a98a652f0060_amd64.rpm
3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6f9bcb1ef6528a8fb81d8d
1dfa82afbcc736a7e3d92750bf3d26aaf3fa8d7305_ppc64le:
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6f9bcb1ef6528a8fb81d8d1d
fa82afbcc736a7e3d92750bf3d26aaf3fa8d7305_ppc64le.rpm
3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4cbc0724e42f3e788a6d
e15af4e41ae85492bc230e01ea67b6954a08bad41c_s390x:
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4cbc0724e42f3e788a6de1
5af4e41ae85492bc230e01ea67b6954a08bad41c_s390x.rpm
3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:01dbb08c96001b533
59e40ca056250cf3a2a601885f85164a8471960284332e2_ppc64le:
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:01dbb08c96001b53359
e40ca056250cf3a2a601885f85164a8471960284332e2_ppc64le.rpm
3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:08ff0cc9c396ab776
4d79c1749cbaadd09cf9f2d947f8559d9a122a54c9e7cb8_amd64:
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:08ff0cc9c396ab7764d
79c1749cbaadd09cf9f2d947f8559d9a122a54c9e7cb8_amd64.rpm
3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3253ba914c3e0b7a2
d50d2881b475bbf4b2e78800ba590fef3a0d3c9f91ec55f_s390x:
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3253ba914c3e0b7a2d5
0d2881b475bbf4b2e78800ba590fef3a0d3c9f91ec55f_s390x.rpm
3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:5b6b617e4a2af756b1e41ba19
8f6d89b89b38bb00fc7836ab7ac7bda16628edf_amd64:
advanced-cluster-security/rhacs-scanner-rhel8@sha256:5b6b617e4a2af756b1e41ba198f
6d89b89b38bb00fc7836ab7ac7bda16628edf_amd64.rpm
3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:9e0be36291581bd67c9e0ed2f
1c204cfff143b8f37bb2d83a7e2e64901f174bd_ppc64le:
advanced-cluster-security/rhacs-scanner-rhel8@sha256:9e0be36291581bd67c9e0ed2f1c
204cfff143b8f37bb2d83a7e2e64901f174bd_ppc64le.rpm
3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:a00fa2c64f90bc4f7c6cbc7e2
e6e1eaa72ca249bf25f7f9fb08edbbfad5fbd73_s390x:
advanced-cluster-security/rhacs-scanner-rhel8@sha256:a00fa2c64f90bc4f7c6cbc7e2e6
e1eaa72ca249bf25f7f9fb08edbbfad5fbd73_s390x.rpm
3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:26e9cc34a94311d16688
6604f9ad021b70cfc10b1b6033b0146d4a8c41fc0053_ppc64le:
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:26e9cc34a94311d1668866
04f9ad021b70cfc10b1b6033b0146d4a8c41fc0053_ppc64le.rpm
3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8d99d2b7f487b201f8b2
2b4cd208bd8708bd4024a8b71cda0a857352d8fa9519_amd64:
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8d99d2b7f487b201f8b22b
4cd208bd8708bd4024a8b71cda0a857352d8fa9519_amd64.rpm
3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a65370286ed1706fbc57
b93ed628c3deea455cf0b9d68e84af1f3fd6dc3d7a5d_s390x:
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a65370286ed1706fbc57b9
3ed628c3deea455cf0b9d68e84af1f3fd6dc3d7a5d_s390x.rpm
7. References:
https://access.redhat.com/security/cve/CVE-2019-25210
https://access.redhat.com/security/cve/CVE-2023-49569
https://access.redhat.com/security/cve/CVE-2024-26147
https://access.redhat.com/security/updates/classification/#critical
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================