Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1843 ACS 4.3 enhancement and security update 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ACS 4.3 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2019-25210 CVE-2024-26147 CVE-2023-49569 Original Bulletin: https://access.redhat.com/errata/RHSA-2024:1549 Comment: CVSS (Max): 8.1 CVE-2023-49569 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- ===================================================================== Red Hat Security Advisory Synopsis: Critical: ACS 4.3 enhancement and security update Advisory ID: RHSA-2024:1549 Product: RHACS 4.3 for RHEL 8 Advisory URL: https://access.redhat.com/errata/RHSA-2024:1549 Issue date: 2024-03-27 CVE Names: CVE-2019-25210 CVE-2023-49569 CVE-2024-26147 ===================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHACS 4.3 for RHEL 8 - amd64, ppc64le, s390x 3. Description: This release of RHACS 4.3.6 provides the following bug fix: * Fixed an issue where an incorrectly configured Jira notifier causes the Central component of RHACS to enter a crash loop It provides the following security fixes: * go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569) * helm: Missing YAML content leads to panic (CVE-2024-26147) * helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: If you are using an earlier version of RHACS 4.3, you are advised to upgrade to patch release 4.3.6. 5. Bugs fixed (https://bugzilla.redhat.com/): 2268201 - CVE-2019-25210 - helm: shows secrets with --dry-run option in clear text 2258143 - CVE-2023-49569 - go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients 2265440 - CVE-2024-26147 - helm: Missing YAML Content Leads To Panic 6. Package List: RHACS 4.3 for RHEL 8 3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:736e3e62434ec2a5839d49 b343543eaa7ccb20711e6165e0bb158c82e74b2cbc_s390x: advanced-cluster-security/rhacs-central-db-rhel8@sha256:736e3e62434ec2a5839d49b3 43543eaa7ccb20711e6165e0bb158c82e74b2cbc_s390x.rpm 3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:91cdf66dc5d25146583cf8 84a3ccebe2103f1a3796033b821079b132ee1a4079_amd64: advanced-cluster-security/rhacs-central-db-rhel8@sha256:91cdf66dc5d25146583cf884 a3ccebe2103f1a3796033b821079b132ee1a4079_amd64.rpm 3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ef866fef476c2c3ba1288 feb26efc396ccc59bf85825cffd9ce28e541115d4b_ppc64le: advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ef866fef476c2c3ba1288fe b26efc396ccc59bf85825cffd9ce28e541115d4b_ppc64le.rpm 3:advanced-cluster-security/rhacs-collector-rhel8@sha256:686ad91f440de57326855aa 496f83deb40cbaf2095eec1a20eb1c8024a1f3879_s390x: advanced-cluster-security/rhacs-collector-rhel8@sha256:686ad91f440de57326855aa49 6f83deb40cbaf2095eec1a20eb1c8024a1f3879_s390x.rpm 3:advanced-cluster-security/rhacs-collector-rhel8@sha256:a6748d3781ec5cef0492864 6aed6eeb6d13f9552cb0978bc513968de03d04693_amd64: advanced-cluster-security/rhacs-collector-rhel8@sha256:a6748d3781ec5cef04928646a ed6eeb6d13f9552cb0978bc513968de03d04693_amd64.rpm 3:advanced-cluster-security/rhacs-collector-rhel8@sha256:d83a8ed415a0af5f5e1b92b d7eba83c94418f068c87aee3a2a6c0aa2f70cdb1c_ppc64le: advanced-cluster-security/rhacs-collector-rhel8@sha256:d83a8ed415a0af5f5e1b92bd7 eba83c94418f068c87aee3a2a6c0aa2f70cdb1c_ppc64le.rpm 3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:12e2005d9402116dd7 40f2c0bece212fc17a319862d84780d9d491cdc563e83c_s390x: advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:12e2005d9402116dd740 f2c0bece212fc17a319862d84780d9d491cdc563e83c_s390x.rpm 3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4b2bbb4058d5924128 1a66bfb93f7828991c5947cc82b63812e67a2c17533824_amd64: advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4b2bbb4058d59241281a 66bfb93f7828991c5947cc82b63812e67a2c17533824_amd64.rpm 3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6a9d0b641d5c5583a1 d0a8bc2ab6cf70210d09506640e0f3910214b0abeed016_ppc64le: advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6a9d0b641d5c5583a1d0 a8bc2ab6cf70210d09506640e0f3910214b0abeed016_ppc64le.rpm 3:advanced-cluster-security/rhacs-main-rhel8@sha256:10eeb829065e404a5232a9a4d33f 238556958e03b827d3c88dbb7a859d20a3d6_amd64: advanced-cluster-security/rhacs-main-rhel8@sha256:10eeb829065e404a5232a9a4d33f23 8556958e03b827d3c88dbb7a859d20a3d6_amd64.rpm 3:advanced-cluster-security/rhacs-main-rhel8@sha256:6cd8653ccb833a2175c5fb691ca1 718a66b9885304cc15bbf14db789e17baffd_ppc64le: advanced-cluster-security/rhacs-main-rhel8@sha256:6cd8653ccb833a2175c5fb691ca171 8a66b9885304cc15bbf14db789e17baffd_ppc64le.rpm 3:advanced-cluster-security/rhacs-main-rhel8@sha256:90818fa0d83c71c7312964b559ba 57637f6684d3956280e616608a3384a18df9_s390x: advanced-cluster-security/rhacs-main-rhel8@sha256:90818fa0d83c71c7312964b559ba57 637f6684d3956280e616608a3384a18df9_s390x.rpm 3:advanced-cluster-security/rhacs-operator-bundle@sha256:355567de35493ef1122e8a6 0385828c98ba62272aaf60d4ab6336466418ec6c9_amd64: advanced-cluster-security/rhacs-operator-bundle@sha256:355567de35493ef1122e8a603 85828c98ba62272aaf60d4ab6336466418ec6c9_amd64.rpm 3:advanced-cluster-security/rhacs-operator-bundle@sha256:3fcd7214658eefa2ee8df68 fa84468b88c6f967c2685de7b1dcf51ead3bd3384_s390x: advanced-cluster-security/rhacs-operator-bundle@sha256:3fcd7214658eefa2ee8df68fa 84468b88c6f967c2685de7b1dcf51ead3bd3384_s390x.rpm 3:advanced-cluster-security/rhacs-operator-bundle@sha256:59317dcd8a520e3840ac191 c634ec808339e7ac2779652530bbe35d5206a19d3_ppc64le: advanced-cluster-security/rhacs-operator-bundle@sha256:59317dcd8a520e3840ac191c6 34ec808339e7ac2779652530bbe35d5206a19d3_ppc64le.rpm 3:advanced-cluster-security/rhacs-rhel8-operator@sha256:4068b92d696b38aaf9a5e02d 7286caf3d0b850b445c83f604693e71bd8b99fc1_amd64: advanced-cluster-security/rhacs-rhel8-operator@sha256:4068b92d696b38aaf9a5e02d72 86caf3d0b850b445c83f604693e71bd8b99fc1_amd64.rpm 3:advanced-cluster-security/rhacs-rhel8-operator@sha256:52055750c7ebac6cc8da8094 476048485f2d588b13e52bc6ae2aeda27e775276_s390x: advanced-cluster-security/rhacs-rhel8-operator@sha256:52055750c7ebac6cc8da809447 6048485f2d588b13e52bc6ae2aeda27e775276_s390x.rpm 3:advanced-cluster-security/rhacs-rhel8-operator@sha256:cec628e76d2b083fe3bdd063 3fbe9512f93879bac8415a737c5b724daf6aecdc_ppc64le: advanced-cluster-security/rhacs-rhel8-operator@sha256:cec628e76d2b083fe3bdd0633f be9512f93879bac8415a737c5b724daf6aecdc_ppc64le.rpm 3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:06fd6c23e567a898abe781090c 28d4fb21c659ecfbc3ab7be67239295979ab62_ppc64le: advanced-cluster-security/rhacs-roxctl-rhel8@sha256:06fd6c23e567a898abe781090c28 d4fb21c659ecfbc3ab7be67239295979ab62_ppc64le.rpm 3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7e4a97c0ad170ecffcf7880958 0bff38158feca5967f53272848e758aed80577_amd64: advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7e4a97c0ad170ecffcf78809580b ff38158feca5967f53272848e758aed80577_amd64.rpm 3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b684f6d10a29563ba568a4a764 498898d60cfe6cd3ffb0baac288bf9103b440d_s390x: advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b684f6d10a29563ba568a4a76449 8898d60cfe6cd3ffb0baac288bf9103b440d_s390x.rpm 3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3dba7e060bd7940b58e64d df9d5fcfa8295161bbd9ae685f75b4a98a652f0060_amd64: advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3dba7e060bd7940b58e64ddf 9d5fcfa8295161bbd9ae685f75b4a98a652f0060_amd64.rpm 3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6f9bcb1ef6528a8fb81d8d 1dfa82afbcc736a7e3d92750bf3d26aaf3fa8d7305_ppc64le: advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6f9bcb1ef6528a8fb81d8d1d fa82afbcc736a7e3d92750bf3d26aaf3fa8d7305_ppc64le.rpm 3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4cbc0724e42f3e788a6d e15af4e41ae85492bc230e01ea67b6954a08bad41c_s390x: advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4cbc0724e42f3e788a6de1 5af4e41ae85492bc230e01ea67b6954a08bad41c_s390x.rpm 3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:01dbb08c96001b533 59e40ca056250cf3a2a601885f85164a8471960284332e2_ppc64le: advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:01dbb08c96001b53359 e40ca056250cf3a2a601885f85164a8471960284332e2_ppc64le.rpm 3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:08ff0cc9c396ab776 4d79c1749cbaadd09cf9f2d947f8559d9a122a54c9e7cb8_amd64: advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:08ff0cc9c396ab7764d 79c1749cbaadd09cf9f2d947f8559d9a122a54c9e7cb8_amd64.rpm 3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3253ba914c3e0b7a2 d50d2881b475bbf4b2e78800ba590fef3a0d3c9f91ec55f_s390x: advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3253ba914c3e0b7a2d5 0d2881b475bbf4b2e78800ba590fef3a0d3c9f91ec55f_s390x.rpm 3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:5b6b617e4a2af756b1e41ba19 8f6d89b89b38bb00fc7836ab7ac7bda16628edf_amd64: advanced-cluster-security/rhacs-scanner-rhel8@sha256:5b6b617e4a2af756b1e41ba198f 6d89b89b38bb00fc7836ab7ac7bda16628edf_amd64.rpm 3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:9e0be36291581bd67c9e0ed2f 1c204cfff143b8f37bb2d83a7e2e64901f174bd_ppc64le: advanced-cluster-security/rhacs-scanner-rhel8@sha256:9e0be36291581bd67c9e0ed2f1c 204cfff143b8f37bb2d83a7e2e64901f174bd_ppc64le.rpm 3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:a00fa2c64f90bc4f7c6cbc7e2 e6e1eaa72ca249bf25f7f9fb08edbbfad5fbd73_s390x: advanced-cluster-security/rhacs-scanner-rhel8@sha256:a00fa2c64f90bc4f7c6cbc7e2e6 e1eaa72ca249bf25f7f9fb08edbbfad5fbd73_s390x.rpm 3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:26e9cc34a94311d16688 6604f9ad021b70cfc10b1b6033b0146d4a8c41fc0053_ppc64le: advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:26e9cc34a94311d1668866 04f9ad021b70cfc10b1b6033b0146d4a8c41fc0053_ppc64le.rpm 3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8d99d2b7f487b201f8b2 2b4cd208bd8708bd4024a8b71cda0a857352d8fa9519_amd64: advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8d99d2b7f487b201f8b22b 4cd208bd8708bd4024a8b71cda0a857352d8fa9519_amd64.rpm 3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a65370286ed1706fbc57 b93ed628c3deea455cf0b9d68e84af1f3fd6dc3d7a5d_s390x: advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a65370286ed1706fbc57b9 3ed628c3deea455cf0b9d68e84af1f3fd6dc3d7a5d_s390x.rpm 7. References: https://access.redhat.com/security/cve/CVE-2019-25210 https://access.redhat.com/security/cve/CVE-2023-49569 https://access.redhat.com/security/cve/CVE-2024-26147 https://access.redhat.com/security/updates/classification/#critical - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================