Red Hat 8933 Published by

A Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates has been released.



RHSA-2023:3326-01: Critical: Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates



=====================================================================
Red Hat Security Advisory

Synopsis: Critical: Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates
Advisory ID: RHSA-2023:3326-01
Product: Red Hat ACM
Advisory URL:   https://access.redhat.com/errata/RHSA-2023:3326
Issue date: 2023-05-25
CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656
CVE-2022-1462 CVE-2022-1679 CVE-2022-1789
CVE-2022-2196 CVE-2022-2663 CVE-2022-3028
CVE-2022-3239 CVE-2022-3522 CVE-2022-3524
CVE-2022-3564 CVE-2022-3566 CVE-2022-3567
CVE-2022-3619 CVE-2022-3623 CVE-2022-3625
CVE-2022-3627 CVE-2022-3628 CVE-2022-3707
CVE-2022-3970 CVE-2022-4129 CVE-2022-20141
CVE-2022-25265 CVE-2022-30594 CVE-2022-35252
CVE-2022-36227 CVE-2022-39188 CVE-2022-39189
CVE-2022-41218 CVE-2022-41674 CVE-2022-42703
CVE-2022-42720 CVE-2022-42721 CVE-2022-42722
CVE-2022-43552 CVE-2022-43750 CVE-2022-47929
CVE-2023-0361 CVE-2023-0394 CVE-2023-0461
CVE-2023-1195 CVE-2023-1582 CVE-2023-1999
CVE-2023-22490 CVE-2023-23454 CVE-2023-23946
CVE-2023-25652 CVE-2023-25815 CVE-2023-27535
CVE-2023-28856 CVE-2023-29007 CVE-2023-32313
CVE-2023-32314
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General
Availability release images, which fix security issues and update container
images.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

  https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security Fix(es):
* CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command
* CVE-2023-32314 vm2: Sandbox Escape
* CVE-2023-32313 vm2: Inspect Manipulation

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following
documentation for details on how to install the images:

  https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

4. Bugs fixed (  https://bugzilla.redhat.com/):

2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command
2208376 - CVE-2023-32314 vm2: Sandbox Escape
2208377 - CVE-2023-32313 vm2: Inspect Manipulation

5. References:

  https://access.redhat.com/security/cve/CVE-2021-26341
  https://access.redhat.com/security/cve/CVE-2021-33655
  https://access.redhat.com/security/cve/CVE-2021-33656
  https://access.redhat.com/security/cve/CVE-2022-1462
  https://access.redhat.com/security/cve/CVE-2022-1679
  https://access.redhat.com/security/cve/CVE-2022-1789
  https://access.redhat.com/security/cve/CVE-2022-2196
  https://access.redhat.com/security/cve/CVE-2022-2663
  https://access.redhat.com/security/cve/CVE-2022-3028
  https://access.redhat.com/security/cve/CVE-2022-3239
  https://access.redhat.com/security/cve/CVE-2022-3522
  https://access.redhat.com/security/cve/CVE-2022-3524
  https://access.redhat.com/security/cve/CVE-2022-3564
  https://access.redhat.com/security/cve/CVE-2022-3566
  https://access.redhat.com/security/cve/CVE-2022-3567
  https://access.redhat.com/security/cve/CVE-2022-3619
  https://access.redhat.com/security/cve/CVE-2022-3623
  https://access.redhat.com/security/cve/CVE-2022-3625
  https://access.redhat.com/security/cve/CVE-2022-3627
  https://access.redhat.com/security/cve/CVE-2022-3628
  https://access.redhat.com/security/cve/CVE-2022-3707
  https://access.redhat.com/security/cve/CVE-2022-3970
  https://access.redhat.com/security/cve/CVE-2022-4129
  https://access.redhat.com/security/cve/CVE-2022-20141
  https://access.redhat.com/security/cve/CVE-2022-25265
  https://access.redhat.com/security/cve/CVE-2022-30594
  https://access.redhat.com/security/cve/CVE-2022-35252
  https://access.redhat.com/security/cve/CVE-2022-36227
  https://access.redhat.com/security/cve/CVE-2022-39188
  https://access.redhat.com/security/cve/CVE-2022-39189
  https://access.redhat.com/security/cve/CVE-2022-41218
  https://access.redhat.com/security/cve/CVE-2022-41674
  https://access.redhat.com/security/cve/CVE-2022-42703
  https://access.redhat.com/security/cve/CVE-2022-42720
  https://access.redhat.com/security/cve/CVE-2022-42721
  https://access.redhat.com/security/cve/CVE-2022-42722
  https://access.redhat.com/security/cve/CVE-2022-43552
  https://access.redhat.com/security/cve/CVE-2022-43750
  https://access.redhat.com/security/cve/CVE-2022-47929
  https://access.redhat.com/security/cve/CVE-2023-0361
  https://access.redhat.com/security/cve/CVE-2023-0394
  https://access.redhat.com/security/cve/CVE-2023-0461
  https://access.redhat.com/security/cve/CVE-2023-1195
  https://access.redhat.com/security/cve/CVE-2023-1582
  https://access.redhat.com/security/cve/CVE-2023-1999
  https://access.redhat.com/security/cve/CVE-2023-22490
  https://access.redhat.com/security/cve/CVE-2023-23454
  https://access.redhat.com/security/cve/CVE-2023-23946
  https://access.redhat.com/security/cve/CVE-2023-25652
  https://access.redhat.com/security/cve/CVE-2023-25815
  https://access.redhat.com/security/cve/CVE-2023-27535
  https://access.redhat.com/security/cve/CVE-2023-28856
  https://access.redhat.com/security/cve/CVE-2023-29007
  https://access.redhat.com/security/cve/CVE-2023-32313
  https://access.redhat.com/security/cve/CVE-2023-32314
  https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.