Red Hat 9052 Published by

A Gatekeeper Operator v0.2 security fixes and enhancements has been released.



[RHSA-2023:4475-01] Moderate: Gatekeeper Operator v0.2 security fixes and enhancements


=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Gatekeeper Operator v0.2 security fixes and enhancements
Advisory ID: RHSA-2023:4475-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4475
Issue date: 2023-08-03
CVE Names: CVE-2020-24736 CVE-2022-36227 CVE-2023-1667
CVE-2023-2283 CVE-2023-3089 CVE-2023-26604
CVE-2023-27535
=====================================================================

1. Summary:

Gatekeeper Operator v0.2 security fixes and enhancements

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include bug
fixes and container upgrades.

Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security fix(es):

* CVE-2023-3089 openshift: OCP & FIPS mode

3. Solution:

IMPORTANT: This release removes `PodSecurityPolicy` resource references, a
deprecated Kubernetes construct, from the operator. Gatekeeper constraints
based on the resource may no longer work.

The Gatekeeper operator that is installed by the Gatekeeper operator policy
has `installPlanApproval` set to `Automatic`. This setting means the
operator is upgraded automatically when there is a new version of the
operator. No further action is required for upgrade. If you changed the
setting to `Manual`, then you must view each cluster to manually approve
the upgrade to the operator.

4. Bugs fixed ( https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is [secalert@redhat.com]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.

--