what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-5188-01

Red Hat Security Advisory 2022-5188-01
Posted Jun 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5188-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23222, CVE-2021-25219, CVE-2021-3634, CVE-2021-3672, CVE-2021-3737, CVE-2021-4189, CVE-2022-1154, CVE-2022-1271, CVE-2022-1902
SHA-256 | de99e1a865995c3cb23cb50bcf37b75b678a3a66147e77f88143a4717bf81758
Download | Favorite | View

Red Hat Security Advisory 2022-5188-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: RHACS 3.69 security update
Advisory ID:       RHSA-2022:5188-01
Product:           RHACS
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5188
Issue date:        2022-06-24
CVE Names:         CVE-2018-25032 CVE-2021-3634 CVE-2021-3672 
                   CVE-2021-3737 CVE-2021-4189 CVE-2021-23222 
                   CVE-2021-25219 CVE-2022-1154 CVE-2022-1271 
                   CVE-2022-1902 
=====================================================================

1. Summary:

Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes bug and security fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Release of RHACS 3.69.2

Security Fix(es):

* stackrox: Improper sanitization allows users to retrieve Notifier secrets
from GraphQL API in plaintext (CVE-2022-1902)

3. Solution:

If you are using the RHACS 3.69.1, you are advised to upgrade to patch
release 3.69.2.

4. Bugs fixed (https://bugzilla.redhat.com/):

2090957 - CVE-2022-1902 stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext

5. JIRA issues fixed (https://issues.jboss.org/):

ROX-11455 - Release RHACS 3.69.1
ROX-9657 - Patch supported RHACS images previous to 3.69.0 release to fix RHSA-2022:0658

6. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3634
https://access.redhat.com/security/cve/CVE-2021-3672
https://access.redhat.com/security/cve/CVE-2021-3737
https://access.redhat.com/security/cve/CVE-2021-4189
https://access.redhat.com/security/cve/CVE-2021-23222
https://access.redhat.com/security/cve/CVE-2021-25219
https://access.redhat.com/security/cve/CVE-2022-1154
https://access.redhat.com/security/cve/CVE-2022-1271
https://access.redhat.com/security/cve/CVE-2022-1902
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYrZYRNzjgjWX9erEAQhPrA//UdSV4gFwZdXx+tBvZ2JP3Ea/NcjIYCY+
F7Mi7LO1pOzh767ex8CoUwtbyHzekw0DvnU+2yll6caOriGMqHh7uiicfv2joM4j
cj91kT/euBU2zO5jIy41AQktKTuXPTC4X49ksH4iZPK7r4U/6XTLO7C6bxWDn77o
3lP2lA6kLYSAz6G7cgxvmqndAA4NxRtFMvi3NVmdff/XgP73+0G6mdCmvG+40DIY
EDrnbs+vCbVWMUmxwHMmkJ7YYiSGBCVc1mNezrToFm4SU6vMIy6hcqM4ceqM8QEs
Ge2RGOy1ZxknO+FCZuhAMVwiiBov8aKRyayS/lIYZDcgeN/OrxMzUPSr6Y+YddJA
VZAamwK/OMEn/ThT2PhYrgLc6kKdQY+lB04OfMCim3PVIG97ZKEqNBREMCdyO71Z
pTGtLa4MIkhOSsC4RScev8Byrdk2mVJ1VSZLU9hQyX4uRD3gB2W+uVjkRnWh+Ayg
z+IKp0S77egBhcYS+gvKQei4pwzFfXuOc16W5W+kj0SOO8VqMay24DF8nZMfGmq3
jp0ILeDbwSHmSpzQrldStEaq+G5AxWYL098W1bYFkJHi7BtqqNlyR9C43R3JcK85
EINKkP/EuInujEqdrxAH7Kl+iFwg7is2MXUJgR6WCFwVQ23IQPd2Ha28OJugPTBs
CjfQEy2oGBc=
=Dg4w
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    38 Files
  • 24
    Sep 24th
    65 Files
  • 25
    Sep 25th
    24 Files
  • 26
    Sep 26th
    26 Files
  • 27
    Sep 27th
    39 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close