Issued:: 2023-04-18
Updated:: 2023-04-18

RHBA-2023:1850 - Bug Fix Advisory

Overview
Updated Images

Synopsis

RHBA: Submariner 0.13 - bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Submariner 0.13 packages that fix various bugs that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Description

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

This advisory contains bug fixes and enhancements to the Submariner container images.

Security fixes:

CVE-2023-0286: openssl: X.400 address type confusion in X.509 GeneralName
CVE-2022-4304: openssl: timing attack in RSA Decryption implementation
CVE-2023-0215: openssl: use-after-free following BIO_new_NDEF
CVE-2022-4450: openssl: double free after calling PEM_read_bio_ex

Jira issues addressed:

ACM-2226: Build Submariner 0.13.3
ACM-2435: Verify Submariner with OCP 4.12
ACM-2821: Submariner does not support cluster "kube-proxy ipvs mode"

Solution

For details on how to install Submariner, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console

and

https://submariner.io/getting-started/

Affected Products

Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64

Fixes

BZ - 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName
BZ - 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation
BZ - 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF
BZ - 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex
ACM-3430 - [ACM 2.6.5] Submariner: OpenShift 4.12 on Azure platform unable to create a gateway node
ACM-3605 - [ACM 2.6.5] Submariner Gateway was not created for cluster-set with 19 chars
ACM-3734 - Build Submariner 0.13.4

CVEs

References

(none)

aarch64

rhacm2/lighthouse-agent-rhel8@sha256:e6bdb2770873eae6c5e0b95b264b31f4bc07ba624344e2021b30f3f59127321b

rhacm2/lighthouse-coredns-rhel8@sha256:c8131c20e574017c62fe75b7e6327625e8d407c5390635403dc65903c6fe9067

rhacm2/nettest-rhel8@sha256:5e5493675ef15a98f9e4a7eba152cc16b215936df6a680803759ddc9176f52f7

rhacm2/subctl-rhel8@sha256:5c0e32baa3cc06388ffd9cb1d1330156e453fbe6d9db5f8063e0802301613ccd

rhacm2/submariner-gateway-rhel8@sha256:4381be4f07d0555d399843386f6adf490cce3978a23c6b5ba761e0bb27e3bb27

rhacm2/submariner-globalnet-rhel8@sha256:6d492bc94eb05d450b458c18d727b02a9938e0933a8b32a08042bf41d0419699

rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5e197aed2105cbdea1ce270abb9423de20bdafdba3a1a7bd59314c51b1d31f97

rhacm2/submariner-operator-bundle@sha256:38a9db18ef76f1b56dcceee3df09b3d23c1df3b7ea62639365f072d5a5c9739f

rhacm2/submariner-rhel8-operator@sha256:39d486598a44752ed53b2cfa48b5d382049dcd4df65ba853f802b52eeca8a490

rhacm2/submariner-route-agent-rhel8@sha256:9112564dfc96ec10b308cc6291b63d2041c9358ce5c0f4ca0ccc86bac805e232

ppc64le

rhacm2/lighthouse-agent-rhel8@sha256:31166ddf3ef138dfd25f07a3ff0a49fba54e0c1cd06119a1f04ceb2d0f4027c8

rhacm2/lighthouse-coredns-rhel8@sha256:a3e44ae158d3e97a7d391991e9161fe8f68e73c4cb7ce9eb387e4d5f3914e8d5

rhacm2/nettest-rhel8@sha256:38fc54ca46fe5a5a7326770d86bec317bce89bbad3a1c7f8aede38b0c39700e1

rhacm2/subctl-rhel8@sha256:ff41e9c5e02bf7cf28bf719d98a3d0d0a878bfaf20155c98a556c8ff83f7a1a5

rhacm2/submariner-gateway-rhel8@sha256:1d0e02b8db7106b8e931356d714fcff39986e29e20ea90c8acf657fbcc8f7f56

rhacm2/submariner-globalnet-rhel8@sha256:be21450e4f8a741ddcda88807a7821ef90e05be6dcd7a4687faaf7b1b86fc3f7

rhacm2/submariner-networkplugin-syncer-rhel8@sha256:42382de88d0f8f2e0d08ea07e6ea3709f6bb742730b63d8608042176105565c0

rhacm2/submariner-operator-bundle@sha256:a410a11e5c99203f3930851a698940f4e90516c225328c2f0a09068d56fa079c

rhacm2/submariner-rhel8-operator@sha256:49b77ecfc1ce05b2cc346d72e73124e71d5f2200f348a1640faaa7ddd7c62f78

rhacm2/submariner-route-agent-rhel8@sha256:f21765217d5be7a07e95f30b5b5e45141c5b1f0cb1ead4629bcb825ec3ed005b

s390x

rhacm2/lighthouse-agent-rhel8@sha256:a615a8103de6d774a49007f4f0e2b5fdb6a32106d596a1e024c1a4813c9923f2

rhacm2/lighthouse-coredns-rhel8@sha256:1d1d07d26ef9c1dc670ecadfeb9947c36f4ff44982988196808ab42bf956ae78

rhacm2/nettest-rhel8@sha256:0dca71633c7b7b85907d69b40699e98f432e22938aaab04f778417401769d9a7

rhacm2/subctl-rhel8@sha256:a40f6aa4de801210743d28235efd9fac26495bb12bacc19277eb579901d1ea4d

rhacm2/submariner-gateway-rhel8@sha256:2d7334a44568eb9c136980c0a27627219ad579f5518942c52ee6def82659ad1d

rhacm2/submariner-globalnet-rhel8@sha256:eff1bd7c675a0211942c40a7b8012ee115e4f6c1b5c4ed8b6ab125ae61d4bcae

rhacm2/submariner-networkplugin-syncer-rhel8@sha256:02932dfdc5cc43c5ed92e18e102b343a4e5ab9f2d1bfb3bda86cad19c304e44c

rhacm2/submariner-operator-bundle@sha256:f63ed67aaeb954f27ac781e1e97be8887bce753d34f420a8ab8b9d9588b14167

rhacm2/submariner-rhel8-operator@sha256:6fb16c299099eb2325f4fabac12abd932c982a2cd6d7bbbf3c0b00bab8be9757

rhacm2/submariner-route-agent-rhel8@sha256:3d8de0212f2ed2545ca165806ea4b1c191b7556900d19af799c7b6dc497cef2f

x86_64

rhacm2/lighthouse-agent-rhel8@sha256:d1d802e2e47503bb8f969a67adbdd5c21cdc572d18b3c28be77ba4ec42a54f3b

rhacm2/lighthouse-coredns-rhel8@sha256:4de2c9cd42bc8d95c69f9c1400a3da112cc3ec539dd0d7d409051eb902e9e47f

rhacm2/nettest-rhel8@sha256:b752520e78549224367d344b2d155388c9ea38d6e89c92b596a1f5a526e10db4

rhacm2/subctl-rhel8@sha256:70e76cc376f839cf46840c7835d2d03f6d26395b8bb05b14eda920fc3c868ac8

rhacm2/submariner-gateway-rhel8@sha256:56fb02f5f2791b5225ca15596630ec39aa287d4e503b8ca9619905b08b3f39ff

rhacm2/submariner-globalnet-rhel8@sha256:c1a5eb2d2a1dc8e49357e6171a768e34823826ea2c96cded1d7bd816058ac741

rhacm2/submariner-networkplugin-syncer-rhel8@sha256:7bc041c13743dba80fe562a0101d0d06821684fefeaef257c54c064f8339a3a4

rhacm2/submariner-operator-bundle@sha256:42146123687da7d8e3043f4bdb2aa4874406bc9bf042feb8aa387f062b229310

rhacm2/submariner-rhel8-operator@sha256:c50d22bef214145c3710c36133a95903f2dc691dc07609bcc6d68f434ffd9829

rhacm2/submariner-route-agent-rhel8@sha256:c8e5f13a9a3aca877ad9ce137f982183aee4fffad0f3cd2bd5ae90c1e7f99dc7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation