RHSA-2023:4475 - Security Advisory

Topic

Gatekeeper Operator v0.2 security fixes and enhancements

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

Description

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include bug
fixes and container upgrades.

Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security fix(es):

• CVE-2023-3089 openshift: OCP & FIPS mode

Solution

IMPORTANT: This release removes `PodSecurityPolicy` resource references, a deprecated Kubernetes construct, from the operator. Gatekeeper constraints based on the resource may no longer work.

The Gatekeeper operator that is installed by the Gatekeeper operator policy has `installPlanApproval` set to `Automatic`. This setting means the operator is upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting to `Manual`, then you must view each cluster to manually approve the upgrade to the operator.

Affected Products

• Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64

Fixes

• BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

CVEs

• CVE-2020-24736
• CVE-2022-36227
• CVE-2023-1667
• CVE-2023-2283
• CVE-2023-3089
• CVE-2023-26604
• CVE-2023-27535

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-001