- Issued:
- 2023-09-18
- Updated:
- 2023-09-18
RHSA-2023:5206 - Security Advisory
Synopsis
Moderate: RHACS 4.2 enhancement and security update
Type/Severity
Security Advisory: Moderate
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The release of RHACS 4.2 provides these changes:
Security Fix(es):
- stackrox: Missing HTTP security headers allows for clickjacking in web UI (CVE-2023-4958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
New Features
RHACS 4.2 includes the following new features, improvements, and updates:
Platform
- Bring your own PostgreSQL database for RHACS Central (Technology Preview)
- The CORE BPF collection method is now GA
- RHACS Product usage report
- Performance improvements for the Compliance dashboard
Vulnerability management
- Vulnerability scanning support for Registry Mirrors in OpenShift Container Platform
- Configure delegated image scanning in the RHACS portal
- Define new system policies using CVE age or fixability
- On-demand and downloadable CVE report in Vulnerability Management 2.0
- Scanner supports additional operating systems
Network Security
- Improvements to runtime network policy generation
- Build time Network Policy tools (Technology Preview)
- New Listening Endpoints menu in the RHACS portal
- Viewing network policy YAML files from a violation
For notable technical changes, deprecated and removed features, and bug fixes, see the Release Notes.
Solution
To take advantage of the new features, bug fixes, and enhancements in RHACS 4.2, you are advised to upgrade to RHACS 4.2.
Affected Products
- Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
- Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
- Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
Fixes
- BZ - 1990363 - CVE-2023-4958 stackrox: Missing HTTP security headers allows for clickjacking in web UI
- ROX-19688 - Release RHACS 4.2.0
ppc64le
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26 |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e |
| advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1 |
| advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3 |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8 |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a |
s390x
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71 |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663 |
| advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775 |
| advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58 |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413 |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735 |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44 |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe |
x86_64
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658 |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2 |
| advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e |
| advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15 |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3 |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086 |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638 |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
