- Issued:
- 2024-02-26
- Updated:
- 2024-02-26
RHSA-2024:0989 - Security Advisory
Synopsis
Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates
Type/Severity
Security Advisory: Critical
Topic
Red Hat Multicluster GlobalHub 1.0.2 General
Availability release images, which fix bugs, provide security updates, and update container images.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Description
Red Hat Multicluster GlobalHub 1.0.2 images
This advisory contains the container images for Red Hat Multicluster
GlobalHub, which fix several bugs.
Security fix(es):
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on
go-git clients
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path
traversal and RCE on go-git clients
Solution
See the multicluster global hub product documentation for more information:
Affected Products
- Multicluster Global Hub 1.0 x86_64
Fixes
- BZ - 2258143 - CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
- BZ - 2258165 - CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients
CVEs
aarch64
multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984 |
multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002 |
multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05 |
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626 |
multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030 |
ppc64le
multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10 |
multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f |
multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b |
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79 |
multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5 |
s390x
multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e |
multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb |
multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be |
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30 |
multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41 |
x86_64
multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149 |
multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48 |
multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f |
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1 |
multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.