- Issued:
- 2024-12-04
- Updated:
- 2024-12-04
RHSA-2024:10775 - Security Advisory
Synopsis
Moderate: ACS 4.6 enhancement and security update
Type/Severity
Security Advisory: Moderate
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Description
This release of RHACS 4.6 provides these new features:
- Support for ARM architecture in secured clusters (Technology Preview)
- Certifications for Red Hat Advanced Cluster Security Cloud Service
- Compliance reporting (Technology Preview)
- API documentation available publicly
- Visualizing external entities in the network graph (Technology Preview)
- Microsoft Sentinel notifier
- Support for backups using non-AWS S3 compatible providers
- Support for policy as code (Technology Preview)
- Scanner V4 use of CSAF-VEX for vulnerability data
- Scanner V4 support for RHCOS (Technology Preview)
- Vulnerability Management page updates
It includes fixes for the following security issues:
- micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067).
- golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789).
- golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790).
- nodejs-async: Regular expression denial of service while parsing function in autoinject (CVE-2024-39249).
For more information, see the release note link in "References."
Solution
If you are using an earlier version of RHACS, you are advised to upgrade to release 4.6.
Affected Products
- Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
- Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
- Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
- Red Hat Advanced Cluster Security for Kubernetes for ARM 4 aarch64
Fixes
- BZ - 2280601 - CVE-2024-4067 micromatch: vulnerable to Regular Expression Denial of Service
- BZ - 2292668 - CVE-2024-24789 golang: archive/zip: Incorrect handling of certain ZIP files
- BZ - 2292787 - CVE-2024-24790 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
- BZ - 2295035 - CVE-2024-39249 nodejs-async: Regular expression denial of service while parsing function in autoinject
- ROX-27084 - Release RHACS 4.6.0
aarch64
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:accccf410558960ea1949bf17d8e3bb98a1f1d7b6165088176309def03ffb271 |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:9cc946007966b16eee01c45824a7daf2b7d2bb1db408ad6d64fd30fd1bdc2f61 |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:c4611a7cf8006081bc672e260e50f15ec8e3c4faa4996d6a9215c669af6b6666 |
| advanced-cluster-security/rhacs-main-rhel8@sha256:cf8b99d1760198bf0bc3e77bb23ec201800c2569fc0355d4634fa963840ff8de |
| advanced-cluster-security/rhacs-operator-bundle@sha256:77827f14557e3551ef914391d14cf2aaa624a0aea465a6e036d4f8ca59d53495 |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:9f91c362d341560249973b3ed66da156393e0850aafd73e3a19be3890183f9f9 |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:00f58ad77b33bf8c952f8699f09b1d5e04c9b3089c5f3b8fe262172867497a53 |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:617b08e340540731316d860634090f527431b15e56f264abfb4e9dbeb795361e |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d976487b0d8efcc220ca318e2b5126d0b447766b9fce2c808c4f12cac08bce46 |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:e7c29870bddb579967f15916aceb2cbb2c7c43968044626634ba678cbd51896c |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ec7b62242bd63c7cdebb0ca077c7cb9f85316a79b5e697391d0f801b541216eb |
| advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8e11758cdea9c65f38b5d35d85680aeb014a36daf7157d544600ab4cb4f1198c |
| advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a4d475c26cdb753090edfd9548bfb2167a345328d2bcc057ed6518b4efa40b1d |
ppc64le
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c69c805f120c2b1530f770efba0287ff7e81483960290d4ce95bf01932270d0 |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:85764f9dc6dd2b814a972f86288ac8d5bc63b55867d87179d25c4a69d2458cb8 |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b403bc5b07291d817a6c15a675da9abbf89f379c1e59c8f38079b5385ac2758 |
| advanced-cluster-security/rhacs-main-rhel8@sha256:c18eb752209b8f4eb30c496aa90b73f97e7d3c509f545a830bd4a93242f08476 |
| advanced-cluster-security/rhacs-operator-bundle@sha256:1798a96413edf0ff45bb7196f0e0ec82eff490ddec27a7d3dc2fa2820d730186 |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:009cd9ee7d9e3dfaab45915bc69dcc6fd69f9be13b25e84b29c3da239d8f7d96 |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:79f9b5a6aac41130442b1d9bcefc2cb7f54abee4ab3ccb98343088621c6c8c84 |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2e691b947292471de83b26c7e1f9e2b179d1b3010b3909c827a20c0ca32b6210 |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ef5a250eaed8972fafc0eb763c00dc3b9a06370e19e048f6fc4a1c69509deb31 |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:740c0e0fa6a5f282e9b42636d9211dec2dd8303a497ae9e49de312f22c54c809 |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:61ac0d7ebd7305ad66660b610b664588d96c01ce0a3bfef105a828a0e58ad3df |
| advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b79439dc49bd6334941a5587ceccd492058c83e6d93764c647b020f8e64599ad |
| advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a755e11a1d83e793f1c0b2648c2b17dce7642cc79f5d749d74f69f615bb14952 |
s390x
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:77fccea21e5fb788e1b6016d25d2e1fb1f9888223174ec32185879bcc878db30 |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:d131a61e86b20065f7a3f32440e4b761818349a1d3008087e609f30368f172f4 |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ba059270eaa53ec6a3efedbde83359b258abca6f6c5af59ae4edfbe7a2991b9d |
| advanced-cluster-security/rhacs-main-rhel8@sha256:9f3a6d73287984428082e9d812f943db4d339e956081d4f9d24bd9703879030f |
| advanced-cluster-security/rhacs-operator-bundle@sha256:ce4af0d991cbbdaa03ae510cf12f3e9d818368453e35b43c36f3e4156fb0def4 |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:3681347b7d5315b1d18414902f7b3d417c3c257f59b3a0f049475baa2a7ac068 |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:143e97970c10b714ef05fb79ebadca21bfd653e46754bfe79cca099a7219e4b3 |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4cbc4b29b2bff0243a2d3915ce5a535bc5d700bab10eff368c11a99f22b7a395 |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d794332ad5a11ad5de233e93fb18836d6a038c95451ecee7e5de6a8a5fefbb19 |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:e4bfc598d7d0855fee87d52032f2e421af7ea5e82d5072d85ccf72a3fd7d1c23 |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fe2a0ae83029c65cb90847c94e47ef23f1c9278de8c1955c40048909804f9549 |
| advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f75c54ffec58a0799c66d324c81a419ba477310bcd91b39956ad26d8c343045c |
| advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4493b8b108be0dabe32725a4503fb6f7797e8521615138d9ef0ad74670b2734c |
x86_64
| advanced-cluster-security/rhacs-central-db-rhel8@sha256:d37a85996f1c5c97a5e0d626f28caea01b03d5c19aa02b186acda292abf0f405 |
| advanced-cluster-security/rhacs-collector-rhel8@sha256:54cdf6a0441ddd865e1fd1b0cac000d6009c03bb553bd1f3e3d750bed551a86f |
| advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6f7ef589018becd5ddc1ec39d27b6e013d87bf0005e30b423008b058bcdf78 |
| advanced-cluster-security/rhacs-main-rhel8@sha256:751864511f1db57e3bebff4e9afe632ff8f1ad1ee61a70cb0e016325b7afe3dc |
| advanced-cluster-security/rhacs-operator-bundle@sha256:c803494bdb0418d27931a15c79f8cf142ae10ccd0a50d76a10c48219d34c59f4 |
| advanced-cluster-security/rhacs-rhel8-operator@sha256:727a544d5a5080631604e0f2186fdd27168e602c6567bdd9e9e763831b5cf4a3 |
| advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ac1a8f21504f8372e4586179ec28fc08803dfc56314f9d41419b8ec4d1e17426 |
| advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9da3f6ac3f463b52eabd1c9066f2c8f93ec0faf831128cee9c31f2d7b43f236b |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20e8e9d12e1f58ab468b8a577e5b374eb6eb8ee2fa17a0458ca3a2797ef72ecd |
| advanced-cluster-security/rhacs-scanner-rhel8@sha256:771c9316514998b28e8b603b9640fd9a90ba463e537d23f194ddaefdf5325f80 |
| advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c8484bed0dede4b15885597be25df0286f1374f27ab81c7d5384ea66c1d83d01 |
| advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:28064ce37bbf280e08535fda1eb6849252ab5af7edbb3fbfc953abaed5445347 |
| advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:672f141356a813c075131968e6527a6f4458d6900444aaa5877ec6bddea673c3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
