Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:1321 - Security Advisory
Issued:
2024-03-13
Updated:
2024-03-13

RHSA-2024:1321 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: ACS 4.3 enhancement and security update

Type/Severity

Security Advisory: Moderate

Topic

Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes bug and security fixes.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

This release of RHACS 4.3.5 provides the following bug fix:

  • Fixed an issue where an upgrade to RHACS 4.3 from a previous version caused the Central component to enter a crash loop.

It provides the following security fixes:

  • pgx: SQL Injection via Protocol Message Size Overflow (CVE-2024-27304)
  • pgx: SQL Injection via Line Comment Creation (CVE-2024-27289)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

If you are using an earlier version of RHACS 4.3, you are advised to upgrade to patch release 4.3.5.

Affected Products

  • Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le

Fixes

  • BZ - 2268269 - CVE-2024-27304 pgx: SQL Injection via Protocol Message Size Overflow
  • BZ - 2268465 - CVE-2024-27289 pgx: SQL Injection via Line Comment Creation
  • ROX-23133 - Release RHACS 4.3.5

CVEs

  • CVE-2019-13224
  • CVE-2019-16163
  • CVE-2019-19012
  • CVE-2019-19203
  • CVE-2019-19204
  • CVE-2020-28241
  • CVE-2021-35937
  • CVE-2021-35938
  • CVE-2021-35939
  • CVE-2023-48795
  • CVE-2024-0553
  • CVE-2024-27289
  • CVE-2024-27304

References

  • https://access.redhat.com/security/updates/classification/#moderate

ppc64le

advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876
advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7
advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075
advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7
advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88
advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52

s390x

advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34
advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75
advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1
advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb
advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb
advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f

x86_64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94
advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16
advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de
advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7
advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903
advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility