Red Hat Product Errata RHSA-2024:4836 - Security Advisory
Issued:
2024-07-24
Updated:
2024-07-24

RHSA-2024:4836 - Security Advisory

Synopsis

Moderate: RHACS 4.5 enhancement and security update

Type/Severity

Security Advisory: Moderate

Topic

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features, bug fixes, and updates to patch vulnerabilities.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Release of RHACS 4.5 provides these changes:

New features:

  • Scanner V4 is generally available
  • Vulnerability Management 2.0 is generally available
  • Compliance updates
  • Built-in email notifier in RHACS Cloud Service
  • roxctl installation GitHub action
  • Bring your own PKI for signature verification
  • Build-time network policy tools updates
  • Enhanced RHACS Cloud Service experience

This releases updates the following items to patch vulnerabilities:

  • (CVE-2024-28849) The `follow-redirect` module was updated to 1.15.6.
  • (CVE-2024-29903) Updated `cosign` to 2.2.4.
  • (CVE-2024-29902) Updated `cosign` to 2.2.4.

For more information on new features and other details, see https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html.

Solution

To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.

Affected Products

  • Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le

Fixes

  • BZ - 2269576 - CVE-2024-28849 follow-redirects: Possible credential leak
  • BZ - 2274504 - CVE-2024-29903 cosign: Malicious artifects can cause machine-wide denial of service
  • BZ - 2274508 - CVE-2024-29902 cosign: Malicious attachments can cause system-wide denial of service
  • ROX-25325 - Release RHACS 4.5.0

ppc64le

advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5
advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be
advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a
advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37
advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3
advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a

s390x

advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca
advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8
advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201
advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b
advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76
advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34

x86_64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c
advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a
advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742
advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79
advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271
advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.