- Issued:
- 2025-01-21
- Updated:
- 2025-01-21
RHSA-2025:0560 - Security Advisory
Synopsis
Important: Red Hat Multicluster GlobalHub 1.2.1 bug fixes and container updates
Type/Severity
Security Advisory: Important
Topic
Red Hat multicluster global hub 1.2.1 general
availability and release images provide enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Description
Red Hat multicluster global hub 1.2.1 images
This advisory contains the container images for multicluster
global hub. These container images provide enhancements.
This advisory contains enhancements and updates to the global hub
container images.
Security fix(es):
- golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto (CVE-2024-45337)
- golang.org/x/net/html: Non-linear parsing of case-insensitive content in
golang.org/x/net/html (CVE-2024-45338)
Solution
Before applying this update, make sure all previously released erratas are
relevant and have been applied to your system.
See the multicluster global hub product documentation for more information:
Affected Products
- Multicluster Global Hub 1.2 x86_64
Fixes
- BZ - 2331720 - CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
- BZ - 2333122 - CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVEs
- CVE-2019-12900
- CVE-2021-43618
- CVE-2022-48554
- CVE-2023-7104
- CVE-2023-22745
- CVE-2023-29491
- CVE-2023-37920
- CVE-2024-2398
- CVE-2024-3596
- CVE-2024-3651
- CVE-2024-6119
- CVE-2024-6232
- CVE-2024-6345
- CVE-2024-10963
- CVE-2024-25062
- CVE-2024-28182
- CVE-2024-28834
- CVE-2024-28835
- CVE-2024-34397
- CVE-2024-37891
- CVE-2024-45337
- CVE-2024-45338
- CVE-2024-50602
aarch64
| multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c7fd8cdb5c38d05e7d9d84c8356b900188797f383165cf04ee5e053c1c0809ca |
| multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0306beb5aeb6765ec794ccd272a75c208ceac1443bdd8108df09e9439ddbcccd |
| multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c0230497404f9c535083a5883658ab15e7663e171d72ad3b1deeea6a83b556cd |
| multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:85fafeaccf1496f1e4aed45800048ab3a8c092248e4269009be847d6e71f965e |
| multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:859b5f5ec4f75ccf01d8193f6605454ab962a9a5951a0a94ffd483be49dff37d |
| multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d9e0cbfb380a240379589319b6445ebc3518672e8449f5f1b7cd18633191f04b |
ppc64le
| multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:b091e25fc1d6217d72a425d0fe5cfc4c23975ae67c976777e5f0d3a892485be0 |
| multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7494ea507dc7a0a20033a90ecdae225f61dc093b1f01b0e372ef88df2a3c4d03 |
| multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3fdd61a6d8f1116335af5264a6f4ddcb5d33aa3b9955785230cc9f63836c758a |
| multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:ca9d4b3a7814190841d918f4f2baadd8d5f2ed2c5315e267355dcd0bf23051ba |
| multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:77026e662d82ff9a493f75642589680f77eb505c356d5d9350d294a339a62706 |
| multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:af8f113e21a3fac9ace9de73125a450c7c761442e0360830be9211ca279201c8 |
s390x
| multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:8e313bf539412be4180dc9f333236c9f093beda726de9355f9af2aeaa61d74f0 |
| multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:47fab140b2681c8d31d78e09f226bf60979c49f7c916c187b4c4c8d5ee491d48 |
| multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:50438d1d81c4b11ed78c058999b2144906dcbaaaa69fd9662d79f06cc789b45e |
| multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:060b612bab17676dfe5c94bae81e2aa5dbf67fd0037e35f01569a541ab8c7fed |
| multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33bb15a3045bbd37de5787773094ff68019a99cd0871a350c3720c3fc2eac1e4 |
| multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:65ef70042ee2eb74c96afaa0a9a0a0eb38c6078b3ef824f001200c50b426ddd1 |
x86_64
| multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ae480bebb429b3b67b3b401fd48e9be2ba846492668261612ab00904353dcff7 |
| multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7f85e53b5418eec0afec9441a545dcfb58e2d68954bf4715c49aa285fa77caa3 |
| multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9382c124b06c330569ba0b1f5dca7a5c682f093dd0a91ac355a693dc13cb420f |
| multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:97dc40279be27a8d4acf86ad7b4e04ec95e7bb9f69b8986e819db482aa7af468 |
| multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9dbc8cec0a932f8bfbe0f9c22df24371a0fe07fa721c601c25a77e835136642f |
| multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:6611aa44bb6520104aaea69f0c8a5e3cdd0f4278ca6e9fd0abf042b4cfc912f7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
