Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2025:0577 - Security Advisory
Issued:
2025-01-22
Updated:
2025-01-22

RHSA-2025:0577 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Important: Red Hat multicluster global hub 1.3.2 enhancements and container updates

Type/Severity

Security Advisory: Important

Topic

Red Hat multicluster global hub 1.3.2 general availability and release images
provide enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

Description

Red Hat multicluster global hub 1.3.2 images

This advisory contains the container images for Red Hat multicluster
global hub. These container images provide enhancements.

This advisory contains enhancements and updates to the global hub
container images.

Security fix(es):

  • golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause

authorization bypass in golang.org/x/crypto (CVE-2024-45337)

  • golang.org/x/net/html: Non-linear parsing of case-insensitive content in

golang.org/x/net/html (CVE-2024-45338)

Solution

Before you apply this update, make sure all the earlier released erratas are
relevant and have been applied to your system.

See the multicluster global hub product documentation for more information:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html-single/multicluster_global_hub/index

Affected Products

  • Multicluster Global Hub 1.3 x86_64

Fixes

  • BZ - 2331720 - CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
  • BZ - 2333122 - CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
  • ACM-16468 - Cannot post the cluster data in the inventory-api

CVEs

  • CVE-2024-45337
  • CVE-2024-45338

References

  • https://access.redhat.com/security/updates/classification/#important

aarch64

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9cefca3314ca01a16aaafa13e273bfb2b4c52366a6b2459207cb92ce3c909be9
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1ef88d295850ec5b9032d8b9363e9e9159c9d72a9e197c41eea132c3430c8c95
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:9f15a121d60573f04f8610d8781d37f5f660096fe382982a38b9149e84cfaca9
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:85cd1a10daf5213b5f9eeba79f8cfcebc126a39a735f07bd8b5adf7dc04fef38
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:ef551dc139eb1ee2eb8c89d91dafd1dacf665a86dfd9d93fc742ac3564460b33
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:97716544f06f5f273ebe9b798e9ea447d154f77715856554ad16cbe0b40cd18e
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dd981b5c0d8537bf07d48bbdfe16712e9ffe5ebdf912d9e869028eb4cb6dfd87

ppc64le

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:915b21c4da77c85256cd3c85f743cbb898844164643cf306396510b5a56de507
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61dce3a1ca2712f1c0cebd647f2f4e60ec66d64bda21de05dbb4f4f53e76d6f7
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:85d00d0f5abab2ffd7c4606405335b66f98e6c31247f2235c7aedc00a163e0a3
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:237def62c9050550bfc0dc45ff0d618a7cae17fc251cb732af2a530ec2ad4a0c
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:81d683b1267eb710471d88a8f4d1d2639fc82387e163c720bc2477bd0d2072b8
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c6e64d252f2e0383ce2aa28b3ca5542569a7778fb9ec683af5cdc65c9038b783
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b2691b64e3f2a8e96709027ccadc580a38856d86f09dc1a9bad6cc756d5889bc

s390x

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9f590dd38a6efaebc80347c2c9f791dfe3d53c145084f167133d88fe1ad536d1
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:ed9320bccad398dd1a2ce7e6c8b870123f1b169a03d8e82360c2231813655d0e
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:9bed439c770d9a595c851ac18fe490f889e0ed7bfba54cad8406ab8303825b9f
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:97ac00e1be1f9e8b4162889d1e6cd10ca7574a1f7ff3b3fdc1a56c019dfc8454
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f908d7a3053aed87291b315cbf9a9c96dc905b0eca88e86d61024760760e094c
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:7301980fbdffd4f2bdc39c1c61935044d4101134ece7e6753a4d58bfc0f2f167
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ab94c51d19ffb5d0dc6628fef10425c93912ceef3e331d98141b3c8a73611984

x86_64

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:31807e7bf7ffb6e0af5b712b457a3d08e5fa5b6226b2716507cba3b943e2350d
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7397431ef3364ced0e849968fca713d7ec66e65ba398c552bf62a914b6dfa392
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:3fbe1053c181088b13507ea393321a7629274ba0988dcb557fccbf9108b982c0
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:18f7ad1bc7a9058153600f13e73c60a3bc3c533e613c03bf95ee7bbeb1cc5bfb
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:66d9fc989031ad5e18c32a098e8c8a4476a55a490be21be1f5853f491b314a3e
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6c791d9455e45619be6c621e8da4c5f8ee9a79d091a6a85210ab354ee5145146
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6d552cbf8a4e75c05019b7d9d66e53007037fcb911b384720316228325c203e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility