Red Hat Product Errata RHSA-2025:0907 - Security Advisory
Issued:
2025-02-03
Updated:
2025-02-03

RHSA-2025:0907 - Security Advisory

Synopsis

Critical: ACS 4.6.2 enhancement and security update

Type/Severity

Security Advisory: Critical

Topic

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security and bug fixes.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

This release of RHACS 4.6.2 includes security and bug fixes. If you are using an earlier version of RHACS 4.6, you are advised to upgrade to this patch release 4.6.2.

Bugs fixed:

  • Fixed an issue in StackRox Scanner V2 where scan results for Red Hat Enterprise Linux (RHEL)-based images displayed inaccurate package and vulnerability data due to incorrect layer hierarchy assumptions.
  • Fixed an issue where the output format of the roxctl CLI command for timestamps changed in RHACS 4.6, interrupting customer automation workflows.

Security issues fixed:

  • golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
  • go-git: argument injection via the URL field (CVE-2025-21613)
  • go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies (CVE-2025-21614)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Solution

If you are using an earlier version of RHACS 4.6, you are advised to upgrade to this patch release 4.6.2

Affected Products

  • Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
  • Red Hat Advanced Cluster Security for Kubernetes for ARM 4 aarch64

Fixes

  • BZ - 2333122 - CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
  • BZ - 2335888 - CVE-2025-21613 go-git: argument injection via the URL field
  • BZ - 2335901 - CVE-2025-21614 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies
  • ROX-27748 - Release RHACS 4.6.2

aarch64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:0637515b7c3a9dd832e307354154b8c7fa75339beb80ea77e7dae913a24455f3
advanced-cluster-security/rhacs-collector-rhel8@sha256:a927b48c033107874150cd263733a7eac32915b8ea2c31e16e4db7dbb00fd80a
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ecf659bdaeb9cbbfd0f5178ffc83b7b8474b5dd83ce565e50c57f18599dcd0a4
advanced-cluster-security/rhacs-main-rhel8@sha256:6b5d06e7effb97bd532375e8982ff4396924355fccb161be19df0dc121a098a1
advanced-cluster-security/rhacs-operator-bundle@sha256:c4413a7101e8cb95d7b553becfd69590abba5dceb436731be0c754b3e381ecc7
advanced-cluster-security/rhacs-rhel8-operator@sha256:05cec447844c375d7cf670dd2c8293e35b7e81c2a126758a91c6ae04a64401db
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:47ee46377a875b4ee7fb4922b76bb1db5035fa8e82ec1b03a48408eb6855429d
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:15b02a2b037f2713fd3bad41506f606cb5bb7d4fe2263b54bc0597ecfa44bfb4
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dd878a23562cecc5f2355c9c826d3ddb4713f4c813898f61d26db3fb2135be19
advanced-cluster-security/rhacs-scanner-rhel8@sha256:4eb006cb064275d6e47c4fdb42e0805b4974caecaf2b9878dc06ac82e186cee5
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ff9b43c864927a14d216946d82ed149666a415ceb792b29333e4f5a81a2c8763
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:5f38522cec9a86c17a565cd3eff51c1960a9ea171a786d8af4244ca141f7f285
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:14d59c045358ddfdd8356064b5aee3c05d87da10624b57598da8adf888c3bdd5

ppc64le

advanced-cluster-security/rhacs-central-db-rhel8@sha256:7d351aa33b448269774a2d5c68641e3175106697c41f4080bf37d5060fbb880b
advanced-cluster-security/rhacs-collector-rhel8@sha256:dd50c86cd53c5318ae11b096f5c78abfabac475a8409f0bff6160653b773477b
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:370adafec946643bd92600cf28a609afe97f7d33f39a13c93564318212a11fba
advanced-cluster-security/rhacs-main-rhel8@sha256:5248ab4d7994e809e5cae15758231e7844dbd6772351b257cc4b0a90f4eb9ccd
advanced-cluster-security/rhacs-operator-bundle@sha256:1b858171a34a8675ef4fcd4edb3fa5f6dcdc26363c098ed014c3c505ddafc010
advanced-cluster-security/rhacs-rhel8-operator@sha256:fe38999c6c30224a453027c1cb9117df9d742c4056a8997054e7f299e266e9a8
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5beee87ab3af6b57d69c5aa480adf1c5fd01a54b3e144261e05b28c62ddf6e3f
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:202d116ef0d6208b1ed44c9bfb0c1527dad0e44031d2b9babe7fa25eee0197cd
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f2109b7ec783bc98539c147b43a0b747f571a02bf78fd70220d3f9cbb5b2c9b4
advanced-cluster-security/rhacs-scanner-rhel8@sha256:05fc5fa02cb04737a083b29d0d344da428f8d0b8fe24229715d5d6512dbab2f1
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:797637fd0bc37a7b30704a1984e577c5f0b0a3c803ac310efa89bcfb1322799c
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:cadfef388d0185bdb3e972db36be19c4cfca4ab13b416947fafbd5e6e3501eb1
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e2ef716363cae00391514b83a5952e0dd925a8665af01b9a890a7c11c8079024

s390x

advanced-cluster-security/rhacs-central-db-rhel8@sha256:db7daf08455c13fa410ef853846b3111985c44ade1ca7f1665fa00035b88116a
advanced-cluster-security/rhacs-collector-rhel8@sha256:71ef8e29a7c357e4e675231edc1913936e8ad9595d0fd692aa1cc02458f32e73
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8ba0add727872e6d0544742fffd28445c85ee416b569e23e3122d024c6f553d0
advanced-cluster-security/rhacs-main-rhel8@sha256:cf0baa500f79525bc439f9a78b9b03a0b7b830b9a9e8bcd01789773a233f625e
advanced-cluster-security/rhacs-operator-bundle@sha256:27ec7980c04f5b96ad178bead12062f262897a06ac6fc51543a8b8b61d9ea269
advanced-cluster-security/rhacs-rhel8-operator@sha256:55164e6fbdf6b08812cfa1f1e15a93ad735d7494dc5e7a496c6c2508c2f1e2f7
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bfaf224ef748c3fed475dbcf59cf1e0d0eca143584e5e046a246ab3820fc1883
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:069f10febc09200e10c506c43d5d3481ccdc9a707c293fcc3ff923d5320ea585
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b71db82ac2b8f0264bee530aa272993b056d64ead4c414ccdc80876a1a2a514
advanced-cluster-security/rhacs-scanner-rhel8@sha256:2b148ab44d673170159d896149c480b13d7e3e07fe7e702f61abf15fbcec8882
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8b8a5b8e29bdbf775d24d0b8c4c57cc9e814e2b98932885fac75ca941f1059f4
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c7ad55ea10b42df125ebeb4088a3080d769d8566c0046b2aac79b30111a6db0d
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c8c9b44f7d1f1d200bf305adc21fa1ad8b19159c7ffdcea1c1b3a2ea2be4646c

x86_64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:897c5db46b7bf6a19edef564e7a220e1a805ce6430befa7bb84a7b20ffa658fe
advanced-cluster-security/rhacs-collector-rhel8@sha256:7ac9c2c80b0890b754a9b7a85bbe728b10fad296f62c847f0efbbabf3f1f4efa
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:c5503623080ad76434ab6a409ddcdb2f8b7368b01f6c1c9accbb8590dfe0f835
advanced-cluster-security/rhacs-main-rhel8@sha256:4b9a01b61e1f72eb9103718c6fd08f89f3776ba2b0807a8721e890397c158475
advanced-cluster-security/rhacs-operator-bundle@sha256:324eafac9e2a9000c6032f152867defb4f4402ae8772677d7a1b45eb6df1b9be
advanced-cluster-security/rhacs-rhel8-operator@sha256:effc0cd6a09c7c1ce2b3a46a46ed4cb9f4b1ac65f3af783a7404a7b22a0d3db6
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56cbedab509cfe2b8773aa900ffb2cd8aee062811bf896adeba0cc7ae8baa77f
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9929ec613b4bc008705bee775b56aec1c4729c2f0c1d572239a75424b246452b
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f902f9109751eba20c26a8cbe89c52c18467d8166ff33716c79390d743d756a0
advanced-cluster-security/rhacs-scanner-rhel8@sha256:d38ac805c3a827fbc01686ec53909c919eeb4e5d62730a7ec67d29fbd00bf049
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a660c5f705d4a5bba018c987ab3558581b0d7f897451dd161fa0b1e96d63b0c0
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:dc6bc09d80acc2ca1cc43925c7dc634f4922b5e1849ff5a30280002f6767ad6e
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:00c40603219d626508f58cabbca453b88587269803c682a4a9ab68b926374c25

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.