Issued:: 2025-11-20
Updated:: 2025-11-20

RHSA-2025:21892 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Submariner v0.21 security fixes and container updates

Type/Severity

Security Advisory: Moderate

Topic

Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Red Hat Advanced Cluster Management for Kubernetes v2.14

Description

Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods,
implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator,
it can enable direct networking between pods and services across different Kubernetes clusters.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

Solution

For release note details, see the upstream Submariner release notes:

https://submariner.io/community/releases/

Downstream-specific issues resolved:

ACM-18625

For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/

Fixes

ACM-25262 - RouteAgent has race condition leading submariner to be degraded

CVEs

References

https://access.redhat.com/security/updates/classification/

amd64

registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345

registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1

registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c

registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5

registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee

registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325

registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1

registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b

registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7

ppc64le

registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542

registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702

registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019

registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726

s390x

registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6

registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035

registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4

registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218

arm64

registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44

registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23

registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362

registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc

registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68

registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82

registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0

registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation