Red Hat Product Errata RHSA-2025:3439 - Security Advisory
Issued:
2025-04-01
Updated:
2025-04-01

RHSA-2025:3439 - Security Advisory

Synopsis

Important: ACS 4.6 enhancement and security update

Type/Severity

Security Advisory: Important

Topic

Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes security and bug fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

This release of RHACS 4.6.4 includes security and bug fixes. If you are
using an earlier version of RHACS 4.6, you are advised to upgrade to this
patch release 4.6.4.

Bugs fixed:

  • Fixed an issue where Scanner V4 performed TLS validation even for integrations where TLS validation was disabled.
  • Fixed an issue that prevented the "Container CPU Limit" field from being added to security policy rules.
  • Fixed an issue where the Network Policies tab in the network graph detail view would hang in the PatternFly Code editor due to a potential issue with the Monaco-based text editor.

Security issues fixed:

  • CVE-2025-27144: Flaw in Go JOSE versions prior to 4.0.5.
  • CVE-2025-22868: Flaw in Golang in the token parsing component.
  • CVE-2025-22869: Flaw in golang.org/x/crypto Secure Shell (SSH) file transfer implementation.

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Solution

If you are using an earlier version of RHACS 4.6, you are advised to upgrade to this patch release 4.6.4.

Affected Products

  • Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
  • Red Hat Advanced Cluster Security for Kubernetes for ARM 4 aarch64

Fixes

aarch64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:3f7453c244e17e1763cd00bb893dd48153b9f52c639fbe392330f32a8c683b08
advanced-cluster-security/rhacs-collector-rhel8@sha256:7380fe034ac369d2784544bc102ab0d1992ddd7c34acd820ed90e52c969e68af
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:c9d8e97e70e495f4d268d8d846eed320bae4d94081a42cfdd5503de1fee08ef0
advanced-cluster-security/rhacs-main-rhel8@sha256:a1bbcf94392f867e55b97a8b6c9338280abd4324031628ccaa6808c329d1f51b
advanced-cluster-security/rhacs-operator-bundle@sha256:2ac0811576648d839422548b1587bdf74a0bcc51202cb5312203b6d3632c4d89
advanced-cluster-security/rhacs-rhel8-operator@sha256:8209c920bec930fe40492ce755d8c375e6287b9995a4323ed0e9d6723c4ba41b
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a98bca77e171a8b616f48ae15a5e8bce5e31d46bc4dfb7fa2f2337eb52bc0ead
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea2fc256a76268a64233c67253745f9b4a51de568ac69f5a399d2a9725b52ede
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a8a282d5e22947bcc09e3c124b000d9ad5dc66b772cca74d746299383e4e92d1
advanced-cluster-security/rhacs-scanner-rhel8@sha256:af14ddfc7ae21973776a6ddd31f9ac33c24058ccce7af88092132cdc9dcaf494
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:baec4dda158cc434cf49851d48f64952e1e2ce8e7e0d97f40645f81d6d82acb7
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab625a2c2c03af048451011aee53f3b229ae223f2deede65efa3de30b8a37d2a
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f81a7122296ebedf8212971fa8175477af5382b35cb95109ebeb63ac203b23a0

ppc64le

advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7de910ce1ee2b66e373b5ae1228cbdf9f960b6ee4f9646d6538d6deafceed93
advanced-cluster-security/rhacs-collector-rhel8@sha256:2a54010edca166d59b5a8e0054661c5cbdfd202ff7b2dc8dae3f48e3aa8cdb2c
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:fb2da8396ba4c046e963b5c49611a154c3cd47b98701a909a7588631b3ca95c0
advanced-cluster-security/rhacs-main-rhel8@sha256:194d127f452884cfaac6b64b81b71111a2cb19483fef74a94659b3b647acec29
advanced-cluster-security/rhacs-operator-bundle@sha256:7b49c3de7ae7ce5c5209276f9af6845d0a8e23850f22bad4b49d7b614377994e
advanced-cluster-security/rhacs-rhel8-operator@sha256:74c62d91c0973098a5fcc15d465b880a64cfb48cd85ec1cd871d80ba645505fb
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:606aee67225f49de8d3796aceb1a42b4452ffb0c1a45f71abd059d71b6718216
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f75ac9200117e6f8fcbd2cab92627cead25812e0f7634b6829b6b3fe11564ef
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:682a900b076f6c1b0a0e3ecf6a2b07df1b5f56857f9211c8ab3a7c62611671a2
advanced-cluster-security/rhacs-scanner-rhel8@sha256:bba057fa8cea9e12409e247093dbe96cec9f0efada2eed47aec519a951d7e1a7
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ef50596bff98198769d80974fb00975ac77f565df11591d949e1fba4b1ce80d8
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9142cb7b25535a6f72c850069aa4abaeac7d4d1296a0e89ab440b21139fda372
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8add4b97bf90d0edbdad6c2e55660a74943129fc621f1a52dae5cec4c308009b

s390x

advanced-cluster-security/rhacs-central-db-rhel8@sha256:07cdcae0389c8aec32e1e4393b6e3c57acdf894926f43a94b73fb9119210b18a
advanced-cluster-security/rhacs-collector-rhel8@sha256:12ea9f4bd78ef018b57bcf0e8e0dbb7800753a268719a32297c61db116ab887a
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6bc7e17ca2f06dee7a9f067a5515df7faed97a19dc3fbee34ec26a2e06d5a27b
advanced-cluster-security/rhacs-main-rhel8@sha256:d37a7edd81aadda3ea995e00273a2fb62fd97d02b7b1d94cafc4f1a4a217af8a
advanced-cluster-security/rhacs-operator-bundle@sha256:5e0211a77a3fc5027fb005c76d549a1c4792a77b6b198f328a4d13e00d563f94
advanced-cluster-security/rhacs-rhel8-operator@sha256:aa5e8e1118f698170bffa160ced0f418f82c94988c500e9a07e78a0ecfa2797e
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f77f9bc05fed74f148654aa7204eed4f9b0640ab766f7b11c1e3c3bb0a62d457
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:91f9804061df02bb30d1f11ba0a04f03831e359dc84c0a9a6261fd96c95b69bd
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:aa4ab88c354fbc6894e5b02869b3451e950ae9132fb3412bfeef55a790b9b15b
advanced-cluster-security/rhacs-scanner-rhel8@sha256:332e4b9b3f71496b7d3c242a33970969027666d4337328495435bc9206fa9106
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5a1b95aadf516f42c11b306168e3682540d7282610bec2eefe97178fc2f5540
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:05ca198378303347eda14e416878e3326e78a320a592ed53ec1a1f98d9d3659e
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72dc072f0d64838e91aabbcd7ea0d85c1aaf79196cb6f45fcddb2ae42ef132a6

x86_64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:23179933e936025ed4af7c0ce0e6ba503f032b2d66c4e3a0343fc387270050a8
advanced-cluster-security/rhacs-collector-rhel8@sha256:a022adf62c00842eb3e2e28859f68f5e965e5cfbb5c45101271b520db6f345a7
advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2ed2a473fc2900cc2ff0b407c3d12ee959387a44ddfe4419c21b16f3e064526a
advanced-cluster-security/rhacs-main-rhel8@sha256:df6202877fdb10926513cd01a1c596265828120300f5ab72430b535c974976e5
advanced-cluster-security/rhacs-operator-bundle@sha256:40422d266354c240237d66bb621660ed235af7c8620de8432912854cc11c084b
advanced-cluster-security/rhacs-rhel8-operator@sha256:6f16d3cee631fe48c46bd37df4d9936a8ad70d4d00a3d3b1405b7b699345e9fe
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e41318689a86d45078bcf75a8bb5e888b15af8c3deb1cf4c09b4eacc402af22
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e55ddc6ef87066c2e585b38c17511d291f49d65e04a6636d63394ff78035fd5c
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8d471cf249d72408fe698e720ce231130de2c666ddcec3634ce93e588f613b47
advanced-cluster-security/rhacs-scanner-rhel8@sha256:5e73abd21a74eb2ac262316130c17e219b8652f31b2770062412398b603ebd7e
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c8f4aff54a4d521ab583e9f6ab16184d70f523127d6329d87ceec853eb272ccb
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6cfbae6c8cfe46477888d7f917de78934daf1aa529a515a6b6c482ae4ab2e8f5
advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a0269bbd9ea17b0fdfc421d5c0158f712b2fa36670949bc95ccd05a45effb054

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.