Red Hat Product Errata RHSA-2025:3863 - Security Advisory
Issued:
2025-04-14
Updated:
2025-04-14

RHSA-2025:3863 - Security Advisory

Synopsis

Important: Red Hat multicluster global hub 1.3.3 bug fixes and container update

Type/Severity

Security Advisory: Important

Topic

Red Hat multicluster global hub 1.3.3 general availability release, with
updates to container images and bug fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description

Red Hat multicluster global hub 1.3.3 images

This advisory contains the container images for Red Hat multicluster
global hub. These container images provide enhancements.

Security fix(es):

  • golang.org/x/oauth2: Unexpected memory consumption during token parsing in

golang.org/x/oauth2 (CVE-2025-22868)

  • golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of

golang.org/x/crypto/ssh (CVE-2025-22869)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Solution

Before applying this update, make sure all previously released erratas are
relevant and have been applied to your system.

See the multicluster global hub product documentation for more information:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html-single/multicluster_global_hub/index

Affected Products

  • Multicluster Global Hub 1.3 x86_64

Fixes

  • BZ - 2348366 - CVE-2025-22868 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
  • BZ - 2348367 - CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

aarch64

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:e3df13431b136853956c05e8dad57482b9297dabdf0127e61d8be1d78f2bdf70
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2a5dfbef1f941c57d67df184337a7b970cd560e4cc3fa19d7671bdba4a08b9e7
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:62609b6e37d13730eaa4668c9118b2bb94d3f6367f51540b99a5eca60ee43b34
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:d9febc5d528b7467bbbf201764f6ddcc272fd55cf50bee3f7b4368edac3f9b5e
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:79211c6788d7c934c420563b98eca5cd501e20350701cf08ef4704616073bb41
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:898e407d3aa168779f33ce7311c68762645aa8cbbf2fde00d839c9149b395074
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:21ed01d85bef12486c45f636b22500ef2fb76715a185e09e7f0d4d19a45763ae

ppc64le

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:060ca2cf3d1cb2b6a335b5f1dff3d4616c064e87af81928e9673aaab0acca778
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:74aaadfaf4486c489d8bf976ee0485cf415850bde43aa3c51086e0c15e94c30a
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:0f934d0e95febf1441ff2ef32c20fefdc71f14c9d6509ccf678b989ad0accdab
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9cc873cd6f1cc6cb702fb9130d0455edf233a5ed01865db688aaae77e5bf8f34
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:2b300052b3d363422f503ebaf14662909189c6378f2915b87261cfa3401df512
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:375b08ba24f3dd27a39f5f75bc77e1e72d57c790f2cb99880c1a720733c6074b
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:eb75d65e97b3d8cfbf30bab7d9fa3513aa652d9dc55eba34ad8c065a181a2cff

s390x

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:86f30038a48834b7c6bef64fd626831a8502fb7c21a8db950715843ddb7ea55a
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a627e1f04171223b761cbf802d7e6edf69ccb241395973a5075ed8e099a445
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:2e088de715378b716330066c18898cd3f46f117ccb2b4f85efef8eeb94f3b04c
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:d1ea61353a8dc4f98fa3ae0fc36c1ee8ce6ce72b7902c8a4462385a1d9a91224
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:520924084316e7f5ffb98dc6b161774dbce20b3a23b2378759045c7f22db1e4a
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d61e3f722e53ff8495415250e29e235c04207c6ce4b8881a26ef9f8e2d2cce46
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f1ce1d2292eb45c0f5c004664d7d3e251441c99b87776210e8d5ab57b264f849

x86_64

multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ecef54419eadca54b48634c3eee02d4bc18eec9ebb1350c975164744623b4308
multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2fd4a242c2fd286f32de41d026ae85256d4ad21763a5a67559a77818a413380e
multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9@sha256:b4df5e3434b7b348a839f99914dd7887dc79d175f8a322a3d787033603257c1a
multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:6597317fdd081f0a4ec268d1f9ae53c8ab69e9b10088b01b539baf0cf7ebf5fe
multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:21fbc3538cb0885c45bb0293f1c68cc98701382103fcff061d5e0c3e415831e3
multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:935eee00d0218702cf8a84ae6ec196ddd1d10b042692d4f056c1bc0d63ddb995
multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8cf004aae590ca4f08d37a6a221e49d4fc22734323290d38174e404331643b98

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.