Issued:: 2025-04-15
Updated:: 2025-04-15

RHSA-2025:3929 - Security Advisory

Overview
Updated Images

Synopsis

Important: ACS 4.6 enhancement and security update

Type/Severity

Security Advisory: Important

Topic

Updated images are now available for Red Hat Advanced Cluster Security (RHACS).

Description

This release of RHACS fixes the following bugs:

Fixed an issue where Central could perform image scans even when delegated scanning was enabled, due to a race condition during Sensor reconnection.
Fixed an issue where mismatched aggregation fields in Compliance tables and widgets caused inconsistent percentage displays.
Fixed an issue where you ran into Google Kubernetes Engine (GKE) compatibility test failures because the tests still used a deprecated service in RHACS 4.6.
Fixed an issue where you could see the Configuration Management page despite only having Alert permissions, resulting in role-based access control (RBAC) errors.
Fixed an issue where verifying multi-signed images failed due to incorrect error handling.

This release of RHACS fixes the following security vulnerabilities:

CVE-2024-21536: Flaw in http-proxy-middleware allowed denial of service through unhandled promise rejections in micromatch.

CVE-2025-30204: Flaw in jwt-go allowed excessive memory allocation during header parsing, which could lead to a possible denial of service.

CVE-2024-57083: Flaw in redoc allowed prototypes in mergeObjects to be tainted, which allowed a denial of service through crafted payloads.

Solution

If you are using an earlier version of RHACS 4.6, you are advised to upgrade to patch release 4.6.5.

Affected Products

Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
Red Hat Advanced Cluster Security for Kubernetes for ARM 4 aarch64

Fixes

BZ - 2319884 - CVE-2024-21536 http-proxy-middleware: Denial of Service
BZ - 2354195 - CVE-2025-30204 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
BZ - 2355865 - CVE-2024-57083 redoc: Prototype Pollution in redoc

CVEs

References

aarch64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce

advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72

advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0

advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e

advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774

advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc

advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00

advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063

ppc64le

advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5

advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8

advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49

advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3

advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542

advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9

advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160

advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a

s390x

advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1

advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785

advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913

advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6

advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57

advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272

advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e

advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178

x86_64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989

advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e

advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793

advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27

advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064

advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1

advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808

advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation