Red Hat Product Errata RHSA-2025:3930 - Security Advisory
Issued:
2025-04-15
Updated:
2025-04-15

RHSA-2025:3930 - Security Advisory

Synopsis

Important: RHACS 4.7 security update

Type/Severity

Security Advisory: Important

Topic

Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes security fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

This release of RHACS 4.7.2 includes the following security fixes:

  • CVE-2024-21536: Denial of Service vulnerability in the `http-proxy-middleware` package.
  • CVE-2025-30204: Excessive memory allocation during header parsing in `golang-jwt` package.
  • CVE-2024-57083: Denial of Service vulnerability in the `redoc` package.

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Solution

If you are using an earlier version of RHACS 4.7, you are advised to upgrade to this patch release 4.7.2.

Affected Products

  • Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
  • Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
  • Red Hat Advanced Cluster Security for Kubernetes for ARM 4 aarch64

Fixes

  • BZ - 2319884 - CVE-2024-21536 http-proxy-middleware: Denial of Service
  • BZ - 2354195 - CVE-2025-30204 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
  • BZ - 2355865 - CVE-2024-57083 redoc: Prototype Pollution in redoc

aarch64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c
advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3
advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd
advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f
advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7
advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544

ppc64le

advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305
advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb
advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7
advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491
advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd
advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f

s390x

advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c
advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d
advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f
advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715
advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27
advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003

x86_64

advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c
advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216
advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1
advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2
advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb
advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5
advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a
advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6
advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c
advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4
advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.