Issued:

2021-09-23

Updated:

2021-09-23

RHSA-2021:3653 - Important: Red Hat Advanced Cluster Management 2.1.11 security fix and container updates

Synopsis

Important: Red Hat Advanced Cluster Management 2.1.11 security fix and container updates

Type/Severity

Security Advisory Important

Topic

Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/release_notes/

Security fix:

• management-ingress-container: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)

For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Container updates:

• RHACM 2.1.11 images (BZ# 1999375)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Important: This upgrade of Red Hat Advanced Cluster Management for Kubernetes is not supported when you are running Red Hat Advanced Cluster Management on Red Hat OpenShift Container Platform version 4.5. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-operator

Affected Products

Fixes

• This content is not included.BZ - 1963121
• This content is not included.BZ - 1999375

CVEs

• CVE-2020-27777
• CVE-2021-3653
• CVE-2021-22555
• CVE-2021-22922
• CVE-2021-22923
• CVE-2021-22924
• CVE-2021-23017
• CVE-2021-29154
• CVE-2021-29650
• CVE-2021-31535
• CVE-2021-32399
• CVE-2021-36222
• CVE-2021-37750

References

• https://access.redhat.com/security/updates/classification/#important

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.