- Issued:
- 2023-06-29
- Updated:
- 2023-06-29
RHSA-2023:3943 - Moderate: ACS 4.1 enhancement and security update
Synopsis
Moderate: ACS 4.1 enhancement and security update
Type/Severity
Security Advisory Moderate
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The release of ACS 4.1 provides these changes:
Security Fix(es):
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
-
golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
-
golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)
-
golang: go/parser: Infinite loop in parsing (CVE-2023-24537)
-
golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
New features:
-
Manual renewal of Central and Sensor certificates
-
Vulnerability Management 2.0 (Technology Preview)
-
RHACS Cloud Service scanning support for images pulled from on-premise registries
-
eBPF collection method on IBM Z and IBM® LinuxONE
-
Ability to configure the display of default compliance standards in the Compliance Dashboard
-
Declarative configurations for authentication and authorization
-
SSO configuration using the roxctl CLI
-
New collection method based on BPF CO-RE (Technology Preview)
-
Network graph updates
-
Policy Management simplification
-
New permission sets
-
Improvements for Sensor resync (General Availability)
For notable technical changes, deprecated and removed features, bug fixes, and known issues, refer to the Release Notes.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Advanced Cluster Security for Kubernetes | 4 | x86_64 |
| Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE | 4 | s390x |
| Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian | 4 | ppc64le |
Fixes
- This content is not included.BZ - 2064702
- This content is not included.BZ - 2178358
- This content is not included.BZ - 2184481
- This content is not included.BZ - 2184482
- This content is not included.BZ - 2184483
- This content is not included.BZ - 2184484
- This content is not included.ROX-18018
CVEs
- CVE-2020-24736
- CVE-2022-27191
- CVE-2022-41723
- CVE-2023-1667
- CVE-2023-2283
- CVE-2023-24329
- CVE-2023-24534
- CVE-2023-24536
- CVE-2023-24537
- CVE-2023-24538
- CVE-2023-26604
- CVE-2023-32067
References
- https://access.redhat.com/security/updates/classification/#moderate
- This page is not included, but the link has been rewritten to point to the nearest parent document.This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/acs/4.1/release_notes/41-release-notes.html
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.