- Issued:
- 2024-02-26
- Updated:
- 2024-02-26
RHSA-2024:0989 - Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates
Synopsis
Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates
Type/Severity
Security Advisory Critical
Topic
Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Description
Red Hat Multicluster GlobalHub 1.0.2 images
This advisory contains the container images for Red Hat Multicluster GlobalHub, which fix several bugs.
Security fix(es): CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Solution
See the multicluster global hub product documentation for more information:
Affected Products
| Product | Version | Arch |
|---|---|---|
| Multicluster Global Hub | 1.0 | x86_64 |
Fixes
CVEs
- CVE-2021-35937
- CVE-2021-35938
- CVE-2021-35939
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-5678
- CVE-2023-7104
- CVE-2023-27043
- CVE-2023-39615
- CVE-2023-43804
- CVE-2023-45803
- CVE-2023-48795
- CVE-2023-49568
- CVE-2023-49569
- CVE-2024-0553
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.