Issued:
2024-07-24
Updated:
2024-07-24

RHSA-2024:4836 - Moderate: RHACS 4.5 enhancement and security update

Synopsis

Moderate: RHACS 4.5 enhancement and security update

Type/Severity

Security Advisory Moderate

Topic

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features, bug fixes, and updates to patch vulnerabilities.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Release of RHACS 4.5 provides these changes:

New features:

  • Scanner V4 is generally available
  • Vulnerability Management 2.0 is generally available
  • Compliance updates
  • Built-in email notifier in RHACS Cloud Service
  • roxctl installation GitHub action
  • Bring your own PKI for signature verification
  • Build-time network policy tools updates
  • Enhanced RHACS Cloud Service experience

This releases updates the following items to patch vulnerabilities:

  • (CVE-2024-28849) The follow-redirect module was updated to 1.15.6.
  • (CVE-2024-29903) Updated cosign to 2.2.4.
  • (CVE-2024-29902) Updated cosign to 2.2.4.

For more information on new features and other details, see https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html.

Solution

To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.

Affected Products

ProductVersionArch
Red Hat Advanced Cluster Security for Kubernetes4x86_64
Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE4s390x
Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian4ppc64le

Fixes

CVEs

References

Additional information