Issued:
2025-01-21
Updated:
2025-01-21

RHSA-2025:0560 - Important: Red Hat Multicluster GlobalHub 1.2.1 bug fixes and container updates

Synopsis

Important: Red Hat Multicluster GlobalHub 1.2.1 bug fixes and container updates

Type/Severity

Security Advisory Important

Topic

Red Hat multicluster global hub 1.2.1 general availability and release images provide enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description

Red Hat multicluster global hub 1.2.1 images

This advisory contains the container images for multicluster global hub. These container images provide enhancements.

This advisory contains enhancements and updates to the global hub container images.

Security fix(es):

  • golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)
  • golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)

Solution

Before applying this update, make sure all previously released erratas are relevant and have been applied to your system.

See the multicluster global hub product documentation for more information:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html-single/multicluster_global_hub/index

Affected Products

ProductVersionArch
Multicluster Global Hub1.2x86_64

Fixes

CVEs

References

Additional information