- Issued:
- 2025-01-22
- Updated:
- 2025-01-22
RHSA-2025:0577 - Important: Red Hat multicluster global hub 1.3.2 enhancements and container updates
Synopsis
Important: Red Hat multicluster global hub 1.3.2 enhancements and container updates
Type/Severity
Security Advisory Important
Topic
Red Hat multicluster global hub 1.3.2 general availability and release images provide enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Description
Red Hat multicluster global hub 1.3.2 images
This advisory contains the container images for Red Hat multicluster global hub. These container images provide enhancements.
This advisory contains enhancements and updates to the global hub container images.
Security fix(es):
- golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)
- golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
Solution
Before you apply this update, make sure all the earlier released erratas are relevant and have been applied to your system.
See the multicluster global hub product documentation for more information:
Affected Products
| Product | Version | Arch |
|---|---|---|
| Multicluster Global Hub | 1.3 | x86_64 |
Fixes
- This content is not included.BZ - 2331720
- This content is not included.BZ - 2333122
- This content is not included.ACM-16468
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.