Issued:
2025-03-25
Updated:
2025-03-25

RHSA-2025:3172 - Important: VolSync 0.12.1 security fixes and enhancements for RHEL 9

Synopsis

Important: VolSync 0.12.1 security fixes and enhancements for RHEL 9

Type/Severity

Security Advisory Important

Topic

VolSync v0.12 general availability release images, which provide enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description

VolSync v0.12.1 is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.

For more information about VolSync, see:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync

or the VolSync open source community website at: Content from volsync.readthedocs.io is not included.https://volsync.readthedocs.io/en/stable/

This advisory contains enhancements and updates to the VolSync container images.

Security fix(es):

  • golang.org/x/oauth2: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (CVE-2025-22868)
  • golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)

Solution

For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync

Affected Products

ProductVersionArch
Red Hat Advanced Cluster Management for Kubernetes2x86_64

Fixes

CVEs

References

Additional information