rhsa-2022_1081
Vulnerability from csaf_redhat
Published
2022-03-28 14:14
Modified
2024-11-13 23:42
Summary
Red Hat Security Advisory: Gatekeeper Operator v0.2 security updates and bug fixes
Notes
Topic
Gatekeeper Operator v0.2
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include security updates, and container upgrades.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security updates:
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Gatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include security updates, and container upgrades.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1081", "url": "https://access.redhat.com/errata/RHSA-2022:1081" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/", "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/" }, { "category": "external", "summary": "2030787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787" }, { "category": "external", "summary": "2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1081.json" } ], "title": "Red Hat Security Advisory: Gatekeeper Operator v0.2 security updates and bug fixes", "tracking": { "current_release_date": "2024-11-13T23:42:53+00:00", "generator": { "date": "2024-11-13T23:42:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2022:1081", "initial_release_date": "2022-03-28T14:14:19+00:00", "revision_history": [ { "date": "2022-03-28T14:14:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-03-28T14:14:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T23:42:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product": { "name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:acm:2.3::el8" } } } ], "category": "product_family", "name": "Red Hat ACM" }, { "branches": [ { "category": "product_version", "name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x", "product": { "name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x", "product_id": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2" } } }, { "category": "product_version", "name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "product": { "name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "product": { "name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "product_id": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2" } } }, { "category": "product_version", "name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64", "product": { "name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64", "product_id": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-operator-bundle\u0026tag=v0.2.2-13" } } }, { "category": "product_version", "name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "product": { "name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "product_id": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-operator-bundle\u0026tag=v0.2.2-14" } } }, { "category": "product_version", "name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "product": { "name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "product": { "name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "product_id": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2" } } }, { "category": "product_version", "name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "product": { "name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64" }, "product_reference": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64" }, "product_reference": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x" }, "product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le" }, "product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64" }, "product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le" }, "product_reference": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64" }, "product_reference": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "relates_to_product_reference": "8Base-RHACM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" }, "product_reference": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x", "relates_to_product_reference": "8Base-RHACM-2.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-43565", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030787" } ], "notes": [ { "category": "description", "text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/crypto: empty plaintext packet causes panic", "title": "Vulnerability summary" }, { "category": "other", "text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" ], "known_not_affected": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43565" }, { "category": "external", "summary": "RHBZ#2030787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565" } ], "release_date": "2021-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-28T14:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe requirements to apply the upgraded images are different whether or not you\nused the operator. Complete the following steps, depending on your installation:\n\n- Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy has\n`installPlanApproval` set to `Automatic`. This setting means the operator will\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually\napprove the upgrade to the operator.\n\n- Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.\nb) Click the tag dropdown, and find the latest static tag. An example tag is\n\u0027v3.3.0-1\u0027.\nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image: \u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027.\n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.", "product_ids": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1081" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/crypto: empty plaintext packet causes panic" }, { "cve": "CVE-2022-23806", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053429" } ], "notes": [ { "category": "description", "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" ], "known_not_affected": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23806" }, { "category": "external", "summary": "RHBZ#2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-28T14:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe requirements to apply the upgraded images are different whether or not you\nused the operator. Complete the following steps, depending on your installation:\n\n- Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy has\n`installPlanApproval` set to `Automatic`. This setting means the operator will\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually\napprove the upgrade to the operator.\n\n- Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.\nb) Click the tag dropdown, and find the latest static tag. An example tag is\n\u0027v3.3.0-1\u0027.\nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image: \u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027.\n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.", "product_ids": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1081" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64", "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.