-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Multicluster Engine for Kubernetes 2.0 hotfix security update for console Advisory ID: RHSA-2023:1893-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:1893 Issue date: 2023-04-20 CVE Names: CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVE-2023-23916 CVE-2023-29017 CVE-2023-29199 CVE-2023-30547 ===================================================================== 1. Summary: Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Security Fix(es) * CVE-2023-29017 vm2: Sandbox Escape * CVE-2023-29199 vm2: Sandbox Escape * CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied, and that you are running Multicluster Engine for Kubernetes version 2.0.7. See https://access.redhat.com/solutions/7007647 for instructions on how to apply this hotfix, as well as for information about when the hotfix has been superseded by a permanent fix and should be removed. Important: This hotfix is a temporary fix that will be supported until 30 days after the date when the next patch release of the product is released. After the 30-day period ends, you must either update to the latest patch release and remove this hotfix to continue receiving security updates and maintain support or upgrade to a newer feature release of the product. 4. Bugs fixed (https://bugzilla.redhat.com/): 2185374 - CVE-2023-29017 vm2: sandbox escape 2187409 - CVE-2023-29199 vm2: Sandbox Escape 2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 5. References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/cve/CVE-2023-29017 https://access.redhat.com/security/cve/CVE-2023-29199 https://access.redhat.com/security/cve/CVE-2023-30547 https://access.redhat.com/security/updates/classification/#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEDATdzjgjWX9erEAQgHDA/+NBToWyhBOItP0HV3Bjrc6SiFhFSuThC6 5KQWp8vvNVVhGLone3S1EIa0cbL0Js0fNZgAi2oe3jIdm03o35ZgF/bzBgrtCgec zoa6HdgiPWsSnarN7UQlQlGy3xy580BdaSgDnhbw/7fnHX6tVrRkUU/i1eFjWy9V vMdP+EBn4puXRsNJiuEzoVRhumHfUMKS0B9Im3rL1p9xmFwy0XGgDWtBSQrFBjOh JzRDkCjKZSeDBCzqkJKP0q038qmcxCy081OdcC5SW0UjNzp9OaU/F4les98bJTS+ r8fn73752+OStNRG6uF7882dW7LO7QhaVbgLkjZGe3pUXQuCapHZDUWUkYExICS1 TzBidPGWEKTILK2cEhiDFy4/Sxxfpd+mTGzhIXxM/zCv77KRyTEMPV50tkev8US1 bzA/IyBX5SGP//CbWThSXpz5qv7zKrKk33Qs+KdZrZUghq7dxpBs3621YenoJHex QTtZ9YtORkIflIG9vRCtqnzNDJbOXMX2TEktqF+QbxQ+uWrLxl5UOosbpTgCavZE pBHqfWn+irrpTTou/hwTF6rfM5BNl/tBCFI1uJg/gutS2hobRnd/vk2dKInjUNFl Ru9fmebjpR+nT6x+CZCwWejms97XEH4x4watkWDAd2Mvk2iSrDsVS3y5XchBjEgl +dgeI362RcQ= =PcUu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce