-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release
Advisory ID:       RHSA-2023:4720-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4720
Issue date:        2023-08-23
CVE Names:         CVE-2020-24736 CVE-2023-1667 CVE-2023-2283
                   CVE-2023-2602 CVE-2023-2603 CVE-2023-4065
                   CVE-2023-4066 CVE-2023-26604 CVE-2023-27536
                   CVE-2023-28321 CVE-2023-28484 CVE-2023-29469
                   CVE-2023-32681 CVE-2023-34969
====================================================================
1. Summary:

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and
associated container images on Red Hat Enterprise Linux 8 for the OpenShift
Container Platform.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Middleware for OpenShift provides images for many of the Red Hat
Middleware products for use within the OpenShift Container Platform cloud
computing Platform-as-a-Service (PaaS) for on-premise or private cloud
deployments.

This release of the AMQ Broker 7.11.1 aligned Operator includes security
and bug fixes, and enhancements. For further information, refer to the
release notes linked to in the References section.

Security Fix(es):

* amq-broker-operator-container: Red Hat AMQ Broker Operator: plaintext
password in operator log (CVE-2023-4065)

* activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined
in secrets shown in StatefulSet yaml (CVE-2023-4066)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

For information on supported configurations, see Red Hat AMQ Broker 7
Supported Configurations at https://access.redhat.com/articles/2791941

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log
2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml

5. JIRA issues fixed (https://issues.redhat.com/):

ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-4065
https://access.redhat.com/security/cve/CVE-2023-4066
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-27536
https://access.redhat.com/security/cve/CVE-2023-28321
https://access.redhat.com/security/cve/CVE-2023-28484
https://access.redhat.com/security/cve/CVE-2023-29469
https://access.redhat.com/security/cve/CVE-2023-32681
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_amq_broker/

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk5nCIAAoJENzjgjWX9erEpDoP/3aD3YllQ8QZQtrzg0PUfOql
ElVQW456eRzOAuD44axM2ShM2WbkXOxl9z3HcxqpO9iyOvAFTXBnWib6Rjc/OVuZ
5cj/v0AaZ0xJbHzKELpLZqHAMh24B4cVd0PZ41QM9i4bTomSihX+W035U/gnnJuT
CjQvaNY1MoZVUK7J5eIhCurSQtH7jLYi7VXCtkViaTifu0fw63NKKvm3hwm7mmSG
ADWCoyZFl+6VsPmjbFfOCLEjs3/yjsPctFfmAFTEwKZTHZONLzIQCLA0BR3czwU7
9fGD+UNzJ4nobelP7Tjd3IIv+G2WM+u97Da0vS7/3DBSeETYABcpM74ftyoOG1pg
B+wcMxzAid0iWrIbiFZkxg5xatjTs8I3hw3n1/n4hgTbz7vauy5cLJ4963RBAQEh
VQW2A+xh0XUOY9kY/6kHPjx5b6CqfhS9JG2fxRCFPuJGl0uNEzGEztc1yCjt0Yw8
eeLhI6XCkwzcPLiHMpx/7uMMzlk2Kh74DHg4x1h3pYreUbf7ppjY2YoSWuGJlddu
5ehMmtfV+8310htygdIfnt3HyP+nBqir9ptwXf4L5afeNdkIzZCLuy0A6/AaKOUJ
8rfRSmBc+JTessL5+BOMCccQFdf7HDCD4CckGaKjDRWAXUzzpEtXV9/0wryh7mmf
7TDWMk48Klzq3qHxZN7A
=eJ9v
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce