-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: RHACS 4.2 enhancement and security update Advisory ID: RHSA-2023:5206-01 Product: Red Hat Advanced Cluster Security for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:5206 Issue date: 2023-09-18 CVE Names: CVE-2023-3899 CVE-2023-4958 ==================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security (RHACS). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The release of RHACS 4.2 provides these changes: Security Fix(es): * stackrox: Missing HTTP security headers allows for clickjacking in web UI (CVE-2023-4958) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. New Features RHACS 4.2 includes the following new features, improvements, and updates: Platform * Bring your own PostgreSQL database for RHACS Central (Technology Preview) * The CORE BPF collection method is now GA * RHACS Product usage report * Performance improvements for the Compliance dashboard Vulnerability management * Vulnerability scanning support for Registry Mirrors in OpenShift Container Platform * Configure delegated image scanning in the RHACS portal * Define new system policies using CVE age or fixability * On-demand and downloadable CVE report in Vulnerability Management 2.0 * Scanner supports additional operating systems Network Security * Improvements to runtime network policy generation * Build time Network Policy tools (Technology Preview) * New Listening Endpoints menu in the RHACS portal * Viewing network policy YAML files from a violation For notable technical changes, deprecated and removed features, and bug fixes, see the Release Notes. 3. Solution: To take advantage of the new features, bug fixes, and enhancements in RHACS 4.2, you are advised to upgrade to RHACS 4.2. 4. Bugs fixed (https://bugzilla.redhat.com/): 1990363 - CVE-2023-4958 stackrox: Missing HTTP security headers allows for clickjacking in web UI 5. JIRA issues fixed (https://issues.redhat.com/): ROX-19688 - Release RHACS 4.2.0 6. References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4958 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/acs/4.2/release_notes/42-release-notes.html 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCMCzAAoJENzjgjWX9erE9nsP/2dReLsQAuUwxUcG9+a0j71r XjF9h9IJwBt1mmVPtWNwc9aSvpDVRuurqgcQa4RqpOcxN5fVBIGaZpwr9MqhAWQh rQV0Nc+bEC5aD+IwMalPWDJNL74ssR/gEWM0tTsf0+fI2Hd/oJPfbl+sqEAAbYvP mi4zc2Fujzbtq9xscdX4xPRAAq4FsFhsx/grMWXLhXN6a/FRTsOBpNuev1E/bPad bELo/oZUimw0+KrttMw3fjmvL0GllYyOYaRgcRzpXaa7eCQQKkJ3hpLRTLhWP8JD RIjWTorsTGl+3bStTwvtto/wUbov245Hsslp1/Il98z3jp62xDvRiFqPCJ3+Vvgk NZgeF0EKmMThbWbjXEF03GwyIbzsZLmBPNxAHeJE2utUFalsuYrAK+Xw8fDa3sWF Bdj9/iDU0/dT1e+IvOHnD7Nz3LFjkTByiZ4U+hZlqFPURV6vw3KTTxhmE0ehJNVs BU0IBldZR3QG5S756SCQskGO2CtjYEDiXn3SD0F+K/lgdzUm3maZEOUI9kQuBzWk gpPodck/GO7Mxq/pvWBBa3Hi8MsGSSLHGWRoYvUh2B69D2deXrDvDocOjOQMahkw UiYrKo1lGliA+gngBKAtSW1QmyszVl9MgUmNTAaBHiLTcWo2U+MOJB3gOZUm7F31 qdjeU+Utk/wkgWjYtUSO =xcyG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce