-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Gatekeeper Operator v0.2 security fixes and enhancements Advisory ID: RHSA-2023:4475-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:4475 Issue date: 2023-08-03 CVE Names: CVE-2020-24736 CVE-2022-36227 CVE-2023-1667 CVE-2023-2283 CVE-2023-3089 CVE-2023-26604 CVE-2023-27535 ===================================================================== 1. Summary: Gatekeeper Operator v0.2 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades. Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/. Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode 3. Solution: IMPORTANT: This release removes `PodSecurityPolicy` resource references, a deprecated Kubernetes construct, from the operator. Gatekeeper constraints based on the resource may no longer work. The Gatekeeper operator that is installed by the Gatekeeper operator policy has `installPlanApproval` set to `Automatic`. This setting means the operator is upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting to `Manual`, then you must view each cluster to manually approve the upgrade to the operator. 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkzAz/AAoJENzjgjWX9erEndsP/ifzKa5y3lM6GfDXmENg56du KQliejD5fDaVz+FJOcvzbqrSdjPV5yLsyM0G3CEWxYUvV0CXNnefkF9/cDzyXT4D kcGjGlJaM1SFg7eLI9T9rz5CLVwQi7Va/fBIxLhmDlW3gc7M2k2UmuGKHHQUFFuF uSSTMP4M3ygXComOEs2gLJkBA+PXkRRg+p0uS9+40fiPWZKIScjrDsous702uSGu ynITaReQJfegN7Thv6IAuZ7iJxIJKYTjYPOgU3Mj9p1jAR2a7MUWCYdxwmTnfmkV W1flnlAOVZcdRniOiLlj7bN3wnHFvNjyHbeWBCE205abg2EPZvjj9lPNCdkcPLSc OHcfIG+I22GMfkIwHCE+WsCRtpoBvERfn2fC5up+ghmI1nTqX1Bna7wGh9+KnHxk bQZvJxXZx+7S1HO/OUjqDwaTP0vHuFfPjwEzWuVNtbuUxJhhLurUInOSG9FEqxsy m7piV7q/GgXxIJnD/mt3izseINRtrm/2iz6UDipcpGi4TeaoPMhene2vv40k9tGA ezT2pyzsQnJVQesVHtWmNjNYzbpbAcYU5OO4Stt29l51uz1cbA+Rg8q8BM9MjpHT 9ueMyZn47SJaGXZCLToHiJ1JbuDMcsErBH9lBnOsAehEImD2NTDMs01H+PFlFzAX 8nDmKe1nqsDI7ca0SwEC =JlO4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce