Red Hat Security Advisory 2023-4204-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.
e28b9f4d75c6a5705f4b1069ef08aac3955a1d0c7eb2e93e2d4ebfbb62fbc557-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: VolSync 0.7.3 security fixes and enhancements
Advisory ID: RHSA-2023:4204-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4204
Issue date: 2023-07-18
CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283
CVE-2023-3089 CVE-2023-24329 CVE-2023-26604
=====================================================================
1. Summary:
VolSync v0.7.3 enhancements and security fixes
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
2. Description:
VolSync is a Kubernetes operator that enables asynchronous replication of
persistent volumes within a cluster, or across clusters. After deploying
the VolSync operator, it can create and maintain copies of your persistent
data.
For more information about VolSync, see:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/business_continuity/business-cont-overview#volsync
or the VolSync open source community website at:
https://volsync.readthedocs.io/en/stable/.
This advisory contains enhancements and updates to the VolSync
container images.
Security fix(es):
* CVE-2023-3089 openshift: OCP & FIPS mode
3. Solution:
For details on how to install VolSync, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/business_continuity/business-cont-overview#volsync-rep
4. Bugs fixed (https://bugzilla.redhat.com/):
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
5. JIRA issues fixed (https://issues.redhat.com/):
ACM-6336 - VolSync v0.7.3
6. References:
https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-24329
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/updates/classification/#moderate
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJkt2keAAoJENzjgjWX9erEKL0P/24na+zumgR7Ee/Y9VksDnX9
7TNKrwdNj4sRsOh8+QVWpcHInG/uLi3lWt7n1Xp6mOx6lG/DoO9AmiqiKFDMgCt+
kP8aakLQ+bKM/VdibJSBrB1wu+3DAJWVy7+bw2V+ivw72vBoIoz0wB5zn6Pz8SXG
I2/oWUTJM5L3p4Vk/s7mFyyp/JDbElTsZLTDPWG28Yh9YTlZoLVznymbNjlUZwj4
8zS7+EMRwje7dQKnMBOWnJvCN/wASSkBsUxZVFRYIpNYdSUSoT42sPlcoqE0dGue
nINsyBDZv7TNz/abUSO35gVCNwZZj0DLZ+thktzrHl6AYWKr7W5v6NhBEtG2quFL
74q4Apg3x/rl9421SOMdrgOvW/MWDA1foFNP/5K5fCWxBq30QSvCpgRKpIpAZ0er
rJOVLNbin+gphFd52mJV7dJo2BK6EzIoIv7Plgurdhyl2sugYVDEmxUotWF844eX
En3O2Ho/TtSDuR9CGY7wA2oxB8aPUOdbsCnKLISIl+s+uaw/2GeIMvx/MD9cepVs
aLOy+unl67NzNW7mpMcvrsEJi/mxp6hRVQwVy95LSMqw0mRxHOFOC31qZ2rD5h4L
GR7j0X7KKX7pbCZwhNFPw+WoQRlZL1aqK3GfV8lMZOLqSpaY7qWBfWe9DIik/gEO
o9BxEjx9kmvJ+ImLK1j/
=137U
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed