From neuvector-updates at lists.suse.com Fri Oct 6 13:43:25 2023 From: neuvector-updates at lists.suse.com (NeuVector Updates for new release and security updates for the NeuVector container security platform) Date: Fri, 6 Oct 2023 13:43:25 +0000 Subject: [Security Advisory] 5.2.2 Release Remediates Critical CVE-2023-32188 Message-ID: To the NeuVector Technical Update subscribers, We?re happy to inform you that the v5.2.2 release of NeuVector is now available. This release fixes a critical vulnerability (CVE-2023-32188) in the NeuVector Manager/Controller and also has several enhancements and bug fixes. CVE-2023-32188 - JWT token compromise can allow malicious actions including Remote Code Execution (RCE) ? Users are advised to upgrade immediately to v5.2.2 to auto-generate the JWT signing token and use the NeuVector Helm chart v2.6.3+ to auto-generate a new certificate for Manager/REST API. In this is not possible, users should replace the Manager and Controller certificates as documented here. For more information, please see this NeuVector security advisory on github. Please see the 5.2.2 release notes for a complete list of enhancements and bug fixes. If you are a subscriber to SUSE Support Services for NeuVector, you may contact your support team for assistance with upgrading. Best regards, The NeuVector team You are receiving this email because you are a member of the NeuVector Technical Updates mailing list. To unsubscribe or manage your subscription please go to https://lists.suse.com/mailman/listinfo/neuvector-updates -------------- next part -------------- An HTML attachment was scrubbed... URL: From neuvector-updates at lists.suse.com Thu Oct 12 16:28:54 2023 From: neuvector-updates at lists.suse.com (NeuVector Updates for new release and security updates for the NeuVector container security platform) Date: Thu, 12 Oct 2023 16:28:54 +0000 Subject: [Security Patch] NeuVector 5.2.2-s1 is now available Message-ID: To the NeuVector Technical Update subscribers, We?re happy to inform you that the v5.2.2-s1 release of NeuVector is now available. This release remediates several detected CVEs including High ones CVE-2023-38545 and CVE-2023-43804. Regards, The NeuVector team You are receiving this email because you are a member of the NeuVector Technical Updates mailing list. To unsubscribe or manage your subscription please go to https://lists.suse.com/mailman/listinfo/neuvector-updates -------------- next part -------------- An HTML attachment was scrubbed... URL: