Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.7 container updates
Red Hat Advanced Cluster Management for Kubernetes 2.11.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/release_notes/ Security fixes: * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) * crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866) * golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)
Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.7 container updates
Description
Red Hat Advanced Cluster Management for Kubernetes 2.11.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/release_notes/ Security fixes: * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) * crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866) * golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4666
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-22866","CVE-2025-22868","CVE-2025-22869","CVE-2025-30204"]
- Cvss Version
- null
Threat ID: 6a160972e29bf47b5063a470
Added to database: 5/26/2026, 8:58:26 PM
Last updated: 5/26/2026, 9:01:02 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.