[RHSA-2023:0632-01] Moderate: Red Hat OpenShift (Logging Subsystem) security update
Security announcements for all Red Hat products and services.
rhsa-announce at redhat.com
Wed Feb 15 12:28:48 UTC 2023
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift (Logging Subsystem) security update
Advisory ID: RHSA-2023:0632-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0632
Issue date: 2023-02-15
CVE Names: CVE-2022-4883 CVE-2022-23521 CVE-2022-30123
CVE-2022-40303 CVE-2022-40304 CVE-2022-41717
CVE-2022-41903 CVE-2022-44617 CVE-2022-46285
CVE-2022-47629 CVE-2023-21835 CVE-2023-21843
=====================================================================
1. Summary:
An update is now available for the Logging subsystem for Red Hat OpenShift
5.4.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Logging Subsystem 5.4.11 - Red Hat OpenShift
Security Fix(es):
* rubygem-rack: crafted requests can cause shell escape sequences
(CVE-2022-30123)
* golang: net/http: An attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
5. References:
https://access.redhat.com/security/cve/CVE-2022-4883
https://access.redhat.com/security/cve/CVE-2022-23521
https://access.redhat.com/security/cve/CVE-2022-30123
https://access.redhat.com/security/cve/CVE-2022-40303
https://access.redhat.com/security/cve/CVE-2022-40304
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-41903
https://access.redhat.com/security/cve/CVE-2022-44617
https://access.redhat.com/security/cve/CVE-2022-46285
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/cve/CVE-2023-21835
https://access.redhat.com/security/cve/CVE-2023-21843
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY+zQANzjgjWX9erEAQiH1g//X870GJDPdbNfdY26uTCuTK2PebCDghmn
aHyyZUj1dt0EGxtNsjqcG3ivrgbaSEhEOnQaE3IkRQoEK8XWVFtodr8fw6VnFHSG
rrgKn/Kl4zHaDpIRRFPpImHBEUYJiXYh2AX9+IASkvi8/J90enitS8S1cCYRQmTO
DS3CHnpKa1EmlVZaD5DqZacoQl7n8rHZRXtMQ9oel2FuymSXEUHkBQSYfPLLLjuP
yOTeYi5jn3JWH3xSzCzi65jm0P3n6IzQqKU45Hn8fMbNbcoTrl+Q1QMuCwxQLjQr
mfHO+U8nmGbqoLcvazMcOQ5UFyX/R4WJkef19BxUiCiH2xCsl1k2bmFn7Ofu5Q5E
0s6+DNx2s6BMP2DBTvFggYNoEaz6uP0yPnYuCKX0PPp+lgydMcE4FPO2hLjhOTr/
5nFaQW8tHMJ1zFUmrux8xnPBf5W6ivaa5tKJV1u6BCJSi7PcGcd1a+cq3HaUOpqr
CFZtKsLr+/yQBSZlRDpurbpwK+499/fU/R5M3ya3Rswa7XuA7uEzsYceZ8rsXk34
n94845yMc9OL57rw0Ld5shgH8G8IFULrorcS+Yj0LL6yZa4zKpGdqawsiG2X7E+j
BD9y5xpmQ3tqwcjP7LcIKFq/9Xcc9g4F99bu4BNGV7+DzdMFFIgCGpdkO8JrjNVW
EgMXmUtLcsI=
=cn0O
-----END PGP SIGNATURE-----
More information about the RHSA-announce
mailing list