Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-20

Updated:

2023-09-20

RHSA-2023:5095 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Type/Severity

Security Advisory: Moderate

Topic

Logging Subsystem 5.6.11 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.6.11 - Red Hat OpenShift

Security Fix(es):

  • openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly

CVEs

  • CVE-2023-3899
  • CVE-2023-4456
  • CVE-2023-32360
  • CVE-2023-34969

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:c75d063f2a816c7ff21dc6f1e5a7133be133321a2bfad21990e1a818ae88179b

openshift-logging/elasticsearch-proxy-rhel8@sha256:39f3cee8f0f11c54d3501bac4b74378a701311a2fe3fac7eed396f2d2707feb6

openshift-logging/elasticsearch-rhel8-operator@sha256:0cf3435cda3871fc5c566762003a77d8190576ffb184823fbdaf18eca2bec4ef

openshift-logging/elasticsearch6-rhel8@sha256:d963e1ca9cf82b0adf958dc2c6f19e98b3dd0860ce6dc6174cd672864d671c89

openshift-logging/eventrouter-rhel8@sha256:d92f46ba59a3f6163256ce3ff76da7faa48e0fd18c0e1195efe1fb2743a894dd

openshift-logging/fluentd-rhel8@sha256:8b845aade970fea10dac8a3c1b473b19839f85f7963b2929c248fb01c028a5ec

openshift-logging/kibana6-rhel8@sha256:87f450d63901e4793aae3dca1ce3b293b37db869230b8fb84155614c984cc052

openshift-logging/log-file-metric-exporter-rhel8@sha256:512d0a35f85b988bf2bb3d6df8d629bd8a56bfccebd4d70b41880684fcc00c08

openshift-logging/logging-curator5-rhel8@sha256:d2f43ef7ce23e10225269fe767fd56651b9e9a08fafb461957921c5d5a997221

openshift-logging/logging-loki-rhel8@sha256:f65ddfc93bbd08e610ddf71ae2bf3b1ec166ce820da93bbb26ea8888b78ba102

openshift-logging/logging-view-plugin-rhel8@sha256:7423f14d1abf59fa929d72e81fe03dcb29ba58b4fa153e9ec6ab2fe051fb33e7

openshift-logging/loki-rhel8-operator@sha256:bd6b5585377b1ab504f8ba2c41b6b81c441d834ee661499129d499bfe3aba8a1

openshift-logging/lokistack-gateway-rhel8@sha256:55926a454e5eafb71b991ba767f0ee3cab1c66561676b3fe0995f577b442a03e

openshift-logging/opa-openshift-rhel8@sha256:140e9914709b87b652257d8ce874e2879e017747ddebdf8c6c251869096447ab

openshift-logging/vector-rhel8@sha256:bde00115394dc21ea988cf4860e69d960798be597c347757cbcea4b8366d263a

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:f0ff051041584da6c2ef761828bd272c9f58bf8c5639b701e45abc29b288f4aa

openshift-logging/elasticsearch-proxy-rhel8@sha256:258d399127ea886e33fe1585ffdfcff95cc1feef6ab237e64b517c8c6aec7c0c

openshift-logging/elasticsearch-rhel8-operator@sha256:53a003b0efbf8d28e6b3bb7693be3dc549737e0c67d17f5a659ac5d1ee2e918a

openshift-logging/elasticsearch6-rhel8@sha256:765aca0252526b59856f8806f3e28e93d5f4dd345c62d0e19e3602f0037ee16c

openshift-logging/eventrouter-rhel8@sha256:3a2573d7793ac4c9c7e52fe33597d68813cc02a22f8e1d4fe35d7a62054ebf9a

openshift-logging/fluentd-rhel8@sha256:41b9ea937802284ec6aea228935104a6f87270e529ffbd205355cfe7151cb091

openshift-logging/kibana6-rhel8@sha256:58d912e9d0241e04baf03f6fe813ea243470f184b1e730c046f4677f70c4df2d

openshift-logging/log-file-metric-exporter-rhel8@sha256:373a9e9d4176e5b7cb41eff8b12a4e6dff3961cd595fac64c51ddfbb918dd37c

openshift-logging/logging-curator5-rhel8@sha256:4e07c13ddfce490b7b2c7463cf0754d06baa78d6d33e61d02c5a7857b259df87

openshift-logging/logging-loki-rhel8@sha256:0dadb12e278d85945f8868154b605d0acb558f8349a6ea3224a3df9501ab3743

openshift-logging/logging-view-plugin-rhel8@sha256:559ca0c16bc794e3d30c9a833bf61a566620006b526670597eb56e3dc6d28f71

openshift-logging/loki-rhel8-operator@sha256:b82c4ee5508647d4649be22221362131670fb7858a73f63225dbc132be6e583b

openshift-logging/lokistack-gateway-rhel8@sha256:4b6b7d4509a7370bc7c4faca87ca16fd63b8bb155a9ba7d7840f8d1f81413ae3

openshift-logging/opa-openshift-rhel8@sha256:2c0ca3d7d8b380607cf9c8026ad732f51745f0dccbdefd61ee357c63b3823a75

openshift-logging/vector-rhel8@sha256:74e137cf661b094a8ce379e994a0e1554b8d96f1f375d122aa1df1896e655bb3

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:c703d84c4ab1395dc145d0d06ca8ca9b2f1e4fc9e66ed9549b41e72f213bd806

openshift-logging/elasticsearch-proxy-rhel8@sha256:da4bf72b90f15aa1a2f69dbbd2222ce927bbdc0107fe0c25b0fb5b0aac8b53c8

openshift-logging/elasticsearch-rhel8-operator@sha256:771fc09ef5e3d2c9fa7d66228a09b508b00ccfdac4ca4a231f34ae7892bf0bf0

openshift-logging/elasticsearch6-rhel8@sha256:e249742492ce8464e19642cf694ca389f08e9472a783fcd938e3015723b63dad

openshift-logging/eventrouter-rhel8@sha256:e80b75ff15ec38a5356ca84c3c14b936c0057f2138fd2501f872ca973ebd4930

openshift-logging/fluentd-rhel8@sha256:f56de41807fa467eb922aeea1b1d68e547d373c4938d6ac6933573fc59854f11

openshift-logging/kibana6-rhel8@sha256:a3afe6f40d3e0abcb7f0d5eb86a09d3469b42d7fb1df14dd4c52d356203ad5e1

openshift-logging/log-file-metric-exporter-rhel8@sha256:c9871c2a75312a9ae72973f250636aad5454ae1b882f4003014724341ab5b243

openshift-logging/logging-curator5-rhel8@sha256:5cf428734983e9f091fdbbede036fa727f7b2e2d91bfbb07a00f060af203c1ec

openshift-logging/logging-loki-rhel8@sha256:653ee5c5ec2731ff97ed9f5a0136988fc7709328540cc7333aabf71fa3c1d05f

openshift-logging/logging-view-plugin-rhel8@sha256:f639b7ff6b13176de9d46e8a5f3f45566ef92b59c2b6c50de4aa42ce12b1b981

openshift-logging/loki-rhel8-operator@sha256:43bfde455404342d701b2bbac40e304732a28fcda6b828d88cdbbbc8e57bb33b

openshift-logging/lokistack-gateway-rhel8@sha256:cc4e827515ea69ae3cf00862b893f454f2379ceb82910072422c789d697b94ba

openshift-logging/opa-openshift-rhel8@sha256:ce96442425427209a3dcfa93138348ea7150c8ae3464688e5af563c6109cdd0d

openshift-logging/vector-rhel8@sha256:fdd0381e3de684f4daf89533626c0f681527ebb04538b5263992ea0a7242bf9e

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:5a6ffb1865454946ef5b7faff627a028203e57cd290b7b51871f86ed520a2574

openshift-logging/cluster-logging-rhel8-operator@sha256:55cb53dda2fdd6a62b701207beab25472810834a8249ebfb368d966e812cd198

openshift-logging/elasticsearch-operator-bundle@sha256:3c70f6492692c6c3d403311c2cd4787295b065657d413ad80cdf398a0fda61d2

openshift-logging/elasticsearch-proxy-rhel8@sha256:90d75ce69beadfebf2ee8e567a1fb579d988139d41dd016020c7ccb4ec8bd901

openshift-logging/elasticsearch-rhel8-operator@sha256:06a9be2c8cc28b5c49cbabd3e76889be09985fa5c14a437ab983efdd5872bebd

openshift-logging/elasticsearch6-rhel8@sha256:6b5be2744b6525e7315124c387eb20daf8c771b4c74d3a9f5eef63bd21f4868c

openshift-logging/eventrouter-rhel8@sha256:ebb67914a1e23ecfd460549c5f3282169f089fc7529d6eb90ba2a21f70c417bd

openshift-logging/fluentd-rhel8@sha256:55bc292cd30d393af89f3f9c2aac2c1467361b71c3e75d7a2b59e7688b5efb54

openshift-logging/kibana6-rhel8@sha256:c47bbe4b9e7b711ef16d9c4235147d635320e67635563dfb883a80951b5524b4

openshift-logging/log-file-metric-exporter-rhel8@sha256:810855cc1f54127c4852584b6ccef35ebde2196dfb0bf76697ab0cb2ec73efa5

openshift-logging/logging-curator5-rhel8@sha256:e7446efc7aea76984bdd9278905648d13e336c1631c4e8bc3c28de6731f7a810

openshift-logging/logging-loki-rhel8@sha256:8faddaada3c9c09b0eea47d50148d8df5142f6e2402576d3621ed6b205c78137

openshift-logging/logging-view-plugin-rhel8@sha256:92f0016e617686b886ae910aeb839ef1f6d4adf7f7e58e7a2e0525f3886412a7

openshift-logging/loki-operator-bundle@sha256:34548defdbef958c47268e0f739dd543cff7db12c7ab730b7c818d03239fb6b3

openshift-logging/loki-rhel8-operator@sha256:ee28711eba80c62cced4344ab9c55da7e288d8a5dc9f85c3a09c3c34497e1ad6

openshift-logging/lokistack-gateway-rhel8@sha256:46243fa3682e147422a1be0e15b6991ea152b11e96bd3f26e85e1d6a0f47d747

openshift-logging/opa-openshift-rhel8@sha256:e74bbe496081e66143e4061e33b1e0bdd086de27a90e4425aee3b3204127adab

openshift-logging/vector-rhel8@sha256:85f85e63d14c2124a06868d4fa8909c5c554bf3c19b9912e84dcaa3caa1f5e5a

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5480-01

Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.

RHSA-2023:5447: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.

Red Hat Security Advisory 2023-5376-01

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5314-01

Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5095-01

Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-5096-01

Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:5096: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:5175: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update

Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

Red Hat Security Advisory 2023-5001-01

Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6361-1

Ubuntu Security Notice 6361-1 - It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.

RHSA-2023:4933: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:5001: Red Hat Security Advisory: OpenShift Container Platform 4.11.49 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...

Red Hat Security Advisory 2023-5103-01

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4893-01

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2023-4730-01

Red Hat Security Advisory 2023-4730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10.

RHSA-2023:4921: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update

A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...

RHSA-2023:4892: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

Red Hat Security Advisory 2023-4864-01

Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2023-4838-01

Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2023-4769-01

Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

RHSA-2023:4768: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

RHSA-2023:4771: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

RHSA-2023:4766: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

Red Hat Security Advisory 2023-4720-01

Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.

Red Hat Security Advisory 2023-4706-01

Red Hat Security Advisory 2023-4706-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4705-01

Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

RHSA-2023:4701: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loca...

RHSA-2023:4703: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a signific...

CVE-2023-4456: cve-details

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-4498-01

Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

CVE-2023-32363: About the security content of macOS Ventura 13.4

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

CVE-2023-32369: About the security content of macOS Big Sur 11.7.7

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system

CVE-2023-27940: About the security content of macOS Monterey 12.6.6

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections

CVE-2023-34969: CVE-2023-xxxxx: dbus-daemon crashes when a monitor is active and a message from the driver cannot be delivered (#457) · Issues · dbus / dbus · GitLab

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.