Headline
RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-20
Updated:
2023-09-20
RHSA-2023:5095 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: Logging Subsystem 5.6.11 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 5.6.11 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Logging Subsystem 5.6.11 - Red Hat OpenShift
Security Fix(es):
- openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
- Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
- Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
- Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x
Fixes
- BZ - 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly
CVEs
- CVE-2023-3899
- CVE-2023-4456
- CVE-2023-32360
- CVE-2023-34969
aarch64
openshift-logging/cluster-logging-rhel8-operator@sha256:c75d063f2a816c7ff21dc6f1e5a7133be133321a2bfad21990e1a818ae88179b
openshift-logging/elasticsearch-proxy-rhel8@sha256:39f3cee8f0f11c54d3501bac4b74378a701311a2fe3fac7eed396f2d2707feb6
openshift-logging/elasticsearch-rhel8-operator@sha256:0cf3435cda3871fc5c566762003a77d8190576ffb184823fbdaf18eca2bec4ef
openshift-logging/elasticsearch6-rhel8@sha256:d963e1ca9cf82b0adf958dc2c6f19e98b3dd0860ce6dc6174cd672864d671c89
openshift-logging/eventrouter-rhel8@sha256:d92f46ba59a3f6163256ce3ff76da7faa48e0fd18c0e1195efe1fb2743a894dd
openshift-logging/fluentd-rhel8@sha256:8b845aade970fea10dac8a3c1b473b19839f85f7963b2929c248fb01c028a5ec
openshift-logging/kibana6-rhel8@sha256:87f450d63901e4793aae3dca1ce3b293b37db869230b8fb84155614c984cc052
openshift-logging/log-file-metric-exporter-rhel8@sha256:512d0a35f85b988bf2bb3d6df8d629bd8a56bfccebd4d70b41880684fcc00c08
openshift-logging/logging-curator5-rhel8@sha256:d2f43ef7ce23e10225269fe767fd56651b9e9a08fafb461957921c5d5a997221
openshift-logging/logging-loki-rhel8@sha256:f65ddfc93bbd08e610ddf71ae2bf3b1ec166ce820da93bbb26ea8888b78ba102
openshift-logging/logging-view-plugin-rhel8@sha256:7423f14d1abf59fa929d72e81fe03dcb29ba58b4fa153e9ec6ab2fe051fb33e7
openshift-logging/loki-rhel8-operator@sha256:bd6b5585377b1ab504f8ba2c41b6b81c441d834ee661499129d499bfe3aba8a1
openshift-logging/lokistack-gateway-rhel8@sha256:55926a454e5eafb71b991ba767f0ee3cab1c66561676b3fe0995f577b442a03e
openshift-logging/opa-openshift-rhel8@sha256:140e9914709b87b652257d8ce874e2879e017747ddebdf8c6c251869096447ab
openshift-logging/vector-rhel8@sha256:bde00115394dc21ea988cf4860e69d960798be597c347757cbcea4b8366d263a
ppc64le
openshift-logging/cluster-logging-rhel8-operator@sha256:f0ff051041584da6c2ef761828bd272c9f58bf8c5639b701e45abc29b288f4aa
openshift-logging/elasticsearch-proxy-rhel8@sha256:258d399127ea886e33fe1585ffdfcff95cc1feef6ab237e64b517c8c6aec7c0c
openshift-logging/elasticsearch-rhel8-operator@sha256:53a003b0efbf8d28e6b3bb7693be3dc549737e0c67d17f5a659ac5d1ee2e918a
openshift-logging/elasticsearch6-rhel8@sha256:765aca0252526b59856f8806f3e28e93d5f4dd345c62d0e19e3602f0037ee16c
openshift-logging/eventrouter-rhel8@sha256:3a2573d7793ac4c9c7e52fe33597d68813cc02a22f8e1d4fe35d7a62054ebf9a
openshift-logging/fluentd-rhel8@sha256:41b9ea937802284ec6aea228935104a6f87270e529ffbd205355cfe7151cb091
openshift-logging/kibana6-rhel8@sha256:58d912e9d0241e04baf03f6fe813ea243470f184b1e730c046f4677f70c4df2d
openshift-logging/log-file-metric-exporter-rhel8@sha256:373a9e9d4176e5b7cb41eff8b12a4e6dff3961cd595fac64c51ddfbb918dd37c
openshift-logging/logging-curator5-rhel8@sha256:4e07c13ddfce490b7b2c7463cf0754d06baa78d6d33e61d02c5a7857b259df87
openshift-logging/logging-loki-rhel8@sha256:0dadb12e278d85945f8868154b605d0acb558f8349a6ea3224a3df9501ab3743
openshift-logging/logging-view-plugin-rhel8@sha256:559ca0c16bc794e3d30c9a833bf61a566620006b526670597eb56e3dc6d28f71
openshift-logging/loki-rhel8-operator@sha256:b82c4ee5508647d4649be22221362131670fb7858a73f63225dbc132be6e583b
openshift-logging/lokistack-gateway-rhel8@sha256:4b6b7d4509a7370bc7c4faca87ca16fd63b8bb155a9ba7d7840f8d1f81413ae3
openshift-logging/opa-openshift-rhel8@sha256:2c0ca3d7d8b380607cf9c8026ad732f51745f0dccbdefd61ee357c63b3823a75
openshift-logging/vector-rhel8@sha256:74e137cf661b094a8ce379e994a0e1554b8d96f1f375d122aa1df1896e655bb3
s390x
openshift-logging/cluster-logging-rhel8-operator@sha256:c703d84c4ab1395dc145d0d06ca8ca9b2f1e4fc9e66ed9549b41e72f213bd806
openshift-logging/elasticsearch-proxy-rhel8@sha256:da4bf72b90f15aa1a2f69dbbd2222ce927bbdc0107fe0c25b0fb5b0aac8b53c8
openshift-logging/elasticsearch-rhel8-operator@sha256:771fc09ef5e3d2c9fa7d66228a09b508b00ccfdac4ca4a231f34ae7892bf0bf0
openshift-logging/elasticsearch6-rhel8@sha256:e249742492ce8464e19642cf694ca389f08e9472a783fcd938e3015723b63dad
openshift-logging/eventrouter-rhel8@sha256:e80b75ff15ec38a5356ca84c3c14b936c0057f2138fd2501f872ca973ebd4930
openshift-logging/fluentd-rhel8@sha256:f56de41807fa467eb922aeea1b1d68e547d373c4938d6ac6933573fc59854f11
openshift-logging/kibana6-rhel8@sha256:a3afe6f40d3e0abcb7f0d5eb86a09d3469b42d7fb1df14dd4c52d356203ad5e1
openshift-logging/log-file-metric-exporter-rhel8@sha256:c9871c2a75312a9ae72973f250636aad5454ae1b882f4003014724341ab5b243
openshift-logging/logging-curator5-rhel8@sha256:5cf428734983e9f091fdbbede036fa727f7b2e2d91bfbb07a00f060af203c1ec
openshift-logging/logging-loki-rhel8@sha256:653ee5c5ec2731ff97ed9f5a0136988fc7709328540cc7333aabf71fa3c1d05f
openshift-logging/logging-view-plugin-rhel8@sha256:f639b7ff6b13176de9d46e8a5f3f45566ef92b59c2b6c50de4aa42ce12b1b981
openshift-logging/loki-rhel8-operator@sha256:43bfde455404342d701b2bbac40e304732a28fcda6b828d88cdbbbc8e57bb33b
openshift-logging/lokistack-gateway-rhel8@sha256:cc4e827515ea69ae3cf00862b893f454f2379ceb82910072422c789d697b94ba
openshift-logging/opa-openshift-rhel8@sha256:ce96442425427209a3dcfa93138348ea7150c8ae3464688e5af563c6109cdd0d
openshift-logging/vector-rhel8@sha256:fdd0381e3de684f4daf89533626c0f681527ebb04538b5263992ea0a7242bf9e
x86_64
openshift-logging/cluster-logging-operator-bundle@sha256:5a6ffb1865454946ef5b7faff627a028203e57cd290b7b51871f86ed520a2574
openshift-logging/cluster-logging-rhel8-operator@sha256:55cb53dda2fdd6a62b701207beab25472810834a8249ebfb368d966e812cd198
openshift-logging/elasticsearch-operator-bundle@sha256:3c70f6492692c6c3d403311c2cd4787295b065657d413ad80cdf398a0fda61d2
openshift-logging/elasticsearch-proxy-rhel8@sha256:90d75ce69beadfebf2ee8e567a1fb579d988139d41dd016020c7ccb4ec8bd901
openshift-logging/elasticsearch-rhel8-operator@sha256:06a9be2c8cc28b5c49cbabd3e76889be09985fa5c14a437ab983efdd5872bebd
openshift-logging/elasticsearch6-rhel8@sha256:6b5be2744b6525e7315124c387eb20daf8c771b4c74d3a9f5eef63bd21f4868c
openshift-logging/eventrouter-rhel8@sha256:ebb67914a1e23ecfd460549c5f3282169f089fc7529d6eb90ba2a21f70c417bd
openshift-logging/fluentd-rhel8@sha256:55bc292cd30d393af89f3f9c2aac2c1467361b71c3e75d7a2b59e7688b5efb54
openshift-logging/kibana6-rhel8@sha256:c47bbe4b9e7b711ef16d9c4235147d635320e67635563dfb883a80951b5524b4
openshift-logging/log-file-metric-exporter-rhel8@sha256:810855cc1f54127c4852584b6ccef35ebde2196dfb0bf76697ab0cb2ec73efa5
openshift-logging/logging-curator5-rhel8@sha256:e7446efc7aea76984bdd9278905648d13e336c1631c4e8bc3c28de6731f7a810
openshift-logging/logging-loki-rhel8@sha256:8faddaada3c9c09b0eea47d50148d8df5142f6e2402576d3621ed6b205c78137
openshift-logging/logging-view-plugin-rhel8@sha256:92f0016e617686b886ae910aeb839ef1f6d4adf7f7e58e7a2e0525f3886412a7
openshift-logging/loki-operator-bundle@sha256:34548defdbef958c47268e0f739dd543cff7db12c7ab730b7c818d03239fb6b3
openshift-logging/loki-rhel8-operator@sha256:ee28711eba80c62cced4344ab9c55da7e288d8a5dc9f85c3a09c3c34497e1ad6
openshift-logging/lokistack-gateway-rhel8@sha256:46243fa3682e147422a1be0e15b6991ea152b11e96bd3f26e85e1d6a0f47d747
openshift-logging/opa-openshift-rhel8@sha256:e74bbe496081e66143e4061e33b1e0bdd086de27a90e4425aee3b3204127adab
openshift-logging/vector-rhel8@sha256:85f85e63d14c2124a06868d4fa8909c5c554bf3c19b9912e84dcaa3caa1f5e5a
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.
Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...
Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 6361-1 - It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.
Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat Security Advisory 2023-4730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10.
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
An update for cups is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
An update for cups is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.
Red Hat Security Advisory 2023-4706-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
An update for subscription-manager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loca...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a signific...
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.