Headline
RHSA-2023:4933: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update
Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-13
Updated:
2023-09-13
RHSA-2023:4933 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: Logging Subsystem 5.7.6 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 5.7.6 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Logging Subsystem 5.7.6 - Red Hat OpenShift
Security Fix(es):
- openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
- Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
- Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
- Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x
Fixes
- BZ - 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly
- LOG-4413 - Warning in Vector logs sending logs to Splunk
- LOG-4459 - [release-5.7] Search content disappears when link is copy pasted or shared with other user with opened with similar permissions on project.
- LOG-4460 - Loki custom labelKeys is causing vector to enter CrashLoopBackOff state
- LOG-4501 - Modify max_read_bytes for Vector not releasing deleted file handles
- LOG-4456 - [release-5.7] Loki search does not allow special chars
CVEs
- CVE-2023-3899
- CVE-2023-4456
- CVE-2023-32360
- CVE-2023-34969
aarch64
openshift-logging/cluster-logging-rhel8-operator@sha256:60d24e5b2fa078b2e3d26468f5c80858472e124daaeefff7a9f59bf6cd2395d1
openshift-logging/elasticsearch-proxy-rhel8@sha256:ab8fc16f9f27fd1166d218fea5e52bc81909e21d5da1581f2c5fa39ac490310b
openshift-logging/elasticsearch-rhel8-operator@sha256:05e7e735cfef58ebb3f5ac0f31609d8d5e80550dd69a15325e59a3fe7b3270ad
openshift-logging/elasticsearch6-rhel8@sha256:082003b90967023baf565f7d18278f3d93372bece6c2e7e7da936041eaff6609
openshift-logging/eventrouter-rhel8@sha256:42ff90e8b9b7da478fc59f85530ad5726c20306503b215a3865108706640bf4a
openshift-logging/fluentd-rhel8@sha256:d54d08c62dafd8760ec570005ea9bf9fc67d9aff4181a87ce5842c6dc3956fff
openshift-logging/kibana6-rhel8@sha256:2cfdafd82f656e39699c742ed017c1e45a622cee3f8ffda63802d45995ded4c6
openshift-logging/log-file-metric-exporter-rhel8@sha256:b8d441bff7859649f0badba06a4f4d72624524a2680a9fc0587dd94e57379351
openshift-logging/logging-curator5-rhel8@sha256:7e056c3606039b3c798d9fadb9737ed829c45f76815e7500a6a8d130ebe7e600
openshift-logging/logging-loki-rhel8@sha256:6f15d923128e1001bed65bd354a0860923e73af7d047b62e057610bb8c20545d
openshift-logging/logging-view-plugin-rhel8@sha256:9b026b58b4b3a75280b05b67c4d11752660bd9f41705ee524763231f3391b696
openshift-logging/loki-rhel8-operator@sha256:b7d54fb11ef50e78a0eda175a4229b83fd50a61b7626fe8d8f515558f80add81
openshift-logging/lokistack-gateway-rhel8@sha256:1ba0cb1537fdd578283540cb22b467079729a9a6903d865815f8c076344af351
openshift-logging/opa-openshift-rhel8@sha256:c05516fda258578b0cf07b91c138daf043df244b68756196382c136cb49bacee
openshift-logging/vector-rhel8@sha256:e1def6dbd7b23e03caffdcd001d283d102f30253be063b290c556d027c80ca67
ppc64le
openshift-logging/cluster-logging-rhel8-operator@sha256:d9d9edd40d764da652b7159b9c6d7fe34c1b2168d6ba1922fd599ee8fba12173
openshift-logging/elasticsearch-proxy-rhel8@sha256:26fd329b23073fe5eca65f632ca485650cd6ef74010ed9939c6cf31273734aa3
openshift-logging/elasticsearch-rhel8-operator@sha256:dbc453e2ae0687ed5322fe3381b5a1658459afa53bbfbcb062c8012c9c11631f
openshift-logging/elasticsearch6-rhel8@sha256:716696564792ad7916313462e50621a2890d46291acf9a820cd160dfac30e152
openshift-logging/eventrouter-rhel8@sha256:efcfa2fa2df96f17d32991e5c81226d02c09da7bc38457549ff333bd2cdfa54e
openshift-logging/fluentd-rhel8@sha256:d7ae350b264e402cd14abe7af72891dd868df1778104f2319b4a121839dd3cd7
openshift-logging/kibana6-rhel8@sha256:902a4472cbac68ffc47febf2516cec511a650739918aa894046bf191b226ff26
openshift-logging/log-file-metric-exporter-rhel8@sha256:a4b7b533c0868d65204de95ca4bfd6e1e66658a800833b51dc2d0b27ea543b68
openshift-logging/logging-curator5-rhel8@sha256:afae6206ed3ec26a0fd2f6834f538da05a5d8bf35aadc132d332518b99274009
openshift-logging/logging-loki-rhel8@sha256:eb560f2679098dde8920a0220699fa7366ae0a3bcbb8815df11445af9e86fe80
openshift-logging/logging-view-plugin-rhel8@sha256:f369ca2292f7be4b016314a072f00728efa54938eda4672b343084030d20a1fe
openshift-logging/loki-rhel8-operator@sha256:528e247f80a992142c431eac4d489f608a028f6fa908e16f8c6e6b90c11d6060
openshift-logging/lokistack-gateway-rhel8@sha256:be08237f71a90ae0164f6d7966affd62e21e98409e4d5c358e6fa6cd2f7925c1
openshift-logging/opa-openshift-rhel8@sha256:7d9d617a942440d5de321ccbfcb27e8b906b613dc24de2f61faf7d926ed682c4
openshift-logging/vector-rhel8@sha256:d9ff8da8afb47c90b68147123c8ca27b47d809670f545df1dd1cd527378f6a34
s390x
openshift-logging/cluster-logging-rhel8-operator@sha256:90a6709c4fdf1c289cea803ba925cb471876f826e6427ee02750978072928700
openshift-logging/elasticsearch-proxy-rhel8@sha256:f3d45015250c0a1736e6beef3f38a72a8759126d79327452bc51bdf0cb190192
openshift-logging/elasticsearch-rhel8-operator@sha256:8b3e6222b6007b1fa6d737faaa1db1b4dc5a46722dc03879239d97a43f3b165e
openshift-logging/elasticsearch6-rhel8@sha256:31d43b95f46315fcf8bafe3a58d884d3206ddfdf42e22d5aaee2c639c637fd06
openshift-logging/eventrouter-rhel8@sha256:2291fd365ed1a123478bec632bfc93fc1ed09f2b18336d9172ff770221984b2a
openshift-logging/fluentd-rhel8@sha256:00e70c239b2adf1aa83a16d9404619607bd52096c49217c24075c6e4f0bc38c5
openshift-logging/kibana6-rhel8@sha256:862d63cc35b2844d66f812ff0cf1b3a8a54739f7cfa7a5a375a433f02c6bfdb1
openshift-logging/log-file-metric-exporter-rhel8@sha256:d52ca3fd2c5dd167a05ff40457313653cb4999754de58f7900a80ccf89145624
openshift-logging/logging-curator5-rhel8@sha256:cb4dd4dcbc1f778a24a78027c5fc84b4dae2efe3bdd2884badf849f60441da6c
openshift-logging/logging-loki-rhel8@sha256:b7d151b215441ced861e6eaf8ca46e3e9214b035be15188ce3efb4597e0a72a9
openshift-logging/logging-view-plugin-rhel8@sha256:1117d6cf5c4e74d46da0409ca2c593cc57a92269fd383aaea508af24ac198a09
openshift-logging/loki-rhel8-operator@sha256:5d1af5f11dca5acca667e3717028da1a73a6ce35d1a0227b97813d77a35e36db
openshift-logging/lokistack-gateway-rhel8@sha256:59b15fee6976629ecd0cd354c2c6ca44b72d34155a4f2a9775b8fb45d84064ed
openshift-logging/opa-openshift-rhel8@sha256:4e2fe8b597f248f8ac456084ffd872d412cdc96857c0fa6daf97933ee04fda62
openshift-logging/vector-rhel8@sha256:5700f3be9837ed1bfc260966b8fe0bffaec89e1575b8c5516ce730a4ff2ca03b
x86_64
openshift-logging/cluster-logging-operator-bundle@sha256:bc33374ec25c20eef6c30e2626a7e2a5bb9565066636c0436e15f5780d05e33d
openshift-logging/cluster-logging-rhel8-operator@sha256:5e4ca2e85e65ccedb3cbdccc85e5d3a047580792772071289dd7778f60eec5eb
openshift-logging/elasticsearch-operator-bundle@sha256:2eed27008bdb8266d5585d35d24d3d61947e3fe9a0eedac140d2837cfc8cf80a
openshift-logging/elasticsearch-proxy-rhel8@sha256:9ed1228b48f27ae84e0009b2dfe9be920c9c6ac9aae97224452133f0d4a6fe34
openshift-logging/elasticsearch-rhel8-operator@sha256:2872dc5f42471979f0d78dbaa53f5b838bd34d68bd7b7f9b2621700665d1e3e2
openshift-logging/elasticsearch6-rhel8@sha256:359dbc7001bc923dd0b8a07a1fcf77133c907a8333b95834b9bc4802176bfbd2
openshift-logging/eventrouter-rhel8@sha256:bb002990d0593097aa234616c34b43a511eda9a81819e49e8ba33ff6ad7d8b7d
openshift-logging/fluentd-rhel8@sha256:efde238c40eeaf64c3f51e64f5d43fdd442c7376922c3e4c0635fe8a73951ed5
openshift-logging/kibana6-rhel8@sha256:38462153cebe2dbd92e5f352dfed0a159d6c30901d64afd30417dd80e813e19d
openshift-logging/log-file-metric-exporter-rhel8@sha256:4f6db6c0c0b2823512a385eb6e56437df095bc62da6adf78650b5a25e210f09f
openshift-logging/logging-curator5-rhel8@sha256:dab3cde1436e02b273b37b21bbca43bdd46c57c86f4731c58af95bd0378fb860
openshift-logging/logging-loki-rhel8@sha256:9624df7233fd7bcda07f5995cb6520a0c09b258cc7eb0031ad42031789d9b964
openshift-logging/logging-view-plugin-rhel8@sha256:2b1dbaf971b3daec21196f3e4009816832b46e7a0c0265884f1695af26c8b600
openshift-logging/loki-operator-bundle@sha256:0473cb1914d8c32aed717d294c3ddd972fdf75ef1b4398cb427afe3fd814738a
openshift-logging/loki-rhel8-operator@sha256:010e42b9367d3c72893316be898ebf2df2be60effe11aa2678c7bc963cc39518
openshift-logging/lokistack-gateway-rhel8@sha256:161265f4b537de0d293b7e898cdcf84285622cd7cb9ef523bb206c627c61d544
openshift-logging/opa-openshift-rhel8@sha256:8330b6ee3cdaeaea9d6b860fc7174a5830dd467ece323460d884ab1bf7449711
openshift-logging/vector-rhel8@sha256:df0e2d39184a3b40b1227610d672517d60ce850432dbd222dcbfce73caff3054
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...
Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
Ubuntu Security Notice 6361-1 - It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.
Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...
An update for subscription-manager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loc...
An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.