Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4933: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#auth#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-13

Updated:

2023-09-13

RHSA-2023:4933 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Type/Severity

Security Advisory: Moderate

Topic

Logging Subsystem 5.7.6 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.7.6 - Red Hat OpenShift

Security Fix(es):

  • openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly
  • LOG-4413 - Warning in Vector logs sending logs to Splunk
  • LOG-4459 - [release-5.7] Search content disappears when link is copy pasted or shared with other user with opened with similar permissions on project.
  • LOG-4460 - Loki custom labelKeys is causing vector to enter CrashLoopBackOff state
  • LOG-4501 - Modify max_read_bytes for Vector not releasing deleted file handles
  • LOG-4456 - [release-5.7] Loki search does not allow special chars

CVEs

  • CVE-2023-3899
  • CVE-2023-4456
  • CVE-2023-32360
  • CVE-2023-34969

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:60d24e5b2fa078b2e3d26468f5c80858472e124daaeefff7a9f59bf6cd2395d1

openshift-logging/elasticsearch-proxy-rhel8@sha256:ab8fc16f9f27fd1166d218fea5e52bc81909e21d5da1581f2c5fa39ac490310b

openshift-logging/elasticsearch-rhel8-operator@sha256:05e7e735cfef58ebb3f5ac0f31609d8d5e80550dd69a15325e59a3fe7b3270ad

openshift-logging/elasticsearch6-rhel8@sha256:082003b90967023baf565f7d18278f3d93372bece6c2e7e7da936041eaff6609

openshift-logging/eventrouter-rhel8@sha256:42ff90e8b9b7da478fc59f85530ad5726c20306503b215a3865108706640bf4a

openshift-logging/fluentd-rhel8@sha256:d54d08c62dafd8760ec570005ea9bf9fc67d9aff4181a87ce5842c6dc3956fff

openshift-logging/kibana6-rhel8@sha256:2cfdafd82f656e39699c742ed017c1e45a622cee3f8ffda63802d45995ded4c6

openshift-logging/log-file-metric-exporter-rhel8@sha256:b8d441bff7859649f0badba06a4f4d72624524a2680a9fc0587dd94e57379351

openshift-logging/logging-curator5-rhel8@sha256:7e056c3606039b3c798d9fadb9737ed829c45f76815e7500a6a8d130ebe7e600

openshift-logging/logging-loki-rhel8@sha256:6f15d923128e1001bed65bd354a0860923e73af7d047b62e057610bb8c20545d

openshift-logging/logging-view-plugin-rhel8@sha256:9b026b58b4b3a75280b05b67c4d11752660bd9f41705ee524763231f3391b696

openshift-logging/loki-rhel8-operator@sha256:b7d54fb11ef50e78a0eda175a4229b83fd50a61b7626fe8d8f515558f80add81

openshift-logging/lokistack-gateway-rhel8@sha256:1ba0cb1537fdd578283540cb22b467079729a9a6903d865815f8c076344af351

openshift-logging/opa-openshift-rhel8@sha256:c05516fda258578b0cf07b91c138daf043df244b68756196382c136cb49bacee

openshift-logging/vector-rhel8@sha256:e1def6dbd7b23e03caffdcd001d283d102f30253be063b290c556d027c80ca67

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:d9d9edd40d764da652b7159b9c6d7fe34c1b2168d6ba1922fd599ee8fba12173

openshift-logging/elasticsearch-proxy-rhel8@sha256:26fd329b23073fe5eca65f632ca485650cd6ef74010ed9939c6cf31273734aa3

openshift-logging/elasticsearch-rhel8-operator@sha256:dbc453e2ae0687ed5322fe3381b5a1658459afa53bbfbcb062c8012c9c11631f

openshift-logging/elasticsearch6-rhel8@sha256:716696564792ad7916313462e50621a2890d46291acf9a820cd160dfac30e152

openshift-logging/eventrouter-rhel8@sha256:efcfa2fa2df96f17d32991e5c81226d02c09da7bc38457549ff333bd2cdfa54e

openshift-logging/fluentd-rhel8@sha256:d7ae350b264e402cd14abe7af72891dd868df1778104f2319b4a121839dd3cd7

openshift-logging/kibana6-rhel8@sha256:902a4472cbac68ffc47febf2516cec511a650739918aa894046bf191b226ff26

openshift-logging/log-file-metric-exporter-rhel8@sha256:a4b7b533c0868d65204de95ca4bfd6e1e66658a800833b51dc2d0b27ea543b68

openshift-logging/logging-curator5-rhel8@sha256:afae6206ed3ec26a0fd2f6834f538da05a5d8bf35aadc132d332518b99274009

openshift-logging/logging-loki-rhel8@sha256:eb560f2679098dde8920a0220699fa7366ae0a3bcbb8815df11445af9e86fe80

openshift-logging/logging-view-plugin-rhel8@sha256:f369ca2292f7be4b016314a072f00728efa54938eda4672b343084030d20a1fe

openshift-logging/loki-rhel8-operator@sha256:528e247f80a992142c431eac4d489f608a028f6fa908e16f8c6e6b90c11d6060

openshift-logging/lokistack-gateway-rhel8@sha256:be08237f71a90ae0164f6d7966affd62e21e98409e4d5c358e6fa6cd2f7925c1

openshift-logging/opa-openshift-rhel8@sha256:7d9d617a942440d5de321ccbfcb27e8b906b613dc24de2f61faf7d926ed682c4

openshift-logging/vector-rhel8@sha256:d9ff8da8afb47c90b68147123c8ca27b47d809670f545df1dd1cd527378f6a34

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:90a6709c4fdf1c289cea803ba925cb471876f826e6427ee02750978072928700

openshift-logging/elasticsearch-proxy-rhel8@sha256:f3d45015250c0a1736e6beef3f38a72a8759126d79327452bc51bdf0cb190192

openshift-logging/elasticsearch-rhel8-operator@sha256:8b3e6222b6007b1fa6d737faaa1db1b4dc5a46722dc03879239d97a43f3b165e

openshift-logging/elasticsearch6-rhel8@sha256:31d43b95f46315fcf8bafe3a58d884d3206ddfdf42e22d5aaee2c639c637fd06

openshift-logging/eventrouter-rhel8@sha256:2291fd365ed1a123478bec632bfc93fc1ed09f2b18336d9172ff770221984b2a

openshift-logging/fluentd-rhel8@sha256:00e70c239b2adf1aa83a16d9404619607bd52096c49217c24075c6e4f0bc38c5

openshift-logging/kibana6-rhel8@sha256:862d63cc35b2844d66f812ff0cf1b3a8a54739f7cfa7a5a375a433f02c6bfdb1

openshift-logging/log-file-metric-exporter-rhel8@sha256:d52ca3fd2c5dd167a05ff40457313653cb4999754de58f7900a80ccf89145624

openshift-logging/logging-curator5-rhel8@sha256:cb4dd4dcbc1f778a24a78027c5fc84b4dae2efe3bdd2884badf849f60441da6c

openshift-logging/logging-loki-rhel8@sha256:b7d151b215441ced861e6eaf8ca46e3e9214b035be15188ce3efb4597e0a72a9

openshift-logging/logging-view-plugin-rhel8@sha256:1117d6cf5c4e74d46da0409ca2c593cc57a92269fd383aaea508af24ac198a09

openshift-logging/loki-rhel8-operator@sha256:5d1af5f11dca5acca667e3717028da1a73a6ce35d1a0227b97813d77a35e36db

openshift-logging/lokistack-gateway-rhel8@sha256:59b15fee6976629ecd0cd354c2c6ca44b72d34155a4f2a9775b8fb45d84064ed

openshift-logging/opa-openshift-rhel8@sha256:4e2fe8b597f248f8ac456084ffd872d412cdc96857c0fa6daf97933ee04fda62

openshift-logging/vector-rhel8@sha256:5700f3be9837ed1bfc260966b8fe0bffaec89e1575b8c5516ce730a4ff2ca03b

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:bc33374ec25c20eef6c30e2626a7e2a5bb9565066636c0436e15f5780d05e33d

openshift-logging/cluster-logging-rhel8-operator@sha256:5e4ca2e85e65ccedb3cbdccc85e5d3a047580792772071289dd7778f60eec5eb

openshift-logging/elasticsearch-operator-bundle@sha256:2eed27008bdb8266d5585d35d24d3d61947e3fe9a0eedac140d2837cfc8cf80a

openshift-logging/elasticsearch-proxy-rhel8@sha256:9ed1228b48f27ae84e0009b2dfe9be920c9c6ac9aae97224452133f0d4a6fe34

openshift-logging/elasticsearch-rhel8-operator@sha256:2872dc5f42471979f0d78dbaa53f5b838bd34d68bd7b7f9b2621700665d1e3e2

openshift-logging/elasticsearch6-rhel8@sha256:359dbc7001bc923dd0b8a07a1fcf77133c907a8333b95834b9bc4802176bfbd2

openshift-logging/eventrouter-rhel8@sha256:bb002990d0593097aa234616c34b43a511eda9a81819e49e8ba33ff6ad7d8b7d

openshift-logging/fluentd-rhel8@sha256:efde238c40eeaf64c3f51e64f5d43fdd442c7376922c3e4c0635fe8a73951ed5

openshift-logging/kibana6-rhel8@sha256:38462153cebe2dbd92e5f352dfed0a159d6c30901d64afd30417dd80e813e19d

openshift-logging/log-file-metric-exporter-rhel8@sha256:4f6db6c0c0b2823512a385eb6e56437df095bc62da6adf78650b5a25e210f09f

openshift-logging/logging-curator5-rhel8@sha256:dab3cde1436e02b273b37b21bbca43bdd46c57c86f4731c58af95bd0378fb860

openshift-logging/logging-loki-rhel8@sha256:9624df7233fd7bcda07f5995cb6520a0c09b258cc7eb0031ad42031789d9b964

openshift-logging/logging-view-plugin-rhel8@sha256:2b1dbaf971b3daec21196f3e4009816832b46e7a0c0265884f1695af26c8b600

openshift-logging/loki-operator-bundle@sha256:0473cb1914d8c32aed717d294c3ddd972fdf75ef1b4398cb427afe3fd814738a

openshift-logging/loki-rhel8-operator@sha256:010e42b9367d3c72893316be898ebf2df2be60effe11aa2678c7bc963cc39518

openshift-logging/lokistack-gateway-rhel8@sha256:161265f4b537de0d293b7e898cdcf84285622cd7cb9ef523bb206c627c61d544

openshift-logging/opa-openshift-rhel8@sha256:8330b6ee3cdaeaea9d6b860fc7174a5830dd467ece323460d884ab1bf7449711

openshift-logging/vector-rhel8@sha256:df0e2d39184a3b40b1227610d672517d60ce850432dbd222dcbfce73caff3054

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-43057: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

RHSA-2023:5480: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.30.0 SP1 security update

Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...

Red Hat Security Advisory 2023-5421-01

Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-5376-01

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5314-01

Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5095-01

Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-5096-01

Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:5096: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Ubuntu Security Notice USN-6372-1

Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

RHSA-2023:5175: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update

Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

Ubuntu Security Notice USN-6361-1

Ubuntu Security Notice 6361-1 - It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.

RHSA-2023:5001: Red Hat Security Advisory: OpenShift Container Platform 4.11.49 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...

Red Hat Security Advisory 2023-5103-01

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

Red Hat Security Advisory 2023-4980-01

Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4980-01

Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4921-01

Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4893-01

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2023-4731-01

Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.

RHSA-2023:4892: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4864-01

Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2023-4838-01

Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2023-4769-01

Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

RHSA-2023:4766: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

Red Hat Security Advisory 2023-4720-01

Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2023-4705-01

Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4708-01

Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4704-01

Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

RHSA-2023:4705: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4708: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loc...

RHSA-2023:4707: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

CVE-2023-4456: cve-details

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Red Hat Security Advisory 2023-4603-01

Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4569-01

Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2023-4498-01

Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

CVE-2023-32363: About the security content of macOS Ventura 13.4

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

CVE-2023-27940: About the security content of macOS Monterey 12.6.6

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections

CVE-2023-32369: About the security content of macOS Big Sur 11.7.7

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system

CVE-2023-34969: CVE-2023-xxxxx: dbus-daemon crashes when a monitor is active and a message from the driver cannot be delivered (#457) · Issues · dbus / dbus · GitLab

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.