Headline
RHSA-2023:5096: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update
Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-20
Updated:
2023-09-20
RHSA-2023:5096 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: Logging Subsystem 5.5.16 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 5.5.16 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Logging Subsystem 5.5.16 - Red Hat OpenShift
Security Fix(es):
- openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
- Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
- Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
- Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x
Fixes
- BZ - 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly
CVEs
- CVE-2023-3899
- CVE-2023-4456
- CVE-2023-32360
- CVE-2023-34969
aarch64
openshift-logging/cluster-logging-rhel8-operator@sha256:f9e544df23ae14107e4adfc208da3d748b39fb4a765e72e2491b0d1640a7918e
openshift-logging/elasticsearch-proxy-rhel8@sha256:31a77950e79e4e17375b2dd1d5bb2f55813a5c6c7cebbd173ef8b787011062f5
openshift-logging/elasticsearch-rhel8-operator@sha256:918e53d3958aaf30f75ae507d6157727c1823f53bc61eacd867e8e11e0e98268
openshift-logging/elasticsearch6-rhel8@sha256:f1115686a45add58a5f8faeb2dbaf9cbd1c60c4cb89d70c024dd1fb6e340612c
openshift-logging/eventrouter-rhel8@sha256:f8b8e6bcd9521ba153e633dc6730d309e78f8f8efc3cf05759c0d7de383b3d34
openshift-logging/fluentd-rhel8@sha256:8664aada180bf9aa88f57f695fd92cb4e25c9a0b6fb0e7a03fcf422edd7a4acb
openshift-logging/kibana6-rhel8@sha256:21f20268bd664459363b81bd33ecc52340498860e4cd3f368b1e0bb571ec29e1
openshift-logging/log-file-metric-exporter-rhel8@sha256:443d0722b42f6a90ed736965cb5777c7735b606739d4caa7dc323a9447191c5e
openshift-logging/logging-curator5-rhel8@sha256:f22444a0ac56420fba6e45bb0958e6f122bf54c97180fe08e82f39156ee1f469
openshift-logging/logging-loki-rhel8@sha256:143dfc934a6389354465e1de0e99df6ee5fbf704666f005bffde81d7cf774685
openshift-logging/logging-view-plugin-rhel8@sha256:55b4ee143e032bae5ba30d7b51732bb387415dc3926e8ff605cd4b50076e18c9
openshift-logging/loki-rhel8-operator@sha256:0359ecf04c9cbd6632420c7bae9c55aa9cf6ae7243136eb0af7a950600acfd1c
openshift-logging/lokistack-gateway-rhel8@sha256:634152a11c598696d82de1b24643a809b4d7f236aafb7fda9bab79f62a5a5649
openshift-logging/opa-openshift-rhel8@sha256:f957517efaec638f07f5b1a8569bf7c94ee9b6bea244ea2a583126cb6c61343e
openshift-logging/vector-rhel8@sha256:776f73a26ed7f29882bdce0a3887446998857cf0f7f5d03ba48d4db0d153bd3c
ppc64le
openshift-logging/cluster-logging-rhel8-operator@sha256:ad4cf2ecb9eec91038cc3d19c605191971eca651d153754083c04c448d4103cc
openshift-logging/elasticsearch-proxy-rhel8@sha256:cd305e5973a9d4777fcede79f285ebf1774fb688796c32e91ccadfc5ad53e767
openshift-logging/elasticsearch-rhel8-operator@sha256:1c95ac01d7a279b3a54c43fed2128b9487782adc5f1837e2a45a97b82accebd2
openshift-logging/elasticsearch6-rhel8@sha256:19f3538c647ce9e048449af4fd4603eebe14d8e9ad3c3b50bfecaeded75d5365
openshift-logging/eventrouter-rhel8@sha256:1e945aac7f5b8946355a9881bb388e3c1192be5c8934c7904a8cea018b468403
openshift-logging/fluentd-rhel8@sha256:938713264082e3d099e9cf4d03a41bb5579cdd38314a97191a25045595064899
openshift-logging/kibana6-rhel8@sha256:cdc7c707ac907eb88a9bf41ddbb166662f511ed78a3b41a206f58de4059c0187
openshift-logging/log-file-metric-exporter-rhel8@sha256:2dd1fd2e5e6d3d69be8e7a01da75b18021230b144bc35ca7ff68d4b024d40034
openshift-logging/logging-curator5-rhel8@sha256:4b7d7d479432bcf3965739ced1dd5887effa9f29cd18dbc9b4e8343cf3c507f3
openshift-logging/logging-loki-rhel8@sha256:8e7b254b185f93ee01ebf2f744ab06a0b02b0a75fb7f1e60b81b63de3690df31
openshift-logging/logging-view-plugin-rhel8@sha256:2062bf1126bbd64f60ddb91a319a4082d70a2a00de36812c3b7b17c548ed5c84
openshift-logging/loki-rhel8-operator@sha256:dc5bd5f74a1abd13249135e9080fb84e4b222b23ee1052865c30a195e33edf7d
openshift-logging/lokistack-gateway-rhel8@sha256:8d369ff359adb85acac949947559e0638b3b43a06099b0cfa6971d375f63c964
openshift-logging/opa-openshift-rhel8@sha256:e2dc4390c1fb53feb6041ad8e04838749f1a868293dd0ef5f11c916a087536a3
openshift-logging/vector-rhel8@sha256:c4de86d2bac68d6aa471d16c1533776efb47b3713713fbb1b5e9ad52ac64650f
s390x
openshift-logging/cluster-logging-rhel8-operator@sha256:127535425135b97f4ef86952e0afb80eab53eb13dfdee3fa687e185f42e8497f
openshift-logging/elasticsearch-proxy-rhel8@sha256:dd4bd832e7dc04c411db869f323bc1b7146f302f41ab9281eeca49ebc7c9b292
openshift-logging/elasticsearch-rhel8-operator@sha256:da38a218b436f6f9314789420fe74009a6ec42a6db967ed9ace7bd6bf8cfc2ee
openshift-logging/elasticsearch6-rhel8@sha256:1525027778753dcc97653ff682f877254f4621a0b61e129458c8ff48e45f343b
openshift-logging/eventrouter-rhel8@sha256:a6ddf1ae66f8a367b46d4dcdd65291f5b7aa68e0d839dcb5c972a1226530aad4
openshift-logging/fluentd-rhel8@sha256:cc6671cb636a25a1561e7b8e690ad73e6d86e06dd200f89d479b58c4f8b39f44
openshift-logging/kibana6-rhel8@sha256:af65625da279e9eb0cf34aab4c11ba75d4b2f57b0f1a9e93ba1055568ba17681
openshift-logging/log-file-metric-exporter-rhel8@sha256:303ef05a3a6c78e7a92457d0dd91b9804a1bffa3367d2cb64634363ffd59bb73
openshift-logging/logging-curator5-rhel8@sha256:97d7f3b7e9dde0da8aece994330fa7f9354d037c0aeb8b631c04db6e5578cf49
openshift-logging/logging-loki-rhel8@sha256:5ce732c6c900fcaf3b4e70b93225198650108ecebb7aacca025ff09cd4770a03
openshift-logging/logging-view-plugin-rhel8@sha256:2e6b1e8bdcdb76ce5e081eaf24e8efc91e6e58b516e5a2541265f749f72b7fc1
openshift-logging/loki-rhel8-operator@sha256:df7ffe432501cf2d1c044c330a976308602577341c81084a251b9b82c12a7335
openshift-logging/lokistack-gateway-rhel8@sha256:a7687a20729e1c62ab4822733f649cd665223b83ad52d230d1dc20ed0b036a88
openshift-logging/opa-openshift-rhel8@sha256:9451634f0f6efa0181f7f38d1be5bc61729e8b28bc65b9699a89d50fa8b5c690
openshift-logging/vector-rhel8@sha256:b699cc698cc493ad887456b98d73e73ef4005fdedbda912d3d98d9afd7175798
x86_64
openshift-logging/cluster-logging-operator-bundle@sha256:755fb9d3c381babfa9801ce3f346b10214fbf404052efaf21ce9ee6db21789a1
openshift-logging/cluster-logging-rhel8-operator@sha256:5d2bfaa06a4c297fd3f7a5766592429bee4f1f8a34a89e14bf2a3f5cb0d9cefc
openshift-logging/elasticsearch-operator-bundle@sha256:92e15eb7b50c8076f9223eb7f39bcfcacf79e384f9c19fc2fcf83127f4a3242f
openshift-logging/elasticsearch-proxy-rhel8@sha256:3a8d6729e2dd70d1a27375261844a64b1979a393c221028b62e89ba6b59a1784
openshift-logging/elasticsearch-rhel8-operator@sha256:a667ac029e41d7c468250591aa23d88205099bafbd2f88b67f58f9bdc46a6c1e
openshift-logging/elasticsearch6-rhel8@sha256:12e8488534ed5601eb74d749e273a6c58de644679a541fdaa8ad660cecc4de89
openshift-logging/eventrouter-rhel8@sha256:07fb299333ff6c2c0d94d8195638c812957acb74789fac1561072f0b894642cd
openshift-logging/fluentd-rhel8@sha256:841ea921f08812cf597480080f4394452fc5467db28b997d8bda3c7a768cfb87
openshift-logging/kibana6-rhel8@sha256:c626f1b5baa1255635e109c849ed43a4c9e3098cde27e16ce0ca338adf36be5b
openshift-logging/log-file-metric-exporter-rhel8@sha256:5633bb5541babf3dc0a4d500d616ea7f33f2291ab59c0cd735e55341f3beb9e9
openshift-logging/logging-curator5-rhel8@sha256:ac63fa3f93acf89507bcc642e41f8de53dad7b85d634c54fdeba831e499d7165
openshift-logging/logging-loki-rhel8@sha256:60cf8de16c07bc915ac146936a30411a05c6e575892df6e409985d903e2f125c
openshift-logging/logging-view-plugin-rhel8@sha256:77f23a7cb8c17fd8408210c789af015767e4acb46e46becde2ef32a7f4d876ce
openshift-logging/loki-operator-bundle@sha256:d32b34545e56b928d7cfc0694422b7febeff53c1bfc17b0de8289b7f125fe7ae
openshift-logging/loki-rhel8-operator@sha256:0d99271783cd473492df1d4cbc80dede37149aed361774263048ebf845860a4b
openshift-logging/lokistack-gateway-rhel8@sha256:29e089793361da655b04000fcf2157709c8fd1267a4c067125650980a5a58280
openshift-logging/opa-openshift-rhel8@sha256:eec889cb4a5e8c6dd486a99015ea115e1a0b643c2d39d33ad591f2407e4086c9
openshift-logging/vector-rhel8@sha256:5584226181a87aa3ff984ce3849e4aceb0537bc44b23cc73c3da440cdd128b1b
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...
Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
An update for cups is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
An update for cups is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 e...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.
Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system