Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5096: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-20

Updated:

2023-09-20

RHSA-2023:5096 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Type/Severity

Security Advisory: Moderate

Topic

Logging Subsystem 5.5.16 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.5.16 - Red Hat OpenShift

Security Fix(es):

  • openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly

CVEs

  • CVE-2023-3899
  • CVE-2023-4456
  • CVE-2023-32360
  • CVE-2023-34969

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:f9e544df23ae14107e4adfc208da3d748b39fb4a765e72e2491b0d1640a7918e

openshift-logging/elasticsearch-proxy-rhel8@sha256:31a77950e79e4e17375b2dd1d5bb2f55813a5c6c7cebbd173ef8b787011062f5

openshift-logging/elasticsearch-rhel8-operator@sha256:918e53d3958aaf30f75ae507d6157727c1823f53bc61eacd867e8e11e0e98268

openshift-logging/elasticsearch6-rhel8@sha256:f1115686a45add58a5f8faeb2dbaf9cbd1c60c4cb89d70c024dd1fb6e340612c

openshift-logging/eventrouter-rhel8@sha256:f8b8e6bcd9521ba153e633dc6730d309e78f8f8efc3cf05759c0d7de383b3d34

openshift-logging/fluentd-rhel8@sha256:8664aada180bf9aa88f57f695fd92cb4e25c9a0b6fb0e7a03fcf422edd7a4acb

openshift-logging/kibana6-rhel8@sha256:21f20268bd664459363b81bd33ecc52340498860e4cd3f368b1e0bb571ec29e1

openshift-logging/log-file-metric-exporter-rhel8@sha256:443d0722b42f6a90ed736965cb5777c7735b606739d4caa7dc323a9447191c5e

openshift-logging/logging-curator5-rhel8@sha256:f22444a0ac56420fba6e45bb0958e6f122bf54c97180fe08e82f39156ee1f469

openshift-logging/logging-loki-rhel8@sha256:143dfc934a6389354465e1de0e99df6ee5fbf704666f005bffde81d7cf774685

openshift-logging/logging-view-plugin-rhel8@sha256:55b4ee143e032bae5ba30d7b51732bb387415dc3926e8ff605cd4b50076e18c9

openshift-logging/loki-rhel8-operator@sha256:0359ecf04c9cbd6632420c7bae9c55aa9cf6ae7243136eb0af7a950600acfd1c

openshift-logging/lokistack-gateway-rhel8@sha256:634152a11c598696d82de1b24643a809b4d7f236aafb7fda9bab79f62a5a5649

openshift-logging/opa-openshift-rhel8@sha256:f957517efaec638f07f5b1a8569bf7c94ee9b6bea244ea2a583126cb6c61343e

openshift-logging/vector-rhel8@sha256:776f73a26ed7f29882bdce0a3887446998857cf0f7f5d03ba48d4db0d153bd3c

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:ad4cf2ecb9eec91038cc3d19c605191971eca651d153754083c04c448d4103cc

openshift-logging/elasticsearch-proxy-rhel8@sha256:cd305e5973a9d4777fcede79f285ebf1774fb688796c32e91ccadfc5ad53e767

openshift-logging/elasticsearch-rhel8-operator@sha256:1c95ac01d7a279b3a54c43fed2128b9487782adc5f1837e2a45a97b82accebd2

openshift-logging/elasticsearch6-rhel8@sha256:19f3538c647ce9e048449af4fd4603eebe14d8e9ad3c3b50bfecaeded75d5365

openshift-logging/eventrouter-rhel8@sha256:1e945aac7f5b8946355a9881bb388e3c1192be5c8934c7904a8cea018b468403

openshift-logging/fluentd-rhel8@sha256:938713264082e3d099e9cf4d03a41bb5579cdd38314a97191a25045595064899

openshift-logging/kibana6-rhel8@sha256:cdc7c707ac907eb88a9bf41ddbb166662f511ed78a3b41a206f58de4059c0187

openshift-logging/log-file-metric-exporter-rhel8@sha256:2dd1fd2e5e6d3d69be8e7a01da75b18021230b144bc35ca7ff68d4b024d40034

openshift-logging/logging-curator5-rhel8@sha256:4b7d7d479432bcf3965739ced1dd5887effa9f29cd18dbc9b4e8343cf3c507f3

openshift-logging/logging-loki-rhel8@sha256:8e7b254b185f93ee01ebf2f744ab06a0b02b0a75fb7f1e60b81b63de3690df31

openshift-logging/logging-view-plugin-rhel8@sha256:2062bf1126bbd64f60ddb91a319a4082d70a2a00de36812c3b7b17c548ed5c84

openshift-logging/loki-rhel8-operator@sha256:dc5bd5f74a1abd13249135e9080fb84e4b222b23ee1052865c30a195e33edf7d

openshift-logging/lokistack-gateway-rhel8@sha256:8d369ff359adb85acac949947559e0638b3b43a06099b0cfa6971d375f63c964

openshift-logging/opa-openshift-rhel8@sha256:e2dc4390c1fb53feb6041ad8e04838749f1a868293dd0ef5f11c916a087536a3

openshift-logging/vector-rhel8@sha256:c4de86d2bac68d6aa471d16c1533776efb47b3713713fbb1b5e9ad52ac64650f

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:127535425135b97f4ef86952e0afb80eab53eb13dfdee3fa687e185f42e8497f

openshift-logging/elasticsearch-proxy-rhel8@sha256:dd4bd832e7dc04c411db869f323bc1b7146f302f41ab9281eeca49ebc7c9b292

openshift-logging/elasticsearch-rhel8-operator@sha256:da38a218b436f6f9314789420fe74009a6ec42a6db967ed9ace7bd6bf8cfc2ee

openshift-logging/elasticsearch6-rhel8@sha256:1525027778753dcc97653ff682f877254f4621a0b61e129458c8ff48e45f343b

openshift-logging/eventrouter-rhel8@sha256:a6ddf1ae66f8a367b46d4dcdd65291f5b7aa68e0d839dcb5c972a1226530aad4

openshift-logging/fluentd-rhel8@sha256:cc6671cb636a25a1561e7b8e690ad73e6d86e06dd200f89d479b58c4f8b39f44

openshift-logging/kibana6-rhel8@sha256:af65625da279e9eb0cf34aab4c11ba75d4b2f57b0f1a9e93ba1055568ba17681

openshift-logging/log-file-metric-exporter-rhel8@sha256:303ef05a3a6c78e7a92457d0dd91b9804a1bffa3367d2cb64634363ffd59bb73

openshift-logging/logging-curator5-rhel8@sha256:97d7f3b7e9dde0da8aece994330fa7f9354d037c0aeb8b631c04db6e5578cf49

openshift-logging/logging-loki-rhel8@sha256:5ce732c6c900fcaf3b4e70b93225198650108ecebb7aacca025ff09cd4770a03

openshift-logging/logging-view-plugin-rhel8@sha256:2e6b1e8bdcdb76ce5e081eaf24e8efc91e6e58b516e5a2541265f749f72b7fc1

openshift-logging/loki-rhel8-operator@sha256:df7ffe432501cf2d1c044c330a976308602577341c81084a251b9b82c12a7335

openshift-logging/lokistack-gateway-rhel8@sha256:a7687a20729e1c62ab4822733f649cd665223b83ad52d230d1dc20ed0b036a88

openshift-logging/opa-openshift-rhel8@sha256:9451634f0f6efa0181f7f38d1be5bc61729e8b28bc65b9699a89d50fa8b5c690

openshift-logging/vector-rhel8@sha256:b699cc698cc493ad887456b98d73e73ef4005fdedbda912d3d98d9afd7175798

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:755fb9d3c381babfa9801ce3f346b10214fbf404052efaf21ce9ee6db21789a1

openshift-logging/cluster-logging-rhel8-operator@sha256:5d2bfaa06a4c297fd3f7a5766592429bee4f1f8a34a89e14bf2a3f5cb0d9cefc

openshift-logging/elasticsearch-operator-bundle@sha256:92e15eb7b50c8076f9223eb7f39bcfcacf79e384f9c19fc2fcf83127f4a3242f

openshift-logging/elasticsearch-proxy-rhel8@sha256:3a8d6729e2dd70d1a27375261844a64b1979a393c221028b62e89ba6b59a1784

openshift-logging/elasticsearch-rhel8-operator@sha256:a667ac029e41d7c468250591aa23d88205099bafbd2f88b67f58f9bdc46a6c1e

openshift-logging/elasticsearch6-rhel8@sha256:12e8488534ed5601eb74d749e273a6c58de644679a541fdaa8ad660cecc4de89

openshift-logging/eventrouter-rhel8@sha256:07fb299333ff6c2c0d94d8195638c812957acb74789fac1561072f0b894642cd

openshift-logging/fluentd-rhel8@sha256:841ea921f08812cf597480080f4394452fc5467db28b997d8bda3c7a768cfb87

openshift-logging/kibana6-rhel8@sha256:c626f1b5baa1255635e109c849ed43a4c9e3098cde27e16ce0ca338adf36be5b

openshift-logging/log-file-metric-exporter-rhel8@sha256:5633bb5541babf3dc0a4d500d616ea7f33f2291ab59c0cd735e55341f3beb9e9

openshift-logging/logging-curator5-rhel8@sha256:ac63fa3f93acf89507bcc642e41f8de53dad7b85d634c54fdeba831e499d7165

openshift-logging/logging-loki-rhel8@sha256:60cf8de16c07bc915ac146936a30411a05c6e575892df6e409985d903e2f125c

openshift-logging/logging-view-plugin-rhel8@sha256:77f23a7cb8c17fd8408210c789af015767e4acb46e46becde2ef32a7f4d876ce

openshift-logging/loki-operator-bundle@sha256:d32b34545e56b928d7cfc0694422b7febeff53c1bfc17b0de8289b7f125fe7ae

openshift-logging/loki-rhel8-operator@sha256:0d99271783cd473492df1d4cbc80dede37149aed361774263048ebf845860a4b

openshift-logging/lokistack-gateway-rhel8@sha256:29e089793361da655b04000fcf2157709c8fd1267a4c067125650980a5a58280

openshift-logging/opa-openshift-rhel8@sha256:eec889cb4a5e8c6dd486a99015ea115e1a0b643c2d39d33ad591f2407e4086c9

openshift-logging/vector-rhel8@sha256:5584226181a87aa3ff984ce3849e4aceb0537bc44b23cc73c3da440cdd128b1b

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5480-01

Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5421-01

Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-5376-01

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5095-01

Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:5314: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...

Red Hat Security Advisory 2023-5096-01

Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Red Hat Security Advisory 2023-5175-01

Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-5175-01

Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

Ubuntu Security Notice USN-6372-1

Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

RHSA-2023:4933: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

RHSA-2023:4933: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4980-01

Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4921-01

Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4731-01

Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.

RHSA-2023:4921: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update

A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4838-01

Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

RHSA-2023:4768: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

RHSA-2023:4771: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

RHSA-2023:4766: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

Red Hat Security Advisory 2023-4708-01

Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4703-01

Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4707-01

Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

RHSA-2023:4707: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4704: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 e...

RHSA-2023:4702: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...

CVE-2023-4456: cve-details

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Red Hat Security Advisory 2023-4603-01

Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.

Red Hat Security Advisory 2023-4569-01

Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

CVE-2023-32369: About the security content of macOS Big Sur 11.7.7

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system