RedHat: RHSA-2022-0226:04 Moderate: Red Hat OpenShift Enterprise Logging
Summary
OpenShift Logging Bug Fix Release (5.1.7)
Security Fix(es):
* nodejs-ua-parser-js: ReDoS via malicious User-Agent header
(CVE-2021-27292)
* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
Summary
Solution
For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.1, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html
References
https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
An update is now available for OpenShift Logging (5.1.7)Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgivesa detailed severity rating, is available for each vulnerability from theCVElink(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender