RedHat: RHSA-2022-5909:01 Moderate: Openshift Logging Bug Fix and s...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)
Advisory ID:       RHSA-2022:5909-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5909
Issue date:        2022-08-04
CVE Names:         CVE-2021-38561 CVE-2021-40528 CVE-2022-1271 
                   CVE-2022-1621 CVE-2022-1629 CVE-2022-21540 
                   CVE-2022-21541 CVE-2022-22576 CVE-2022-25313 
                   CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 
                   CVE-2022-27782 CVE-2022-29824 CVE-2022-34169 
=====================================================================

1. Summary:

Openshift Logging Bug Fix Release (5.2.13)

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Openshift Logging Bug Fix Release (5.2.13)

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS
(CVE-2021-38561)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.2, see the following instructions to apply
this update:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. References:

https://access.redhat.com/security/cve/CVE-2021-38561
https://access.redhat.com/security/cve/CVE-2021-40528
https://access.redhat.com/security/cve/CVE-2022-1271
https://access.redhat.com/security/cve/CVE-2022-1621
https://access.redhat.com/security/cve/CVE-2022-1629
https://access.redhat.com/security/cve/CVE-2022-21540
https://access.redhat.com/security/cve/CVE-2022-21541
https://access.redhat.com/security/cve/CVE-2022-22576
https://access.redhat.com/security/cve/CVE-2022-25313
https://access.redhat.com/security/cve/CVE-2022-25314
https://access.redhat.com/security/cve/CVE-2022-27774
https://access.redhat.com/security/cve/CVE-2022-27776
https://access.redhat.com/security/cve/CVE-2022-27782
https://access.redhat.com/security/cve/CVE-2022-29824
https://access.redhat.com/security/cve/CVE-2022-34169
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYuwKbdzjgjWX9erEAQge4Q/5AdmLXbzcYNVlB4a3k8ZYk+851l46Xy/G
A/jatHrT93JzqaMDPUFMuxVJ+wdVoTrYJVCyNFKQe9bvfmkjZV+ppY0LMnt9BZKF
6GrgIT/tr0EQeF+KTYSjbfVVd/zCC6OEuA0P3ENYQoxVlKOqBUKLP0ag/LgU+OwB
QFIdiUUoxYkum6/xc6qfflAowRAY5ZpxNW4z2MkzabaIPJbN316yA+rnM/kt5G4G
tx6utcuO83jok1678sDL3XL3j2xM6L2rFwuVRg+kzJObCxjjPOnM2O3Id4le2LkB
YgJw8EnjWXqtFwJNJnTDOBKjQrv7yD9GQVCb5QzzrERIwMiD/UUQ7NOpAESy/+zv
s3hcdE5atZtZOip//P9LkvIk9tGhMiqkhR9WF1iX8pnnCTGxeyyfzKv67lV89NEC
7LUpuV9tdlGEwnJo7IzwC6d+XHTIc6DFZ7IDv3+YF0olND5PIHlnoQPz3kRStYIJ
zoRMzXjBihSEgjqEVdw1bcJyXTGM80fgdsTTm4hGr+MXGT4JgrNAcYasd3AMT25I
xaH7Y6XDdDY3k7g/pQVFckVWsrzn9a4QlPJaPAmFHBS4tq6TxC23AEAoVv4J2abg
xvyZu27oVZSwie36Y1Pm1VioABBiL9md3zGUCQVHVnSPUwgOu7XUrW56VUEDEs36
Pndy5EfKK9c=
=quG0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-5909:01 Moderate: Openshift Logging Bug Fix and security

Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate

Summary

Openshift Logging Bug Fix Release (5.2.13)
Security Fix(es):
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For OpenShift Container Platform 4.8 see the following documentation, whichwill be updated shortly, for detailed release notes:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.htmlFor Red Hat OpenShift Logging 5.2, see the following instructions to applythis update:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

References

https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-21540 https://access.redhat.com/security/cve/CVE-2022-21541 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34169 https://access.redhat.com/security/updates/classification/#moderate

Package List

Severity
Advisory ID: RHSA-2022:5909-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5909
Issued Date: : 2022-08-04
CVE Names: CVE-2021-38561 CVE-2021-40528 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-21540 CVE-2022-21541 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29824 CVE-2022-34169

Topic

Openshift Logging Bug Fix Release (5.2.13)Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.