RedHat: RHSA-2022-6560:01 Moderate: Openshift Logging Bug Fix Release and
Summary
Openshift Logging Bug Fix Release (5.3.12)
Security Fix(es):
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly, for detailed release notes:
https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html
References
https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
An update is now available for OpenShift Logging 5.3.12Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read