-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift (Logging Subsystem) security update
Advisory ID:       RHSA-2023:0632-01
Product:           Logging Subsystem for Red Hat OpenShift
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0632
Issue date:        2023-02-15
CVE Names:         CVE-2022-4883 CVE-2022-23521 CVE-2022-30123 
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-41717 
                   CVE-2022-41903 CVE-2022-44617 CVE-2022-46285 
                   CVE-2022-47629 CVE-2023-21835 CVE-2023-21843 
====================================================================
1. Summary:

An update is now available for the Logging subsystem for Red Hat OpenShift
5.4.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.4.11 - Red Hat OpenShift

Security Fix(es):

* rubygem-rack: crafted requests can cause shell escape sequences
(CVE-2022-30123)

* golang: net/http: An attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. References:

https://access.redhat.com/security/cve/CVE-2022-4883
https://access.redhat.com/security/cve/CVE-2022-23521
https://access.redhat.com/security/cve/CVE-2022-30123
https://access.redhat.com/security/cve/CVE-2022-40303
https://access.redhat.com/security/cve/CVE-2022-40304
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-41903
https://access.redhat.com/security/cve/CVE-2022-44617
https://access.redhat.com/security/cve/CVE-2022-46285
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/cve/CVE-2023-21835
https://access.redhat.com/security/cve/CVE-2023-21843
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY+zQANzjgjWX9erEAQiH1g//X870GJDPdbNfdY26uTCuTK2PebCDghmn
aHyyZUj1dt0EGxtNsjqcG3ivrgbaSEhEOnQaE3IkRQoEK8XWVFtodr8fw6VnFHSG
rrgKn/Kl4zHaDpIRRFPpImHBEUYJiXYh2AX9+IASkvi8/J90enitS8S1cCYRQmTO
DS3CHnpKa1EmlVZaD5DqZacoQl7n8rHZRXtMQ9oel2FuymSXEUHkBQSYfPLLLjuP
yOTeYi5jn3JWH3xSzCzi65jm0P3n6IzQqKU45Hn8fMbNbcoTrl+Q1QMuCwxQLjQr
mfHO+U8nmGbqoLcvazMcOQ5UFyX/R4WJkef19BxUiCiH2xCsl1k2bmFn7Ofu5Q5E
0s6+DNx2s6BMP2DBTvFggYNoEaz6uP0yPnYuCKX0PPp+lgydMcE4FPO2hLjhOTr/
5nFaQW8tHMJ1zFUmrux8xnPBf5W6ivaa5tKJV1u6BCJSi7PcGcd1a+cq3HaUOpqr
CFZtKsLr+/yQBSZlRDpurbpwK+499/fU/R5M3ya3Rswa7XuA7uEzsYceZ8rsXk34
n94845yMc9OL57rw0Ld5shgH8G8IFULrorcS+Yj0LL6yZa4zKpGdqawsiG2X7E+j
BD9y5xpmQ3tqwcjP7LcIKFq/9Xcc9g4F99bu4BNGV7+DzdMFFIgCGpdkO8JrjNVW
EgMXmUtLcsI=cn0O
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-0632:01 Moderate: Red Hat OpenShift (Logging Subsystem)

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4

Summary

Logging Subsystem 5.4.11 - Red Hat OpenShift
Security Fix(es):
* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Summary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/cve/CVE-2022-23521 https://access.redhat.com/security/cve/CVE-2022-30123 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41903 https://access.redhat.com/security/cve/CVE-2022-44617 https://access.redhat.com/security/cve/CVE-2022-46285 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification/#moderate

Package List

Severity

Advisory ID: RHSA-2023:0632-01

Product: Logging Subsystem for Red Hat OpenShift

Advisory URL: https://access.redhat.com/errata/RHSA-2023:0632

Issued Date: : 2023-02-15

CVE Names: CVE-2022-4883 CVE-2022-23521 CVE-2022-30123 CVE-2022-40303 CVE-2022-40304 CVE-2022-41717 CVE-2022-41903 CVE-2022-44617 CVE-2022-46285 CVE-2022-47629 CVE-2023-21835 CVE-2023-21843

Topic

An update is now available for the Logging subsystem for Red Hat OpenShift5.4.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Bugs Fixed

2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security

2 - 4 min read

Sep 16, 2024

Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is

CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?

CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?

3 - 5 min read

Sep 15, 2024

CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three

Defending Against Remote Code Execution in Google Chrome: A Critical Update

Defending Against Remote Code Execution in Google Chrome: A Critical Update

2 - 3 min read

Sep 15, 2024

Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe

Navigating the Linux Kernel

Navigating the Linux Kernel's Latest DMA Security Vulnerability

2 - 4 min read

Sep 10, 2024

The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant

Staying a Step Ahead of Adversaries: Mitigating Chromium

Staying a Step Ahead of Adversaries: Mitigating Chromium's Security Flaws on Linux

2 - 4 min read

Sep 04, 2024

Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium

Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware

Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware

2 - 4 min read

Sep 03, 2024

Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called

Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures

Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures

3 - 6 min read

Sep 02, 2024

Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

8 Expert-Recommended Security Practices to Fortify Your Linux Systems

8 Expert-Recommended Security Practices to Fortify Your Linux Systems

4 - 8 min read

Aug 30, 2024

As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved