-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.5.16 - Red Hat OpenShift security update
Advisory ID:       RHSA-2023:5096-01
Product:           Logging Subsystem for Red Hat OpenShift
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5096
Issue date:        2023-09-20
CVE Names:         CVE-2023-3899 CVE-2023-4456 CVE-2023-34969 
=====================================================================

1. Summary:

Logging Subsystem 5.5.16 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.5.16 - Red Hat OpenShift

Security Fix(es):

* openshift-logging: LokiStack authorisation is cached too broadly
(CVE-2023-4456)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly

5. References:

https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/cve/CVE-2023-4456
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJlCw9FAAoJENzjgjWX9erE8uEP/R8Vaa/5DZvXpKtewh4v2Xlr
jQuBTL/BwOKn0gronaZv2j6d3MHXRHJjMq4o1+ca/7JchHSJJ1ZvjKCsE67k4Ork
sW2pgh/BkyyByMb8nsQMfw1RuwxYNArtmnv/laqvteVseFU1r+rovR8U5aWfX7Qg
7SyhANlZZ9irKQqpwhRXbVw1hZux2GK+LK2qHh+UZ/PaPomxm5mItn1uNqDJu2nF
2cVonKIzG+X3JReyaAYI4lM/ZPEv+Spim/vzJ4ehdf1zar/8SiDGdSCcoDkcHhru
VLjEfOaFKJqSvZPW87oZlEtlXbKA0Us+RAghOBROxya7xgW/hmZACulPPqJ436Qy
CwJC/E02LcbsGfFnN3vmMI1rBqTEFt2RWd/LyBwZd4oeI41XFMu8fC0FeEPZgjHY
uEOYfRh880fxqnWjxKdQGhcbDYyb2vdumxuyTONus9CSRTR1eVbyvOewMLpFP6lI
bH1L3+PbWPV4+VmK5y9k5Ix+ExMISjCJVhwmsPsuLMgVoHVzYS8OSi4wLaUEb838
x8hbktyhbEAWru7aSs2w/YehII2H8BqsGHO8YKuUQdC341z/si0lU/uAhCAE1DGb
nusR7+SeM9BoDW/E+eUV6ef1OpiUT0ryFArpUMamJYalA6RdBirWBGQ45aDZV3e0
i1OyszjlYnHBAeYipZOC
=AFo3
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-5096:01 Moderate: Logging Subsystem 5.5.16 - Red Hat

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate

Summary

Logging Subsystem 5.5.16 - Red Hat OpenShift
Security Fix(es):
* openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4456 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2023:5096-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5096
Issued Date: : 2023-09-20
CVE Names: CVE-2023-3899 CVE-2023-4456 CVE-2023-34969

Topic

Logging Subsystem 5.5.16 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly


Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo