—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
=====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Moderate: OpenShift Logging bug fix and security update (5.1.9)
\nAdvisory ID: RHSA-2022:0727-01
\nProduct: Red Hat OpenShift Enterprise
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0727
\nIssue date: 2022-03-01
\nCVE Names: CVE-2020-28491 CVE-2022-0552
\n=====================================================================<\/p>\n
1. Summary:<\/p>\n
OpenShift Logging bug fix and security update (5.1.9)<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n
2. Description:<\/p>\n
OpenShift Logging bug fix and security update (5.1.9)<\/p>\n
Security Fix(es):<\/p>\n
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a
\njava.lang.OutOfMemoryError exception (CVE-2020-28491)<\/p>\n
* origin-aggregated-logging\/elasticsearch: Incomplete fix for
\nnetty-codec-http CVE-2021-21409 (CVE-2022-0552)<\/p>\n
For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n
3. Solution:<\/p>\n
For OpenShift Container Platform 4.8 see the following documentation, which
\nwill be updated shortly for this release, for important instructions on how
\nto upgrade your cluster and fully apply this errata update:<\/p>\n
https:\/\/docs.openshift.com\/container-platform\/4.8\/release_notes\/ocp-4-8-release-notes.html<\/p>\n
For Red Hat OpenShift Logging 5.1, see the following instructions to apply
\nthis update:<\/p>\n
https:\/\/docs.openshift.com\/container-platform\/4.8\/logging\/cluster-logging-upgrading.html<\/p>\n
4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
1930423 – CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception
\n2052539 – CVE-2022-0552 origin-aggregated-logging\/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409<\/p>\n
5. JIRA issues fixed (https:\/\/issues.jboss.org\/):<\/p>\n
LOG-2181 – Logging link is not removed when CLO is uninstalled or its instance is removed<\/p>\n
6. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2020-28491
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0552
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate<\/p>\n
7. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBYh6altzjgjWX9erEAQjRPg\/\/WbHeVQWkkSJt0czQiJI8BFyLoUagVw9k
\npaxGAnWrxKiwDCvhVqdjXMqnFH\/7ToUO3cWPI4P9Bhw0XVp+yVZc6SWR1yvJq9zn
\n6kg8121gIhmvwZdUIOoOPOIx7rUB156zTr7Pl0G6bMDxsI9E3UwxSzKsA95OeK4A
\nH5VQ1NZ0E6azAqtJ6DxGcyhil\/ySO8AumpSo3CqZ2DSMAp5qjTXm10llpWaCn7wh
\nxjteiyDYLklxNuJcdzFugYcdBjKEJQ9gf0LjsJ4ezyBv5aFuj8XOTdndP\/5irMgf
\nMP5F+eYhVk0CJzjFFVpWsCk2mOAJFW4kVs5DZP+vkxJG8ZOdMpkghDmLsggWUCFz
\ndGHDxhO47S8Bv0WZOPqrTFfEdUUfanECpJ8gS0iclaUCxLtckLmqAoEN+98vQXqu
\nuxpSku+TWAO830yjhOz+gHTq9VzkVIu9LrJ6BnP+xVaA6\/HYLdelVVmN9E5g6alB
\nALwnec6+onMRE5YEGl9b+HgSf\/OhBMEMmI6Kz7OoQFi2c2OJjJRw6JKVKKqBZXg6
\ny1sfu5S5AFgiJdTiOn5TR6ruHSeyNyYa8FeXK323QJgJj2ErRLrarEPksPT1Ps7k
\nXv1L0YAicN4zwk1uo2A5naWeRJFmrXDyajm5u+DE8\/nW7mnG24Cx4CRuN8N1wFJF
\nPdgA4tAMu2o=
\n=XHw6
\n—–END PGP SIGNATURE—–<\/p>\n
—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Logging bug fix and security update (5.1.9) Advisory ID: RHSA-2022:0727-01 Product: Red Hat OpenShift Enterprise Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0727 Issue date: 2022-03-01 CVE Names: CVE-2020-28491 CVE-2022-0552 ===================================================================== 1. Summary: OpenShift Logging bug fix and security update (5.1.9) Red Hat Product Security has …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21194","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21194"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21194\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}