Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Red Hat Security Advisory 2023-5096-01[6]
- Authored by Red Hat[7] | Site access.redhat.com[8]
-
Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.
- systems | linux[9], redhat[10]
- advisories | CVE-2023-34969[11], CVE-2023-3899[12], CVE-2023-4456[13]
- SHA-256 |
0b0524e9b143a4231d0b7f6aa2fe13874968bacef0b9ea9d7d89f5de1c7afef5 - Download[14] | Favorite[15] | View[16]
Change Mirror[17] Download[18]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Logging Subsystem 5.5.16 - Red Hat OpenShift security update
Advisory ID: RHSA-2023:5096-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5096
Issue date: 2023-09-20
CVE Names: CVE-2023-3899 CVE-2023-4456 CVE-2023-34969
=====================================================================
1. Summary:
Logging Subsystem 5.5.16 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Logging Subsystem 5.5.16 - Red Hat OpenShift
Security Fix(es):
* openshift-logging: LokiStack authorisation is cached too broadly
(CVE-2023-4456)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly
5. References:
https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/cve/CVE-2023-4456
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. >. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJlCw9FAAoJENzjgjWX9erE8uEP/R8Vaa/5DZvXpKtewh4v2Xlr
jQuBTL/BwOKn0gronaZv2j6d3MHXRHJjMq4o1+ca/7JchHSJJ1ZvjKCsE67k4Ork
sW2pgh/BkyyByMb8nsQMfw1RuwxYNArtmnv/laqvteVseFU1r+rovR8U5aWfX7Qg
7SyhANlZZ9irKQqpwhRXbVw1hZux2GK+LK2qHh+UZ/PaPomxm5mItn1uNqDJu2nF
2cVonKIzG+X3JReyaAYI4lM/ZPEv+Spim/vzJ4ehdf1zar/8SiDGdSCcoDkcHhru
VLjEfOaFKJqSvZPW87oZlEtlXbKA0Us+RAghOBROxya7xgW/hmZACulPPqJ436Qy
CwJC/E02LcbsGfFnN3vmMI1rBqTEFt2RWd/LyBwZd4oeI41XFMu8fC0FeEPZgjHY
uEOYfRh880fxqnWjxKdQGhcbDYyb2vdumxuyTONus9CSRTR1eVbyvOewMLpFP6lI
bH1L3+PbWPV4+VmK5y9k5Ix+ExMISjCJVhwmsPsuLMgVoHVzYS8OSi4wLaUEb838
x8hbktyhbEAWru7aSs2w/YehII2H8BqsGHO8YKuUQdC341z/si0lU/uAhCAE1DGb
nusR7+SeM9BoDW/E+eUV6ef1OpiUT0ryFArpUMamJYalA6RdBirWBGQ45aDZV3e0
i1OyszjlYnHBAeYipZOC
=AFo3
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[24] (932)
- Advisory[25] (82,296)
- Arbitrary[26] (16,271)
- BBS[27] (2,859)
- Bypass[28] (1,752)
- CGI[29] (1,028)
- Code Execution[30] (7,318)
- Conference[31] (680)
- Cracker[32] (843)
- CSRF[33] (3,350)
- DoS[34] (23,561)
- Encryption[35] (2,371)
- Exploit[36] (52,122)
- File Inclusion[37] (4,230)
- File Upload[38] (977)
- Firewall[39] (821)
- Info Disclosure[40] (2,794)
- Intrusion Detection[41] (894)
- Java[42] (3,049)
- JavaScript[43] (860)
- Kernel[44] (6,746)
- Local[45] (14,509)
- Magazine[46] (586)
- Overflow[47] (12,741)
- Perl[48] (1,423)
- PHP[49] (5,155)
- Proof of Concept[50] (2,344)
- Protocol[51] (3,612)
- Python[52] (1,537)
- Remote[53] (30,885)
- Root[54] (3,592)
- Rootkit[55] (509)
- Ruby[56] (612)
- Scanner[57] (1,641)
- Security Tool[58] (7,898)
- Shell[59] (3,196)
- Shellcode[60] (1,216)
- Sniffer[61] (895)
- Spoof[62] (2,209)
- SQL Injection[63] (16,418)
- TCP[64] (2,411)
- Trojan[65] (687)
- UDP[66] (894)
- Virus[67] (666)
- Vulnerability[68] (31,847)
- Web[69] (9,710)
- Whitepaper[70] (3,751)
- x86[71] (963)
- XSS[72] (18,002)
- Other[73]
File Archives
- September 2023[74]
- August 2023[75]
- July 2023[76]
- June 2023[77]
- May 2023[78]
- April 2023[79]
- March 2023[80]
- February 2023[81]
- January 2023[82]
- December 2022[83]
- November 2022[84]
- October 2022[85]
- Older[86]
Systems
- AIX[87] (428)
- Apple[88] (2,008)
- BSD[89] (373)
- CentOS[90] (57)
- Cisco[91] (1,925)
- Debian[92] (6,841)
- Fedora[93] (1,692)
- FreeBSD[94] (1,244)
- Gentoo[95] (4,329)
- HPUX[96] (879)
- iOS[97] (353)
- iPhone[98] (108)
- IRIX[99] (220)
- Juniper[100] (68)
- Linux[101] (46,793)
- Mac OS X[102] (687)
- Mandriva[103] (3,105)
- NetBSD[104] (256)
- OpenBSD[105] (485)
- RedHat[106] (13,910)
- Slackware[107] (941)
- Solaris[108] (1,610)
- SUSE[109] (1,444)
- Ubuntu[110] (8,930)
- UNIX[111] (9,309)
- UnixWare[112] (186)
- Windows[113] (6,587)
- Other[114]
© 2022 Packet Storm. All rights reserved.
- Services
- Security Services[125]
- Hosting By
- Rokasec[126]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Read more https://packetstormsecurity.com/files/174787/RHSA-2023-5096-01.txt
