exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-0728-01

Red Hat Security Advisory 2022-0728-01
Posted Mar 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0728-01 - OpenShift Logging bug fix and security update.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-28491, CVE-2022-0552
SHA-256 | 478cafa40dbef050f65b2497b1ab105f095b2ee5b8d2fd9eb426a6f8425841ca

Red Hat Security Advisory 2022-0728-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Logging bug fix and security update (5.2.8)
Advisory ID: RHSA-2022:0728-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0728
Issue date: 2022-03-02
CVE Names: CVE-2020-28491 CVE-2022-0552
====================================================================
1. Summary:

OpenShift Logging bug fix and security update (5.2.8)

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Logging bug fix and security update (5.2.8)

Security Fix(es):

* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a
java.lang.OutOfMemoryError exception (CVE-2020-28491)

* origin-aggregated-logging/elasticsearch: Incomplete fix for
netty-codec-http CVE-2021-21409 (CVE-2022-0552)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

For Red Hat OpenShift Logging 5.2, see the following instructions to apply
this update:

https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception
2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-2180 - Logging link is not removed when CLO is uninstalled or its instance is removed

6. References:

https://access.redhat.com/security/cve/CVE-2020-28491
https://access.redhat.com/security/cve/CVE-2022-0552
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYh+XzdzjgjWX9erEAQi0Pw//WJzJRTcWyl/UsQ+oS/7AHPR/kIDkPbR4
AX+AbUXO4AEirXvf911Z5ZdwJw8UrYRdnnMAZItCmisNUPZZ9ybi7AIR3b3HQlwl
EKZOvhdt1YwGfGwIL6mjLeAVoxcBAlkE1LvFAcC18aVNDWeSCWxwZOpUzvTPLVuR
2ljs3hvp6YNHnX4EH2eDpE6ylhruBXY2FXeA+SyWg4TU5q1Hg0WsJE4Z0x7YxWUe
RvPBxZ4xBibyxKxBh47zQLp01aQyz4OTQsC3abMyaWd/jN3vZEFHE0N9UqmdLaMn
XOxA9actMytEcBEfbrTPE1FjlDidvpf+tged99a1Aw5yJdZNydx8WFW5gpIoX2Ix
x4QW68dFpImHLtOS6VB9GChQJQXombsDtf8UPssf7iojpkx40Ikk6Eov+x0K78L8
OOWYXEL37xuP4n26RydUEu09H5vfE9gXDDK6vIfFLDu+55+FQpDLn0JAecgMETx6
NxYzrqJGuZjD1ZP46YDpa/XS/2hc9ueo1G8ydwYyT3DabYXqIjA+wcaMJ0BK7471
hFRgZXMHuG8ziGKgONqeZLXi7NBfCwQr8/olnCe+27NRJGQcrRFggDDnjFnhtjgS
PUzfRhUHhS9uNy6Ih7QB+bNGi3t8nUC9pvJ2is9N9ueG3qIw/KWGuDORqBHSEy/R
8hb6hi3wY5g=MXFM
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close