RHSA-2022:0230: Moderate: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)

Published Jan 21, 2022

Updated

OpenShift Logging Bug Fix Release (5.2.6)Security Fix(es): nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)

Affected Software

1 affected component

Red Hat OpenShift Enterprise Logging

Remediation

Event History

Mar 1, 2026

Advisory Published

via Red Hat·09:21 AM

Data Sourced

via Red Hat·09:21 AM

RemedyDescriptionAffected Software

Frequently Asked Questions

What is the severity of RHSA-2022:0230?

The RHSA-2022:0230 advisory addresses critical vulnerabilities in OpenShift Logging, specifically affecting nodejs-ua-parser-js and log4j-core.

How do I fix RHSA-2022:0230?

To resolve RHSA-2022:0230, update your OpenShift Logging to the patched version provided in the advisory.

What vulnerabilities are addressed in RHSA-2022:0230?

RHSA-2022:0230 fixes a ReDoS vulnerability in nodejs-ua-parser-js and a remote code execution vulnerability in log4j-core.

Which versions are affected by RHSA-2022:0230?

RHSA-2022:0230 impacts specific versions of OpenShift Logging that include the vulnerable packages mentioned.

Is there a known exploit for RHSA-2022:0230?

As of now, there are no public exploits reported for the vulnerabilities in RHSA-2022:0230, but they are critical and should be patched promptly.