RHSA-2023:0264: Moderate: Red Hat OpenShift (Logging Subsystem) security update
Logging Subsystem 5.6.0 - Red Hat OpenShift<br><li> logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)</li> <li> logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)</li> <li> logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)</li> <li> logging-loki-container: golang: net/<a href="http:" target="blank">http:</a> handle server errors after sending GOAWAY (CVE-2022-27664)</li> <li> golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)</li> <li> org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAPSINGLEVALUEARRAYS (CVE-2022-42003)</li> <li> org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:0264?
The severity of RHSA-2023:0264 is classified as important due to potential denial of service vulnerabilities.
How do I fix RHSA-2023:0264?
To address RHSA-2023:0264, update the affected packages to their latest versions as provided in the Red Hat advisory.
What vulnerabilities are addressed in RHSA-2023:0264?
RHSA-2023:0264 addresses prototype pollution in loader-utils and denial of service issues in jackson-databind.
Which components are affected by RHSA-2023:0264?
The affected components in RHSA-2023:0264 include logging-view-plugin-container and logging-elasticsearch6-container.
Is there a workaround for RHSA-2023:0264?
No specific workaround is mentioned for RHSA-2023:0264; the recommended solution is to apply the provided updates.