-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Openshift Logging Security and Bug Fix update (5.3.11) Advisory ID: RHSA-2022:6182-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:6182 Issue date: 2022-09-06 CVE Names: CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-2526 CVE-2022-29154 CVE-2022-30631 CVE-2022-32206 CVE-2022-32208 ===================================================================== 1. Summary: Openshift Logging Bug Fix Release (5.3.11) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Openshift Logging Bug Fix Release (5.3.11) Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. References: https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate null 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYxd1RtzjgjWX9erEAQggURAAnHZFy8qn07633fR22c3ZgmyaL3Z9S79B 6+Klu/gkhsM4IRqfUz09oI1KGOynvuw4U0PJaHZp5BP6o29wFnelyq7PFWtnB1nS f54uAxrhR/OPsb+ifTuo6oFvdMV75OgroAq8uRvEJD+CDDOvHtiV152PpgVuPiJf JzjFJroRrt42pyXP9rNBcnUeuPw/jPb2KFqnZiYlkGGV4/gHK6UF78CVxhcjhnOH +iBMJ6JJBeQ9Uj/SZ2I1vAby7vOqcil/yZQv/q61z80Fzqo1QBHGjUH/XCCyAxbN qcePaI+cX9JtmREyUXfurO5yhvG2Sqyn1ijdZcS6LoCP7gCHf6PhDhFJlK1f8zJ2 N4ArF/BhqKSyIMB0ShzpX8qCsGlrdFy+f5lPD0y2p3kKEhN2o9cmhbq5YJwdv7Fh lqzA56LsVbUBEoHoFTuAkA0cdltWh5woXZlInKAS80xToq1m7lu7sVtgCZ6+DzLw T+lnzzcTDYzVYCXk0gN6e94icb0cHdjSvA+0MgIJgsmR/gMslyZmbycvgAGF38IU KOr76WAT8si/SluJyiYxkL16ZD1oSBQ4AocUrztoEMW/MOXSHVU/a9k7CoLSaOCX s5pkljlTvEmiU7Z76cSwxQQRbvffFlMlBKRRKsuF2Dh4ljHizkYXq4hB3NwHesN0 5FPvrUCH59U= =r2P1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce