Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Openshift Logging 5.3.14 bug fix release and security update

Related Vulnerabilities: CVE-2016-3709   CVE-2020-35525   CVE-2020-35527   CVE-2020-36516   CVE-2020-36518   CVE-2020-36558   CVE-2021-3640   CVE-2021-30002   CVE-2022-0168   CVE-2022-0561   CVE-2022-0562   CVE-2022-0617   CVE-2022-0854   CVE-2022-0865   CVE-2022-0891   CVE-2022-0908   CVE-2022-0909   CVE-2022-0924   CVE-2022-1016   CVE-2022-1048   CVE-2022-1055   CVE-2022-1184   CVE-2022-1292   CVE-2022-1304   CVE-2022-1355   CVE-2022-1586   CVE-2022-1785   CVE-2022-1852   CVE-2022-1897   CVE-2022-1927   CVE-2022-2068   CVE-2022-2078   CVE-2022-2097   CVE-2022-2509   CVE-2022-2586   CVE-2022-2639   CVE-2022-2938   CVE-2022-3515   CVE-2022-20368   CVE-2022-21499   CVE-2022-21618   CVE-2022-21619   CVE-2022-21624   CVE-2022-21626   CVE-2022-21628   CVE-2022-22624   CVE-2022-22628   CVE-2022-22629   CVE-2022-22662   CVE-2022-22844   CVE-2022-23960   CVE-2022-24448   CVE-2022-25255   CVE-2022-26373   CVE-2022-26700   CVE-2022-26709   CVE-2022-26710   CVE-2022-26716   CVE-2022-26717   CVE-2022-26719   CVE-2022-27404   CVE-2022-27405   CVE-2022-27406   CVE-2022-27950   CVE-2022-28390   CVE-2022-28893   CVE-2022-29581   CVE-2022-30293   CVE-2022-34903   CVE-2022-36946   CVE-2022-37434   CVE-2022-39399   CVE-2022-42003   CVE-2022-42004   CVE-2022-42898  

Source

Synopsis

Moderate: Openshift Logging 5.3.14 bug fix release and security update

Type/Severity

Security Advisory: Moderate

Topic

Openshift Logging Bug Fix Release (5.3.14)

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Openshift Logging Bug Fix Release (5.3.14)

Security Fixe(s):

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Affected Products

  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64

Fixes

  • BZ - 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
  • BZ - 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
  • BZ - 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
  • LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started