RHSA-2021:5129MediumCVSS 9.8
Red Hat Security Advisory: Openshift Logging security and bug update (5.3.1)
🔗 CVE IDs covered (5)
📋 Description
CVE-2021-21409 — netty: Request smuggling via content-length header CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2021-44228 — log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value CVE-2021-45046 — log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2021:5129
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1944888
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2030932
- externalhttps://issues.redhat.com/browse/LOG-1897
- externalhttps://issues.redhat.com/browse/LOG-1925
- externalhttps://issues.redhat.com/browse/LOG-1962
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5129.json