RHSA-2022:2218MediumCVSS 8.3
Red Hat Security Advisory: Openshift Logging Security and Bug update Release (5.2.10)
🔗 CVE IDs covered (5)
📋 Description
CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2022-0759 — kubeclient: kubeconfig parsing error can lead to MITM attacks CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2022:2218
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2031958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2045880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2058404
- externalhttps://issues.redhat.com/browse/LOG-1972
- externalhttps://issues.redhat.com/browse/LOG-2335
- externalhttps://issues.redhat.com/browse/LOG-2475
- externalhttps://issues.redhat.com/browse/LOG-2480
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2218.json