logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Description

Logging Subsystem 5.5.5 - Red Hat OpenShift Security Fixe(s): * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * loader-utils: Regular expression denial of service (CVE-2022-37603) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Related