Lucene search

K
redhatRedHatRHSA-2022:8781
HistoryDec 08, 2022 - 7:35 a.m.

(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

2022-12-0807:35:26
access.redhat.com
18

0.106 Low

EPSS

Percentile

95.1%

Logging Subsystem 5.5.5 - Red Hat OpenShift

Security Fixe(s):

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

  • golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)

  • golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • loader-utils: Regular expression denial of service (CVE-2022-37603)

  • golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.