Moderate: Red Hat Security Advisory: fluentd security update

An update for fluentd is now available for Red Hat OpenStack Platform 13.0 Operational Tools for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Critical: Red Hat Security Advisory: OpenShift Container Platform 3.7 security and bug fix update

An update is now available for Red Hat OpenShift Container Platform 3.7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...

Escape Sequence Injection

Fluentd is vulnerable to escape sequence injection attacks. User input is pushed directly to the logs without filtering, allowing an attacker to change the terminal UI or execute commands on the device parsing the logs...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Design/Logic Flaw

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.6.1 bug fix and enhancement update

Red Hat OpenShift Container Platform releases 3.6.1 are now available with updates to packages and images that fix several bugs and add various enhancements. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or privat...

Insecure Salt Generation Via Unsafe Pseudorandom Number Function

Fluentd has an insecure generate of salt values. This is because OpenSSL::Random was used rather than a SecureRandom function to generate the values...