RHSA-2023:3495: Moderate: Logging Subsystem 5.7.2 - Red Hat OpenShift security update
First published: Mon Jun 12 2023(Updated: )
Logging Subsystem 5.7.2 - Red Hat OpenShift<br>Security Fix(es):<br><li> net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)</li> <li> rubygem-rack: denial of service in header parsing (CVE-2023-27539)</li> <li> rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice (CVE-2023-28120)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2023:3495?
RHSA-2023:3495 is classified as a security fix addressing multiple vulnerabilities with varying severity levels.
How do I fix RHSA-2023:3495?
To fix RHSA-2023:3495, users should upgrade to the latest version of affected packages as recommended by Red Hat.
What vulnerabilities are addressed in RHSA-2023:3495?
RHSA-2023:3495 addresses vulnerabilities including CVE-2022-41723 and CVE-2023-27539 among others.
Does RHSA-2023:3495 affect OpenShift?
Yes, RHSA-2023:3495 specifically pertains to security fixes within the Logging Subsystem of Red Hat OpenShift.
Are there any known exploits for the vulnerabilities in RHSA-2023:3495?
As of now, there are no widely reported exploits specifically targeting the vulnerabilities addressed in RHSA-2023:3495.
- agent/severity
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/tags
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:3495