CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.

@@ -21,7 +21,7 @@ ARG OPENSHIFT\_CI

  

ENV ES\_PATH\_CONF=/etc/elasticsearch/ \\

ES\_HOME=/usr/share/elasticsearch \\

ES\_VER=6.8.1.redhat-00018 \\

ES\_VER=6.8.1.redhat-00019 \\

HOME=/opt/app-root/src \\

INSTANCE\_RAM=512G \\

JAVA\_VER=11 \\

@@ -30,7 +30,7 @@ ENV ES\_PATH\_CONF=/etc/elasticsearch/ \\

NODE\_QUORUM=1 \\

PROMETHEUS\_EXPORTER\_VER=6.8.1.2-redhat-00001 \\

INGEST\_PLUGIN\_VER=6.8.1.0-redhat-00003 \\

OPENDISTRO\_VER=0.10.1.2-redhat-00006 \\

OPENDISTRO\_VER=0.10.1.2-redhat-00009 \\

PLUGIN\_LOGLEVEL=INFO \\

RECOVER\_AFTER\_NODES=1 \\

RECOVER\_EXPECTED\_NODES=1 \\

Headline

CVE-2022-0552: Update netty to 4.1.63 · openshift/origin-aggregated-logging@d6b72d6

CVE: Latest News