CSAF
view release on metacpan or search on metacpan
t/examples/rhsa-2021_5186.json view on Meta::CPAN
},
"discovery_date": "2021-12-13T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
}
],
"notes": [
{
"category": "general",
"text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle:v4.6.0.202112161349.p0.gd74112d.assembly.art3595-1",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202112161349.p0.gd74112d.assembly.art3595"
]
},
"references": [
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx",
"url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1",
"url": "https://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"category": "external",
"summary": "CVE-2021-4104",
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"category": "external",
"summary": "bz#2031667: CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
}
],
"release_date": "2021-12-10T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n...
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle:v4.6.0.202112161349.p0.gd74112d.assembly.art3595-1",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202112161349.p0.gd74112d.assembly.art3595"
],
"url": "https://access.redhat.com/errata/RHSA-2021:5186"
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender"
},
{
"cve": "CVE-2021-4125",
"discovery_date": "2021-12-16T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2033121"
}
],
"notes": [
{
"category": "general",
"text": "kube-reporting/hive: Incomplete fix for log4j CVE-2021-44228 and CVE-2021-45046",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle:v4.6.0.202112161349.p0.gd74112d.assembly.art3595-1",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202112161349.p0.gd74112d.assembly.art3595"
]
},
"references": [
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
"url": "https://access.redhat.com/security/cve/CVE-2021-44228"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-45046",
"url": "https://access.redhat.com/security/cve/CVE-2021-45046"
},
{
"category": "external",
"summary": "CVE-2021-4125",
"url": "https://access.redhat.com/security/cve/CVE-2021-4125"
},
{
"category": "external",
"summary": "bz#2033121: CVE-2021-4125 kube-reporting/hive: Incomplete fix for log4j CVE-2021-44228 and CVE-2021-45046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033121"
}
],
"release_date": "2021-12-16T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n...
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle:v4.6.0.202112161349.p0.gd74112d.assembly.art3595-1",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202112161349.p0.gd74112d.assembly.art3595"
],
"url": "https://access.redhat.com/errata/RHSA-2021:5186"
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-16T00:00:00Z",
"details": "Critical"
}
],
"title": "CVE-2021-4125 kube-reporting/hive: Incomplete fix for log4j CVE-2021-44228 and CVE-2021-45046"
}
]
}
( run in 0.854 second using v1.01-cache-2.11-cpan-39bf76dae61 )