Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

Red Hat OpenShift 5.3.0 RHSA-2021-4627 Moderate: Security Update

red hat
Calendar Grey November 15, 2021
Dist Redhat Esm H88
Red Hat OpenShift Monitoring 5.2.1 undergoes a critical security enhancement with patches resolving numerous CVE vulnerabilities.
An update is now available for OpenShift Logging 5.3

Solution

For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/release_notes/ocp-4-9-release-notes

For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/logging/cluster-logging-upgrading

Summary

Openshift Logging Bug Fix Release (5.3.0)
Security Fix(es):
* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory bug fix moderate severity Red Hat OpenShift OpenShift Logging

References

https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-14615 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-10001 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14145 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-17541 Read the Full Advisory

Package List


Advisory ID: RHSA-2021:4627-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4627
Issue date: 2021-11-15

Topic

An update is now available for OpenShift Logging 5.3.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix moderate severity Red Hat OpenShift OpenShift Logging

Relevant Releases Architectures

Bugs Fixed

1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

LOG-1168 - Disable hostname verification in syslog TLS settings

LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd

LOG-1375 - ssl_ca_cert should be optional

LOG-1378 - CLO should support sasl_plaintext(Password over http)

LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate

LOG-1494 - Syslog output is serializing json incorrectly

LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server

LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing

LOG-1735 - Regression introducing flush_at_shutdown

LOG-1774 - The collector logs should be excluded in fluent.conf

LOG-1776 - fluentd total_limit_size sets value beyond available space

LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance

LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled

LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL

LOG-1903 - Fix the Display of ClusterLogging type in OLM

LOG-1911 - CLF API changes to Opt-in to multiline error detection

LOG-1918 - Alert `FluentdNodeDown` always firing

LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here