Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat OpenShift Logging 5.2.10 Alert: RHSA-2022:2218-01 DoS Threat

red hat
Calendar Grey May 11, 2022
Dist Redhat Esm H88
Recent update issued for Red Hat OpenShift Logging tackling multiple security vulnerabilities necessitates immediate attention.
Openshift Logging Bug Fix Release (5.2.10) Red Hat Product Security has rated this update as having a security impact of Moderate

Solution

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes

For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/logging/cluster-logging-upgrading

Summary

Openshift Logging Bug Fix Release (5.2.10)
Security Fix(es):
* kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate denial of service security issue red hat bug fix openshift logging

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-0759 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-25636 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2022:2218-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2218
Issue date: 2022-05-11

Topic

Openshift Logging Bug Fix Release (5.2.10)Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate denial of service security issue red hat bug fix openshift logging

Relevant Releases Architectures

Bugs Fixed

2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter

2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks

5. JIRA issues fixed (https://issues.redhat.com/):

LOG-1972 - Getting message, "Prometheus could not scrape fluentd for more than 10m."

LOG-2335 - [release-5.2] Events listing out of order in Kibana 6.8.1

LOG-2475 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working

LOG-2480 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.2]

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here