Red Hat OpenShift 5.5.4 RHSA-2022:7434-01 Moderate Logging Security
red hat
November 10, 2022
Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate
Solution
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes
For Red Hat OpenShift Logging 5.5, see the following instructions to apply
this update:
Summary
Logging Subsystem 5.5.4 - Red Hat OpenShift
Security Fix(es):
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2022-0494 https://access.redhat.com/security/cve/CVE-2022-1353 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2588 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-23816 https://access.redhat.com/security/cve/CVE-2022-23825 https://access.redhat.com/security/cve/CVE-2022-29900 https://access.redhat.com/security/cve/CVE-2022-29901 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/updates/classification/#moderate
Package List
PREVIOUS
NEXT
Advisory ID: RHSA-2022:7434-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7434
Issue date: 2022-11-10
Topic
Logging Subsystem 5.5.4 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Bugs Fixed
2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):
LOG-2674 - Many `can't remove non-existent inotify watch for: /var/log/pods/xxxxxx` errors in logfilesmetricexporter container.
LOG-3042 - Logging view plugin removes part of LogQL query
LOG-3049 - [release-5.5] Resources associated with collector / fluentd keep on getting recreated
LOG-3127 - The alerts are Fluentd when type=vector
LOG-3138 - [release-5.5] the content of secret elasticsearch-metrics-token is recreated continually
LOG-3175 - [release-5.5] Vector healthcheck fails when forwarding logs to Cloudwatch
LOG-3213 - must-gather is empty for logging with CLO image
LOG-3234 - [release-5.5] Loki gateway is crashing because cipher-suites are not set
LOG-3251 - [release-5.5] Adding Valid Subscription Annotation
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!