Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

RedHat: RHSA-2023-0634-01 Moderate: OpenShift Logging Threat Update

red hat
Calendar Grey February 9, 2023
Dist Redhat Esm H88
Recent security enhancements for the Red Hat OpenShift Logging System tackle recognized vulnerabilities successfully.
Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Logging Subsystem 5.6.1 - Red Hat OpenShift
Security Fix(es):
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat threat mitigation logging subsystem

References

https://access.redhat.com/security/cve/CVE-2021-35065 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-44617 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-46285 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2023:0634-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0634
Issue date: 2023-02-09

Topic

Logging Subsystem 5.6.1 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat threat mitigation logging subsystem

Relevant Releases Architectures

Bugs Fixed

2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method

2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service

5. JIRA issues fixed (

LOG-3397 - [Developer Console] "parse error" when testing with normal user

LOG-3441 - [Administrator Console] Seeing "parse error" while using Severity filter for cluster view user

LOG-3463 - [release-5.6] ElasticsearchError error="400 - Rejected by Elasticsearch" when adding some labels in application namespaces

LOG-3477 - [Logging 5.6.0]CLF raises 'invalid: unrecognized outputs: [default]' after adding `default` to outputRefs.

LOG-3494 - [release-5.6] After querying logs in loki, compactor pod raises many TLS handshake error if retention policy is enabled.

LOG-3496 - [release-5.6] LokiStack status is still 'Pending' when all loki components are running

LOG-3510 - [release-5.6] TLS errors on Loki controller pod due to bad certificate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here