Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat OpenShift 5.7.3 Moderate: Logging Subsystem Security Update

red hat
Calendar Grey July 12, 2023
Dist Redhat Esm H88
The Red Hat OpenShift Monitoring Framework 5.7.3 has an important security enhancement that tackles significant vulnerabilities and risks.
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Logging Subsystem 5.7.3 - Red Hat OpenShift
Security Fix(es):
* word-wrap: ReDoS (CVE-2023-26115)
* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat security fix vulnerability moderate threat logging subsystem OpenShift update

References

https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-48281 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-26115 https://access.redhat.com/security/cve/CVE-2023-26136 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-28466 https://access.redhat.com/security/updates/classification#moderate

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:3998-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3998
Issue date: 2023-07-12

Topic

An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat security fix vulnerability moderate threat logging subsystem OpenShift update

Relevant Releases Architectures

Bugs Fixed

2216827 - CVE-2023-26115 word-wrap: ReDoS

2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

LOG-3498 - Loki returning timed out after 30000ms

LOG-4095 - loki labelKeys with slashes break in 5.7

LOG-4100 - [release-5.7] Browser keeps plugin files cached after upgrade

LOG-4108 - [release-5.7] Custom time range is not getting updated on Aggregated Logs page

LOG-4156 - [release-5.7] Degraded condition on LokiStack is reset even when it should persist

LOG-4161 - [release-5.7] Ruler does not restart after updates to RulerConfig CR.

LOG-4176 - [release-5.7 ]Vector in CrashLoopBackOff when using matchLabel containing special character /

LOG-4177 - CLO pod crash if CLF is updated when CL in Unmanagment status

LOG-4198 - [release-5.7] Controller crashes when only per tenant limits are defined in LokiStack CR

LOG-4258 - Fluentd fails when configured passphase sending to Elasticsearch

LOG-4264 - [release-5.7] Update ose-kube-rbac-proxy to v4.10+

LOG-4271 - [release-5.7] Fix kibana packaging in order for it to be properly scanned by prod sec

LOG-4277 - [release-5.7] HTTP request header again too big, causing interaction with elasticsearch to fail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here