Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

RedHat: RHSA-2023-4341 Moderate: Logging Subsystem Denial of Service

red hat
Calendar Grey August 2, 2023
Dist Redhat Esm H88
The Logging Subsystem version 5.7.4 patch resolves several security vulnerabilities in Red Hat OpenShift, enhancing the protection of applications.
Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Logging Subsystem 5.7.4 - Red Hat OpenShift
Security Fix(es):
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory denial of service security update bug fix low severity red hat openshift logging subsystem

References

https://access.redhat.com/security/cve/CVE-2022-25883 https://access.redhat.com/security/cve/CVE-2023-22796 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2023:4341-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4341
Issue date: 2023-08-02

Topic

Logging Subsystem 5.7.4 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service security update bug fix low severity red hat openshift logging subsystem

Relevant Releases Architectures

Bugs Fixed

2164736 - CVE-2023-22796 rubygem-activesupport: Regular Expression Denial of Service

2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

LOG-2701 - [Vector] [Cloudwatch] namespaceUUID is not added to logGroupName when forwarding logs to Cloudwatch.

LOG-3880 - Deprecated `curation` and `forwarder` are displayed in the console when creating clusterlogging via `Form view`.

LOG-4015 - [Vector][Loki] vector_component_sent_bytes_total metric for Loki sink not exposed by vector.

LOG-4073 - Invalid link to doc from installed operator in OpenShift Web Console

LOG-4237 - Regression with Red Hat OpenShift Logging 5.7.2

LOG-4242 - Vector pods raise `Configuration error` when forwarding to cloudwatch/googlecloudlogging with tlsSecurityProfile configured.

LOG-4275 - [release-5.7] Vector pods going into a panic state

LOG-4302 - CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch.

LOG-4361 - [release-5.7] Setting custom options on the application tenant removes user-alertmanager configuration

LOG-4368 - [release-5.7] sts cloudwatch issues after upgrading from 5.5

LOG-4389 - [release-5.7] Query Label Values from Loki return duplicate values.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here