Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
98
security advisorymoderatesecurity updateRed Hat OpenShift: RHSA-2023-5096-01 Moderate: Logging Subsystem Update
Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.5.16 - Red Hat OpenShift security update Advisory ID: RHSA-2023:5096-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:5096 Issue date: 2023-09-20 CVE Names: CVE-2023-3899 CVE-2023-4456 CVE-2023-34969 ===================================================================== 1. Summary: Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.5.16 - Red Hat OpenShift Security Fix(es): * openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly 5.References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4456 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCw9FAAoJENzjgjWX9erE8uEP/R8Vaa/5DZvXpKtewh4v2Xlr jQuBTL/BwOKn0gronaZv2j6d3MHXRHJjMq4o1+ca/7JchHSJJ1ZvjKCsE67k4Ork sW2pgh/BkyyByMb8nsQMfw1RuwxYNArtmnv/laqvteVseFU1r+rovR8U5aWfX7Qg 7SyhANlZZ9irKQqpwhRXbVw1hZux2GK+LK2qHh+UZ/PaPomxm5mItn1uNqDJu2nF 2cVonKIzG+X3JReyaAYI4lM/ZPEv+Spim/vzJ4ehdf1zar/8SiDGdSCcoDkcHhru VLjEfOaFKJqSvZPW87oZlEtlXbKA0Us+RAghOBROxya7xgW/hmZACulPPqJ436Qy CwJC/E02LcbsGfFnN3vmMI1rBqTEFt2RWd/LyBwZd4oeI41XFMu8fC0FeEPZgjHY uEOYfRh880fxqnWjxKdQGhcbDYyb2vdumxuyTONus9CSRTR1eVbyvOewMLpFP6lI bH1L3+PbWPV4+VmK5y9k5Ix+ExMISjCJVhwmsPsuLMgVoHVzYS8OSi4wLaUEb838 x8hbktyhbEAWru7aSs2w/YehII2H8BqsGHO8YKuUQdC341z/si0lU/uAhCAE1DGb nusR7+SeM9BoDW/E+eUV6ef1OpiUT0ryFArpUMamJYalA6RdBirWBGQ45aDZV3e0 i1OyszjlYnHBAeYipZOC =AFo3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 20, 2023
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenShift 5.6.11 RHSA-2023-5095-01 Moderate: Logging Security Issue
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.6.11 - Red Hat OpenShift security update Advisory ID: RHSA-2023:5095-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:5095 Issue date: 2023-09-20 CVE Names: CVE-2023-3899 CVE-2023-4456 CVE-2023-34969 ===================================================================== 1. Summary: Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.6.11 - Red Hat OpenShift Security Fix(es): * openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly 5.References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4456 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCw9DAAoJENzjgjWX9erEc3kP/2NxYnpxMiHABQWrMCW2MB3/ bBqBwkBcq0+/KfHfUkYZBY9RjBs6yztduuuaHVPcr/TUYeHPHqElUbmOr8u3UR5X jbFN0NV/1nMj9LIgXHNGDWJ1hvVNOLONW8plcu1YqgVprBUMlFSRNpft8TfcdIjZ lxPqHwIDLP9WzCIDWQHD0Ob6u5lONe6kXlvRJ4jwqBDxcl3LBG0cCNFqzqohe6jq viopDKB//HLKeoDJXJG+W0AYCRHN1VZtZX0KyEf7LH34PQ53dkmbedYD5GTk8YJq 2ufQvj5jbQuxmw2OJfUEkbliZ0rLE4U9k3r3ubl4HJjIq0Q8s2uKZT9UobLYlR/B opv6Z4bmsX01UPdsJw/UxD7dTKc5+MyF/RVFDyLVisG3JDXpzWAtaLM9eMfKRoYj dVm7twjFPX1ixIbd4tuBRbtjBCSUZMKOGoosg1qT5BpoypE7J47Z8Aal8Dl7rSM+ 9wHfYJuwSDbO5iB6CSMcBJx7rDETr9ySR7hSgiuxHJnEyFnZyWd5jTgCye2Q1c6M J7+f8EJN+mUEBKKzIoEaMcGxPBpwTJH6QzLczkoDw5ILCnJesYR2dC6rwHaxFHiM aKz9usBCVAvuCZc/ne+oqrtgYX+oja15eu40FRb1kioygxkHtMoTEQ/M1lJ2W5cU K2FHKwyD5DMK7EYVynl3 =y0o3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 20, 2023
Red Hat
98
security advisoryred hatrisk mitigationRed Hat OpenShift 5.7.6: RHSA-2023:4933 Moderate Logging Subsystem Update
Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.7.6 - Red Hat OpenShift security update Advisory ID: RHSA-2023:4933-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:4933 Issue date: 2023-09-13 CVE Names: CVE-2023-3899 CVE-2023-4456 CVE-2023-32360 CVE-2023-34969 ===================================================================== 1. Summary: Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.7.6 - Red Hat OpenShift Security Fix(es): * openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-4413 - Warning in Vector logs sending logsto Splunk LOG-4456 - [release-5.7] Loki search does not allow special chars LOG-4459 - [release-5.7] Search content disappears when link is copy pasted or shared with other user with opened with similar permissions on project. LOG-4460 - Loki custom labelKeys is causing vector to enter CrashLoopBackOff state LOG-4501 - Modify max_read_bytes for Vector not releasing deleted file handles 6. References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4456 https://access.redhat.com/security/cve/CVE-2023-32360 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlAdTXAAoJENzjgjWX9erEwEMP/0HXrppsXTMCWd9WphWxz0+E GSsso3fVaKKfSqR1vNTGdLdcF7OuHHGXyCtf6qiF+LZIydtVNZL/mu7BAHPAFdd8 HLrToHUNUz+1Jy/iDLebHzH+TKdonQOEzaGPm4+0qab0No4E5Fc8O7dhdMuW50Hi UvsZUZyvgoOXUz7vlRoyoyauXsJqdcEJFvBmYQlzapKt814wJB+IZtubxSocuZY1 JIxneThZPpu6wisk++7UBf87HHIQX2E5Y4/U/hWVnHqeZbUbyqfrZ24dvpkjYJGk RTyfwAETUC4fxtUhQdmOYJH3EYfnSKaJ9q92SHPFYFJPtd6PUxPLK5DlsT/fhh5p U/TzIFDl5pTa4xJJ5LLx9rY8sIBQknvTKIDG4W/LLjn0ZdCxWUyqp3eAmt+4G7iC rO1Xt0lnfr8WwcX00/ApsXEggVZ16KXHL4VbT92o6uoUdJV4baJpXlBgpirVcK6w Nt4x0bsYJ0AHYFtHsriCdakKLN5PLlNe/kKGymZUVyRc0bQwp54jZxhKKpTsFfPj /R37igcqqotQ7d7c/5kyZ9DZS5tTZYatIXOOlLioxEubgdcCPqgwNyKdMASz4+lC bzXCy6St42xi3rKCQvZ/hp06wnf/DftUHaqL3RhemuztrxQSmpo+qqWcxslUmFAh NHqXUna3+FCBrNf1hX4G =aOM3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 13, 2023
Red Hat
98
security advisorydenial of servicesecurity updateRedHat: RHSA-2023-4341 Moderate: Logging Subsystem Denial of Service
Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update Advisory ID: RHSA-2023:4341-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:4341 Issue date: 2023-08-02 CVE Names: CVE-2022-25883 CVE-2023-22796 ===================================================================== 1. Summary: Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.7.4 - Red Hat OpenShift Security Fix(es): * nodejs-semver: Regular expression denial of service (CVE-2022-25883) * rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2164736 - CVE-2023-22796 rubygem-activesupport: Regular Expression Denial of Service 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-2701 -[Vector] [Cloudwatch] namespaceUUID is not added to logGroupName when forwarding logs to Cloudwatch. LOG-3880 - Deprecated `curation` and `forwarder` are displayed in the console when creating clusterlogging via `Form view`. LOG-4015 - [Vector][Loki] vector_component_sent_bytes_total metric for Loki sink not exposed by vector. LOG-4073 - Invalid link to doc from installed operator in OpenShift Web Console LOG-4237 - Regression with Red Hat OpenShift Logging 5.7.2 LOG-4242 - Vector pods raise `Configuration error` when forwarding to cloudwatch/googlecloudlogging with tlsSecurityProfile configured. LOG-4275 - [release-5.7] Vector pods going into a panic state LOG-4302 - CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch. LOG-4361 - [release-5.7] Setting custom options on the application tenant removes user-alertmanager configuration LOG-4368 - [release-5.7] sts cloudwatch issues after upgrading from 5.5 LOG-4389 - [release-5.7] Query Label Values from Loki return duplicate values. 6. References: https://access.redhat.com/security/cve/CVE-2022-25883 https://access.redhat.com/security/cve/CVE-2023-22796 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkymZDAAoJENzjgjWX9erEOvsP/1qyYiieOWJY/r4PPOJ6nYDH t+CegcwyG9rGlMn0+UibYtmmuiH4iYRV+iWDcU9h1yeGWt1Xp1BYS1lOTZ2+1rao FmiTGZoOLJXeBhy2ZTMm6JG6HCCazUVlLLlQyXU2SZ24l/2fi9OZ4zl/1Dn6tibZ YW7EHpuJRv5WqJHOrYZi4AoMj1DZYHsAuZDF/eqT92liwypJD2dsYt8FM19BeiTG 9hSEV0YSU+BG+41sLs5dP/sUp1SE1vm31/zRCZPxSRaQPnABapTMpvnrPHIUgSa0 iPTzYcTLiBsLL7wEz7zrvtKvLcZyyY/O59Id/n1qLP4RXUFgmYKe2x63fOxLVbX5 n4aY9tfmEuyWqji90NTHvtKI+HAHmJoKZRLm6alBDXQuotId/IWrY8/XipIQWEtC CZC4eZ/DjtBeacO1coRhUc6uNigxik/nEmZ+F4v3MyooTm82RBbVOcEyQH2H/cZ4 902EYa2kmLJSj4EndkV0KWlWUHf12nEF3rvpX8CtVlaGvs8a+76eGEQjEH7oZS1D rWw6IWxkd9wqnzIqv++qOwW2VTKkgpUDR1AwoJ+kxqewoYZj3W821m2HAskuVqGj xjSFyFNZOtQhvMEy6rgZA3seSaoK+RiP7KcrOAfq+Ay8LYZYLkkjwt8DI5B5Au8G FFwpxI/YB+KCwc2hUxVH =hBt4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 02, 2023
Red Hat
98
security advisoryRed Hatsecurity fixRed Hat OpenShift 5.7.3 Moderate: Logging Subsystem Security Update
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.7.3 - Red Hat OpenShift security update Advisory ID: RHSA-2023:3998-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:3998 Issue date: 2023-07-12 CVE Names: CVE-2020-24736 CVE-2022-48281 CVE-2023-1667 CVE-2023-2283 CVE-2023-24329 CVE-2023-26115 CVE-2023-26136 CVE-2023-26604 CVE-2023-28466 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.7.3 - Red Hat OpenShift Security Fix(es): * word-wrap: ReDoS (CVE-2023-26115) * tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2216827 - CVE-2023-26115 word-wrap: ReDoS 2219310 - CVE-2023-26136 tough-cookie:prototype pollution in cookie memstore 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-3498 - Loki returning timed out after 30000ms LOG-4095 - loki labelKeys with slashes break in 5.7 LOG-4100 - [release-5.7] Browser keeps plugin files cached after upgrade LOG-4108 - [release-5.7] Custom time range is not getting updated on Aggregated Logs page LOG-4156 - [release-5.7] Degraded condition on LokiStack is reset even when it should persist LOG-4161 - [release-5.7] Ruler does not restart after updates to RulerConfig CR. LOG-4176 - [release-5.7 ]Vector in CrashLoopBackOff when using matchLabel containing special character / LOG-4177 - CLO pod crash if CLF is updated when CL in Unmanagment status LOG-4198 - [release-5.7] Controller crashes when only per tenant limits are defined in LokiStack CR LOG-4258 - Fluentd fails when configured passphase sending to Elasticsearch LOG-4264 - [release-5.7] Update ose-kube-rbac-proxy to v4.10+ LOG-4271 - [release-5.7] Fix kibana packaging in order for it to be properly scanned by prod sec LOG-4277 - [release-5.7] HTTP request header again too big, causing interaction with elasticsearch to fail 6. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-48281 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-26115 https://access.redhat.com/security/cve/CVE-2023-26136 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-28466 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkrwE+AAoJENzjgjWX9erEpMkP/0jNqiy8R3A3146fwknFWz4h Sr6sKZw0g4xaZXLVaGAl5TXEHb+o8iX6MsZHSIIeX3ccgd9nuIbgHH4yU1FpZC6N oBaaHEOrbruO+v4G5qHVZfZ0C1qEHxuAg46XTiXQAO15srl7lrS+JOvQtnWZKK3o dQlVIq+js7IUZWEVup7nn/EPyf+LGpGxLZOnQWDdLxRhfj8Wev+OOdIiRuZnRG4x kWC/jO2FTJeORtd0/IvyQSd7Ryg/tqaf0ZxnysUdroUfh0swXgER9hl6gyhs3tws kSdz9TyTG1FvULhR/x45slHsX5L4vwXpQZDse7GpqCSvMorhZVk3SoaMMd7/uzXj A6XfP/5KPuYL/f3G6ZjLiPx1L7ddZvgoqfh/wBBGnjKX5ur/uzA3F4BiFfZePZ9d K6c/dDa9WyDh1Yfmt8GNDr7L8DtLAFQoqeJZYHKP2kPKvrlTe7Vc3qL04Bl3Akql 66/dBi1EBFNWq2N3QKGvbolTr0lx9Q+L6pzrHw/UqR7OZjDFMmTUAtFMHm/47lPp JUOVQlrgLS33/OUCfn/jxzUBcBSSUbnK+edbv3la3reyA9cwo79tycGo1pYPjp7a TXJWrl+DURo5nAIagRydn3dH9zAwd9RfNhB3nuLu7LkysbND+k3z+VlcgxxCOc+i shmlV5KYIJaU5KlKIoLR =5Dvx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 12, 2023
•Important
Red Hat
98
security advisorydenial of servicesecurity fixRed Hat OpenShift: RHSA-2023-3495-01 Moderate: Logging Subsystem Security
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.7.2 - Red Hat OpenShift security update Advisory ID: RHSA-2023:3495-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:3495 Issue date: 2023-06-12 CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-1789 CVE-2022-2196 CVE-2022-2663 CVE-2022-3028 CVE-2022-3239 CVE-2022-3522 CVE-2022-3524 CVE-2022-3564 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3627 CVE-2022-3628 CVE-2022-3707 CVE-2022-3970 CVE-2022-4129 CVE-2022-20141 CVE-2022-25147 CVE-2022-25265 CVE-2022-30594 CVE-2022-36227 CVE-2022-39188 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41723 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 CVE-2023-1195 CVE-2023-1582 CVE-2023-2491 CVE-2023-22490 CVE-2023-23454 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 CVE-2023-27539 CVE-2023-28120 CVE-2023-29007 ==================================================================== 1. Summary: Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a securityimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.7.2 - Red Hat OpenShift Security Fix(es): * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * rubygem-rack: denial of service in header parsing (CVE-2023-27539) * rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice (CVE-2023-28120) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2179637 - CVE-2023-28120 rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-3314 - [fluentd] The passphrase can not be enabled when forwarding logs to Kafka LOG-3316 - openshift-logging namespace can not be deleted directly when use lokistack as default store. LOG-3330 - run.sh shows incorrect chunk_limit_size if changed. LOG-3445 - [vector to loki] validation is not disabled when tls.insecureSkipVerify=true LOG-3749 - Unability to configure nodePlacement and toleration for logging-view-plugin LOG-3784 - [fluentd http] the defaut value HTTP content type application/x-ndjson is unsupported on datadog LOG-3827 - [fluentd http] The passphase isn't generated in fluent.conf LOG-3878 - [vector] PHP multiline errors are collected line by line when detectMultilineErrors is enabled. LOG-3945 - [Vector] Collector pods in CrashLoopBackOff when ClusterLogForwarder pipeline has space in between the pipeline name. LOG-3997 - Add http to log_forwarder_output_info metrics LOG-4011 - [Vector] Collector not complying with the custom tlsSecurityProfile configuration. LOG-4019 - [release-5.7] fluentd multiline exception plugin fails to detect JS client exception LOG-4049 - [release-5.7] User can list labels and label values for all user workload namespaces via Loki Label APIs LOG-4052 - [release-5.7] Fix Loki timeouts querying logs from OCP Console LOG-4098 - [release-5.7] No log_forwarder_output_info for splunk and google logging LOG-4151 - Fluentd fix missing nil check for rotated_tw in update_watcher LOG-4163 - [release-5.7] TLS configuration for multiple Kafka brokers is not created in Vector LOG-4185 - Resources, tolerations and nodeSelector for the collector are missing LOG-4218 - Vector fails to run when configuring syslog forwarding for audit log LOG-4219 - Vector handles journal log as container log when enabling syslog forwarding. It breaks the compatibility with Fluentd LOG-4220 - [RHOCP4.11] Logs of POD which doesn't have labels specified by structuredTypeKey are parsed to JSON, and forwarded to app-xxxxxx LOG-4221 - [release-5.7] Fluentd wrongly closes a log file due to hash collision 6.References: https://access.redhat.com/security/cve/CVE-2021-26341 https://access.redhat.com/security/cve/CVE-2021-33655 https://access.redhat.com/security/cve/CVE-2021-33656 https://access.redhat.com/security/cve/CVE-2022-1462 https://access.redhat.com/security/cve/CVE-2022-1679 https://access.redhat.com/security/cve/CVE-2022-1789 https://access.redhat.com/security/cve/CVE-2022-2196 https://access.redhat.com/security/cve/CVE-2022-2663 https://access.redhat.com/security/cve/CVE-2022-3028 https://access.redhat.com/security/cve/CVE-2022-3239 https://access.redhat.com/security/cve/CVE-2022-3522 https://access.redhat.com/security/cve/CVE-2022-3524 https://access.redhat.com/security/cve/CVE-2022-3564 https://access.redhat.com/security/cve/CVE-2022-3566 https://access.redhat.com/security/cve/CVE-2022-3567 https://access.redhat.com/security/cve/CVE-2022-3619 https://access.redhat.com/security/cve/CVE-2022-3623 https://access.redhat.com/security/cve/CVE-2022-3625 https://access.redhat.com/security/cve/CVE-2022-3627 https://access.redhat.com/security/cve/CVE-2022-3628 https://access.redhat.com/security/cve/CVE-2022-3707 https://access.redhat.com/security/cve/CVE-2022-3970 https://access.redhat.com/security/cve/CVE-2022-4129 https://access.redhat.com/security/cve/CVE-2022-20141 https://access.redhat.com/security/cve/CVE-2022-25147 https://access.redhat.com/security/cve/CVE-2022-25265 https://access.redhat.com/security/cve/CVE-2022-30594 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-39188 https://access.redhat.com/security/cve/CVE-2022-39189 https://access.redhat.com/security/cve/CVE-2022-41218 https://access.redhat.com/security/cve/CVE-2022-41674 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-42703 https://access.redhat.com/security/cve/CVE-2022-42720 https://access.redhat.com/security/cve/CVE-2022-42721 https://access.redhat.com/security/cve/CVE-2022-42722 https://access.redhat.com/security/cve/CVE-2022-43750 https://access.redhat.com/security/cve/CVE-2022-47929 https://access.redhat.com/security/cve/CVE-2023-0394 https://access.redhat.com/security/cve/CVE-2023-0461 https://access.redhat.com/security/cve/CVE-2023-1195 https://access.redhat.com/security/cve/CVE-2023-1582 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-22490 https://access.redhat.com/security/cve/CVE-2023-23454 https://access.redhat.com/security/cve/CVE-2023-23946 https://access.redhat.com/security/cve/CVE-2023-25652 https://access.redhat.com/security/cve/CVE-2023-25815 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-27539 https://access.redhat.com/security/cve/CVE-2023-28120 https://access.redhat.com/security/cve/CVE-2023-29007 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZIfBndzjgjWX9erEAQj/Vg/8D/xYKPgCJDjD2IbguRkgOWsZ5r5BP36n pbizOqZem1fs5J1oxmKotej5vE/BD5iumTsNYY59E1y/MjrBYPkaTjnHwgxkNYq/ Lptwmt7pc2jE92E4qUMa5LpUhJxLQfw10SAMmYFVJIqOjVh+82XhU5NW5bJYStRs 767suxjFzYZs8CHwpVyBVqEfI/sCyU+Ok3Pja5McaPjomAt9cNYfXoaPUSq3UMMD ifVOjVz3fE8YY6UhmVY5SPHrG4Ak2YcKOpyJ/A3UjRuKOTrtnLSxtLZisH4UMetZ R0e2ovt1TP4emH9Cblhl18qZxfi6RsveAwQ3IUplCltSRMbl7hrLB11cbAUUoPPc +MGvw6id7BHpH/0pBR1u7HH04VlzK/J1/pAiJNR3uL8W4OomgF9A5oSXSoJ9mY9C hFjUvQp7rR3+l9ivIT5pb//7lGBJs+QIn/W8OJXWEdqUMpC1ybPnJX7+azLUjLAt w7WEuMS7usNdDAUzP/sYFVlHfsNtOKHvx8c+DUi8ti9gkaXakw6VZIUh0g3ZUvmi hUWP7oktj6dZyISk75TpmpPppL5pmlKoHREJgiohSXUnFtp/XsYRAoZRfMbbqKr4 MmyT7J11sfRH5+M1294PtdYJodXu13GESfjW38urAhVE/1SLpvWMQTv7U9CnDimF m78/igCYu/A=NjOC -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 13, 2023
Red Hat
98
security advisorydenial of servicesoftware updateRedHat: RHSA-2023:1953-01 Moderate: Logging Subsystem Denial of Service
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.6.5 - Red Hat OpenShift security update Advisory ID: RHSA-2023:1953-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:1953 Issue date: 2023-04-26 CVE Names: CVE-2022-4269 CVE-2022-4378 CVE-2023-0266 CVE-2023-0361 CVE-2023-0386 CVE-2023-27539 CVE-2023-28120 ==================================================================== 1. Summary: Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.6.5 - Red Hat OpenShift Security Fix(es): * rubygem-rack: denial of service in header parsing (CVE-2023-27539) * rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice (CVE-2023-28120) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2179637 - CVE-2023-28120 rubygem-activesupport: Possible XSS inSafeBuffer#bytesplice 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-3419 - Kibana Filtering not working with filters that have `/` i them LOG-3480 - Loki Query fails due to the limit of 5120 on namespace character LOG-3583 - [Logging 5.6] Logs view custom time range does not work correctly when time is set from the drop down LOG-3750 - Error message is not helpful when querying Loki LOG-4008 - [release-5.6] Failed to create memberlist no private IP address found 6. References: https://access.redhat.com/security/cve/CVE-2022-4269 https://access.redhat.com/security/cve/CVE-2022-4378 https://access.redhat.com/security/cve/CVE-2023-0266 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0386 https://access.redhat.com/security/cve/CVE-2023-27539 https://access.redhat.com/security/cve/CVE-2023-28120 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEkQzNzjgjWX9erEAQjf2w//fvWVOgDk3KzxMqKXVit/4wOSDRpwUDzA Uu82+dXYGFuYchN8DSVss0fbpwDQ4KiUzBgCaxFb9poyBEMlqI/eKthmZF02iiWM H+YiZ8N9DaJhSyQrsjb34iecvRxem91Y7r/uReP1OIG0fnPy4I0ZyEcVUOoqnlju fpOzZd+HuGYYrtVVXw7UJVlZCn1sJ2mk/k6BUZ4Mc6inCCuk+hiz0jLzgJzk3WrY qE5ULjJd/KFOqclyQDBrtMWzB6TZHl9Ked5Anpml7rq+DPgAn/jbapXm/CDAJe1D cwEEzEZjxi19jiXkoPHMqSd3nyRcvDLjM4fatArO//Kb5t9SOvAaR9wfNw5KwMVS Lk6qjcEGFHWjJL43/pu+FZKLaTFkyb0j/QL//AOeyzjv7zKKGjVy7QkegdUpRFvi QpW/WrEy94Vx+tMSNVTIx5LnVrHUV7LixneKodqWR5/mi7hvXeR/TNvLLaC7fcHi IJYbrU6EYgol5YJKus5QMNoybbPNvZXefgtpPrIepzhze5Ezm6r8cbnP4asMbzJC AlNrmlqQUEn8lBQzD7TWvbvykkBgRkxUYR1eXTrgnMCCLBWnhxyCaGYhOesRDZHf 0T+YW382SEy0HOjNwKzPBZ6tCwxjmUhOB5wsnsaCmbgWhDyebVieDq9y8beN4z74 H+p43SNW2gY=4oaD -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 26, 2023
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenShift 5.5.9 RHSA-2023-1310 Moderate: Logging Subsystem Update
An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem for Red Hat OpenShift - 5.5.9 security update Advisory ID: RHSA-2023:1310-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:1310 Issue date: 2023-03-29 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-41717 CVE-2023-0215 CVE-2023-0286 CVE-2023-0767 CVE-2023-23916 ==================================================================== 1. Summary: An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.5.9 - Red Hat OpenShift Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed(https://issues.redhat.com/): LOG-3730 - [release-5.5] /var/log/oauth-server/audit.log not being scraped by log collector 6. References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0767 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCT+zdzjgjWX9erEAQiEVw//c5kd+CHap30XTR1eL8R3ImnvW9ZmDGF7 ItrMScIUKbulYWtIs7lzrNQ48sFRWwkI/ue1B97pNUmEqndVwSdKmnOPPmERwS3l UYIUZ7tGRFMHLGKHiatoG4lGQF0ye0g+pz3zgye+r8AkHhq6zb8J5PyqvhYJB+i7 iqOnnx26rQDprJldnwir2N73F0NN6gfU6oLxV2S3OmiRmpQyd4PPd9LX9XVAcS37 aTbOtnWBv1kJMpWiyIEQ4+NECfKP+PzhPpYtp+Aa/wTyJmvy9WhVjXc9+xEC8xRO wTOG+SuNp88b2vbbzHgyhgP4xdbAGWiMqdcTUzBGNb43QN24D8bI9wPMiHMbMrPJ n59MfUrFQ8oBmuBNkHN39nyG4xeqr6EcgdoEvql/w7fipxj7a8wCo3R55OYl/K6L nplZvuhMrHWzjJvN4gsUt5UdvrFLzNy0nJ+BOXHMLOW+chwyLu3MxhMBqMKFFduv rHuPLWgtzh6i2Cw0Zh7RDoEOV0FzNqXP77n12PyX2nm1h9Fu+VRMTBlr8fEAqLtN f8KNjI2txd6i0wRITmr3QEfTt87jbFltxTBwGhpAuI8wQod/NpDy6z4ckoqxacIk XGkCO66c7kjTl6ewiVwaPg84v/Tcu4kV5eWN/i+BTYXnUo6ps36Xajd7K0On9lgz LlzBWtkhNu0=Iy0e -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 30, 2023
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!