Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryimportantredhatRedHat: RHSA-2023-5379 Important: Network Observability 1.4.0 ReDoS
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Network Observability 1.4.0 for OpenShift Advisory ID: RHSA-2023:5379-01 Product: Network Observability Advisory URL: https://access.redhat.com/errata/RHSA-2023:5379 Issue date: 2023-09-28 CVE Names: CVE-2022-25883 CVE-2023-2602 CVE-2023-2603 CVE-2023-26115 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29469 ===================================================================== 1. Summary: Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Network Observability 1.4.0 Security Fix(es): * word-wrap: Regular Expression Denial of Service (CVE-2023-26115) * nodejs-semver: Regular expression denial of service (CVE-2022-25883) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed(https://bugzilla.redhat.com/): 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service 2216827 - CVE-2023-26115 word-wrap: ReDoS 5. JIRA issues fixed (https://issues.redhat.com/): NETOBSERV-1009 - Export Netflows without Loki NETOBSERV-1034 - Remove 1.0.x channel NETOBSERV-1107 - Improve ebpf agent memory usage NETOBSERV-1131 - Metrics do not ignore duplicates NETOBSERV-1137 - UI Enhancements 1.4 NETOBSERV-1182 - add cluster name to flp configuration NETOBSERV-1196 - Extend platform coverage for Network Observability NETOBSERV-1224 - Flowcollector does not report status != Ready in OCP Console NETOBSERV-1242 - Console plugin build infos NETOBSERV-1283 - Not able to monitor Multus/SRIOV traffic on Network Observability Operator NETOBSERV-139 - Flow dashboards enhancements (flow-based metrics) NETOBSERV-962 - Add IPFIX exporter NETOBSERV-975 - Flows dropped due to Loki stream limit during large traffic spikes 6. References: https://access.redhat.com/security/cve/CVE-2022-25883 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-26115 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28322 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlFPJvAAoJENzjgjWX9erE6ocQAIq2UqNWebhHVR6RWz5DNPKV vN3p9UFDDV6218CnhSJ8utdpDfuf/QbiM4SD5oLjgwqkcT55CvHMG3FsDrBSoun7 ihpibVNkK9SD5gyUAtBWYO9jlxuMeDn1FqJqHo4bzVllq1oVQYtZp6FLp+zxrUX0 X7b0NbYsuR2cqec4d01eZvnfEGouvSMS0UnUJzCNZ5837SxND11jbwdYMXeJDZNL vftwDdcVaDXycy4bzK7iuw4ckoZLm30rmuKONbDrwID+tTqQXi2T7cqz3F+OxO6+ N9vLDY6xkOkzVUQtKvC7GYc4lHYZaJycm9KViYhgAF2US9L+vv4sbuyyVM6zpN3t B5+6I0tKX9kJyKpY7hDU9OTtIO2t8mZiTlkhNKv8oBE4AyfMWwbqS/4AGWBea1yN RQlRsMDKnv/qVgT380ckkkD7ksPEnxEy9ZMAvZ0ElQLrtKNPkwXQFhgCu/3QphWJ epieCp3IQiXZaHJeX31E26v3PcwCoeder/FsyRfgNINpLe+WLLSqkbDWvVQHsKHM mfbh/089ps5grHOD8aAv+w25OwbQGQZ1x65nxn4AAfFKtn1+JcRTpuvqZILXAn+f Nst3KqcTO0EDxMO/H7Gi2pTTHvDWzdgvRpkz3RXVyK7IjmqM0tqRXBGvRh45QNfx pKJwnAnKS+8ITelhsQGZ =mX3+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 28, 2023
•Important
Red Hat
98
security advisorysecurity issuesoftware updateRed Hat: RHSA-2023:3905-01 Important Update for Network Observability
Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Network observability 1.3.0 for Openshift Advisory ID: RHSA-2023:3905-01 Product: Network Observability Advisory URL: https://access.redhat.com/errata/RHSA-2023:3905 Issue date: 2023-06-28 CVE Names: CVE-2022-28805 CVE-2022-36227 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 CVE-2023-24539 CVE-2023-24540 CVE-2023-27535 CVE-2023-29400 ==================================================================== 1. Summary: Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): NETOBSERV-1003 - include metrics role and rolebinding in operator bundle NETOBSERV-1070 - FLP metrics is not populated with TLS scheme NETOBSERV-166 - Multitenancy support in Network Observability for project admins NETOBSERV-391 - Metrics & prometheus setup - flow based dashboards and metrics NETOBSERV-576 - Multi-arch builds - amd64, ppc64le, arm64 NETOBSERV-765 - Plugin's ServiceMonitor doesn't work NETOBSERV-773 - Copy certificates across namespaces NETOBSERV-776 - Implement RBAC control in Loki Gateway NETOBSERV-901 - Console integration (admin perspective) NETOBSERV-934 - Add SCTP/ICMPv4/ICMPv6 support to ebpf agent NETOBSERV-971 - portNaming cannot be disabled NETOBSERV-972 - user authentication fails for non-kubeadmin users despite they're in cluster-admin groups NETOBSERV-976 - Not able to disable alerts NETOBSERV-981 - add must-gather support for network-observability NETOBSERV-984 - KafkaInterBrokerProtocalVersion throws warning and has ingestion errors 6.References: https://access.redhat.com/security/cve/CVE-2022-28805 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/updates/classification#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJxWj9zjgjWX9erEAQhGvxAAlqe2wRYPbDiTD3U94mCKBvCm6LseRogK h+/FLgFUIVmt4wdDRA6O1S+wEqzeHbK1HVgHbU40u4hFU/0M1PEJsiDOyC4hAioO YDry9NxjaCdd4gRtwq8xuBwyeWvRN6sZna1ei/kUcy+1pvJc+YNVMoW3KyBVa2Kp dMdCoVvOt0/yggqFix4bRlzldS1HqBPT3PCSqWJO5OsLa1HyPDmsPYLTzJBXBgiZ of9tgcZ0iwM6/2P6hmKjrKX3hVFNAN47mbmF6u5XfxPywLCEcg5p5eWl1pfJoAYO GwLn0EgW7SKd6Woaq3BIY8MN0+8L9vOba8zWV2ZS1Jkio1RBiBpeoINbFJObXr5N tkKxkJGlnoSypLARdUl5HZwd6MxbVnB1+JQMnjJKCn+VWjxrqCzENMYDrjEzcaLD HyD3HNOriA8ZCvtXOIqVIzKfqAeO++FUn7OUU9U1aBo9zc/AdpeGzBAiW09E9o1d cpPdxfEFYl0uEqw3ZdlXYb58dCU9UsVdS6wxhJSIUtdWiqdLXmXzI/1ZdfSXIOwr 9ud3epfl6clFx8Ibt9VXLD4GUU58v+Q46pDtE6Flcf+8AXN5Mn6tanOOQs1JsuVM oxS+DfzbBZeJnLyEpW6YbMhbGqV8QXm6TF8c+IGAEpGjQwGTblX3BmOf/ijj7Hxt KmF4LPB8n6E=8qT8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 28, 2023
•Important
Red Hat
98
security advisorymoderateRed HatRedHat: RHSA-2023-1817-01 Moderate Update for Network Observability
Network Observability 1.2.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Network observability 1.2.0 for Openshift Advisory ID: RHSA-2023:1817-01 Product: NETOBSERV Advisory URL: https://access.redhat.com/errata/RHSA-2023:1817 Issue date: 2023-04-18 CVE Names: CVE-2022-41717 CVE-2022-41724 CVE-2022-41725 ==================================================================== 1. Summary: Network Observability 1.2.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes. Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listedin the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 5. JIRA issues fixed (https://issues.redhat.com/): NETOBSERV-142 - Network Observability infra health NETOBSERV-350 - Connection tracking NETOBSERV-521 - Network Observability Operator Seamless Upgrades NETOBSERV-617 - eBPF agent: Need to split huge GRPC payloads NETOBSERV-658 - Histogram in NetFlow Table NETOBSERV-684 - Watch TLS certs & reload NETOBSERV-696 - Reporter node behaves the opposite of what it says NETOBSERV-755 - Duplicate flows between pods on different nodes NETOBSERV-772 - FLP pods and console-plugin doesn't restart on CACert name change NETOBSERV-774 - Namespace change in CRD result in duplicated ebpf agents NETOBSERV-785 - [Maintenance] bump to ubi9 / rhel9 NETOBSERV-793 - flowlogs-pipeline is stuck at ContainerCreating when CA cert is misconfigured NETOBSERV-844 - Unable to have a working statusUrl in FlowCollector with Loki Operator 5.6 NETOBSERV-857 - After some time, it fails to retrieve flows NETOBSERV-868 - Migrate ebpf agent to use cilium native golang struct NETOBSERV-889 - Flows not observed in Single stack cluster 6. References: https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZD7LGdzjgjWX9erEAQh6JA/9G1Q3O/6gRVD4As1VnJ+JdMe/JBigYekX /HKyYR3/eED9bom7Cv7TuHLHYaHYKe3g1hcbi1NQJWf+Mv9NtArcdDcszpFXXZHS +j2G3wrlt36vaRB/yHiZk6ZUn7BLxFEeWFnA2PG7/wEr3JJd21aQ7I/lvQs2sXoB 1kk2NYjBjxHKZ9mm7K3U8bNiprE1BKQHmpptOgCKl16cFLUcYZ+4LJ5awY+QbQz+ 7koMph4zOCTLy8jWoqjyM/xEOdaUoVH2oAmHrDlQmEuXUJXiUnEkFylD+3+1mHrK oDvO3dEwh0uZedgEQsBODpHK4I1XjkmOlc897qWPLQnFA3phhhV0Ut4U75Ybq0Kn EnXjhBBm50fxwVGYe0Dx0t8845hoGPcE0gnAYcqQwWcf5p6F+vz+7WcH/JpdYNf2 XSF/sjxb8OdWu3x82zeUJo4VOMpt+Sf1Xd0hoHzNIZtu0E4hF8pZlO/ry6clTYxR F/aSCtkC4CYxobU+w95eY23wevB7KL5tQo0EwrL088Ttr3DdeOcsbrErIzoRRhaC qIOmslkFaJa/kAt5h7T+bOSzndRC/2wpPTyet/eBL8bJ8qs+QD4pDd79uvt+R1Ur E9cL7ysBOY4znysWwuJYyZuHqVUCsDzKbIzQMa4lQGBBkb517Yj/HFsrp3W4O/bA oMzUlJjo8vY=DWsU -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 18, 2023
Red Hat
98
security advisoryRed HatupdateRed Hat: RHSA-2023-0786-01 Important: Network Observability Security Fix
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Network observability 1.1.0 security update Advisory ID: RHSA-2023:0786-01 Product: NETOBSERV Advisory URL: https://access.redhat.com/errata/RHSA-2023:0786 Issue date: 2023-02-15 CVE Names: CVE-2021-46848 CVE-2022-1271 CVE-2022-1304 CVE-2022-2509 CVE-2022-3515 CVE-2022-3602 CVE-2022-3715 CVE-2022-3786 CVE-2022-3821 CVE-2022-33099 CVE-2022-34903 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-47629 CVE-2023-0813 ==================================================================== 1. Summary: Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Security Fix(es): * network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced (CVE-2023-0813) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Apply this errata by upgrading Network observability operator 1.0 to 1.1 4. Bugs fixed (https://bugzilla.redhat.com/): 2169468 - CVE-2023-0813 network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced 5. References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3715 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-33099 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0813 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY+0kZNzjgjWX9erEAQhFFQ//QpVfZtURnoqqxWDRomJfU/B5FMK0iGEv r9lIOIPlCyXNJndORtBR53RPNjOaeDRAMDCLGKyaPMZbrT117nULpIe0glTgNUkM Lr6ZYeuVRPlUeyZz/siRV6e+IgTGJibZh5EmIOIgTqbZcuR2P1pi5VCgy/UlNbgC QnPUSvUf0CXS7c87pX1m1aisYxlyiNFiacMGf26hHFx1fdt1GlCCvko4Rz1sLiiN yc0AZ4sQgt4XJBaTheiueDUx3lJ+AXeJ9IxKwvHYwXzVAZZ43zhYNi93cfcLfk+0 wnpPOVq0sQ3kxe9a02YL5eH2+HvKAJzrw1WAN0SArskk66HgIb4cta1Y9Wqt4++o hR/9/xJLNt9WrLUJaof0VqlMwlZYocIu747CgbhSYh3f+ITVrP86XgVfacBzhDAm YeOClak18lzrBjJKqUZv5jEqspO46l+GwpbAwl8nNk6weyWHvIiZP2j/MIN4o3i6 CGr/2JyKN2LgbU+ForWdjKVFojj/XLUlOd142qYlXyUuHrJ65a3dl1Hcoi+p10bw VXwJDLD45ZUx8VC7CIqG9aVnOAG4JxN77FlU3yFgNvNHdzKs4R8N71B4tk4DRLF2 IfsFlc95Pn/CyNufH9d8+ev5A59qT1wrdwhoXe/Udu7gJZThiRTb0AAXRw0xPdDF YtiWKaTUBfM=wK1Q -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 15, 2023
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!