Issued:
2023-03-08
Updated:
2023-03-08

RHSA-2023:0931 - Security Advisory

Synopsis

Moderate: Logging Subsystem 5.4.12 - Red Hat OpenShift

Type/Severity

Security Advisory: Moderate

Topic

Logging Subsystem 5.4.12 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.4.12 - Red Hat OpenShift

Security Fix(es):

  • golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift 5 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 s390x
  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 aarch64

Fixes

  • BZ - 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:6096e989b6c696e2932c3886c2198d4afdbaf8fb8305755aed0a97c6867021ea
openshift-logging/elasticsearch-proxy-rhel8@sha256:56328690bf0018dcc8102f25dc5264f16d5f569b026a224699071ed18ce0a194
openshift-logging/elasticsearch-rhel8-operator@sha256:2f125868f2726592f422a57d51e7cf976ea9bf9610ea02ae0271c0a2cde0e7f5
openshift-logging/elasticsearch6-rhel8@sha256:152d21cabf126fb287a2c9c3356863add5966a3f6bfe504b07708f5fb6f43a9b
openshift-logging/eventrouter-rhel8@sha256:b163fc41f910136d9dcee15d1e079c4e1d98039997187b708876fd9ce6d709a2
openshift-logging/fluentd-rhel8@sha256:6fb49985bd30b2130d0fd843961f9a8ad0725f5ff9ebcca4608b2649258c8943
openshift-logging/kibana6-rhel8@sha256:4e5937809e954163eac16fb905ef5cdcd806984058c69d03c06860f858e0b748
openshift-logging/log-file-metric-exporter-rhel8@sha256:1e1bc3dfeb497ec0505f725b9d81711a0870414120f550214ad9d8d1ada83529
openshift-logging/logging-curator5-rhel8@sha256:4ba6ba41891308eed0757d49cf8b98115d5f38b570e253264788bac445bf423b
openshift-logging/logging-loki-rhel8@sha256:eb0362c1f232e58793309fae9786d3485d235bd9dabe12c3c4064562b4590c69
openshift-logging/loki-rhel8-operator@sha256:dcb5c45a005574d97578c6bfe0b2970a40c33748dfea9e0e79b42b110da6896c
openshift-logging/lokistack-gateway-rhel8@sha256:d5d0e7a97db44c365f92069f1335587af22b711981224370dcbe8ec6c79e6a95
openshift-logging/opa-openshift-rhel8@sha256:42592c7015703d418e7d3f2814e7557d2b09b9b0a25a8555f4833e62da1f6cae
openshift-logging/vector-rhel8@sha256:ccd4d0f15754c251ca089157c06d41864021a1c9f2270a05c2483851b0f13a39

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:df22b270e1f723359890aafa9f3aa07bf99c22f1e725329bf24bfa0372790c31
openshift-logging/elasticsearch-proxy-rhel8@sha256:7555627c4c13f20c3d4e7e6d118c70c81e95f0a1fef850a9f7cf0bdc78ddcae9
openshift-logging/elasticsearch-rhel8-operator@sha256:d79d1944d1187216bd8a2a25b1180ba92a9521706b7da3ef586f1116bab5b5ca
openshift-logging/elasticsearch6-rhel8@sha256:fc68bc37f9c94cfc3591886f35f81a66cb249a1f34ba2e0ec92d0b35b4dc5cd0
openshift-logging/eventrouter-rhel8@sha256:d1291370040f98f3b8951d94537e063dd1aca3d9d0991e334c1f8d511163559d
openshift-logging/fluentd-rhel8@sha256:b74bf77540e0cc41c08d3940c56ec4be7444c39ce5693c790ad8bab34ad9e665
openshift-logging/kibana6-rhel8@sha256:9fa0aee38d99df9da31e725141c25a32a2ceb7ae8777fe0247a477bdae22e2c2
openshift-logging/log-file-metric-exporter-rhel8@sha256:31863084d97df4186b8d28a7cace89b7eece7287f60c2a41b587c1f155342c21
openshift-logging/logging-curator5-rhel8@sha256:372b87507c9b9557b47d994a2afd4d2fea692c558544140f2847b8c173c297e6
openshift-logging/logging-loki-rhel8@sha256:dbe59a42235378fb3acdcfd920f527bf9dde3bceee12679983d9a8c672d3086b
openshift-logging/loki-rhel8-operator@sha256:ca45ed7964d7d70fb96fd43a13a8aa1d2ebcfd49184ff4d5f3dcf200e9c6aef9
openshift-logging/lokistack-gateway-rhel8@sha256:968cf7bddb72ebcf5d34d0be94c6e9c06ea3b24adc8ee714d9eae72afe0ccceb
openshift-logging/opa-openshift-rhel8@sha256:dfb3e8a1a2d439a696ea4490ed35cb69c8c6f304dc6129d0da25fd7848a74de6
openshift-logging/vector-rhel8@sha256:b68a233e71b7b5b554718d097b66367a437a1373f18225379a30aabc043bb5aa

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:2d26767c32f94167be45dbbf3faf1dfbe82393159da252963f14ab79dfb88322
openshift-logging/elasticsearch-proxy-rhel8@sha256:75519006e46e29059f7bd47892d33a4f2289a2487158b6e62b3fe48f5c824a3c
openshift-logging/elasticsearch-rhel8-operator@sha256:9bcb0e8390492f819d4991d8f745c0e19b9de4dab2f42e2143e28d1b7e6470db
openshift-logging/elasticsearch6-rhel8@sha256:96362e33a3df6c376bc5764c961cfdcf1b4da949ae32fe9dc109a17ecbcf16e6
openshift-logging/eventrouter-rhel8@sha256:64303daef8972539e596feccfb1fdd186e350083adcab0818b688217ad8d7a44
openshift-logging/fluentd-rhel8@sha256:b23fefbc7bf2d872eba697a2f8ced0eebbbaffe8f8c1a4fdad184ff57760bee6
openshift-logging/kibana6-rhel8@sha256:c0b4072faad5afe90383b2a3d29a97579d69875ce5e6e2ea02d4cf900a05d9c8
openshift-logging/log-file-metric-exporter-rhel8@sha256:c804fcdec3c40ec3cb230e00cefbc72c5301a76261ee246cafc2cf941a823357
openshift-logging/logging-curator5-rhel8@sha256:b2519f1258c8dcfc1e843f5c19dee7c2e7ba96dbfca172387e66d21724235d35
openshift-logging/logging-loki-rhel8@sha256:1437f92f686c1cfecbae4c88bb5eabf4213a1806560de161e52add47fff3cf23
openshift-logging/loki-rhel8-operator@sha256:142b366f4ee6b398b86945a62fbdd18f4c920aa9f305414395915ebec2c04932
openshift-logging/lokistack-gateway-rhel8@sha256:b258bf8a7d46e40afa3ddf39cb9800b65c0af48dd698093527f69141e56c73a1
openshift-logging/opa-openshift-rhel8@sha256:0d66b313f033cbe76e7b26728dccdcc232608fa42fa73347bed8326db314447c
openshift-logging/vector-rhel8@sha256:fa9c870f18772894aa08b045bd668743e5143ff2632f7a476f523cf64e0e4c9f

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:d256e32eddbae2ccef82acfa83750150831d3883ecb9485b0c25a5798b05165e
openshift-logging/cluster-logging-rhel8-operator@sha256:e03903f7dcdb6aed98b82cd7acb0763c016338a1e1a2b8026fbc7871a3561a19
openshift-logging/elasticsearch-operator-bundle@sha256:e72c3703a5be273bd6135626abe6d1a78a3c642eea9c98e508d71cd252d2536a
openshift-logging/elasticsearch-proxy-rhel8@sha256:2ef3ef19eafc6b222a1bca3c8c2ef87c07f6f028e254dc197bd485484395b505
openshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307
openshift-logging/elasticsearch6-rhel8@sha256:a06f2d162836af0d34fe5aa854f72fdc43d5bfa100484a8727dbb626d1047ab4
openshift-logging/eventrouter-rhel8@sha256:7cd4933546ecad75aeb2498d05c58b57154863e7b5dfddac98cb62a69d310845
openshift-logging/fluentd-rhel8@sha256:89740de1e2201b974aebf8e89c72abb96cf694847447d19e9572a9cddea91879
openshift-logging/kibana6-rhel8@sha256:d0adfb36cee7c3b1881461797dcf20c45cd7c961a98cab25da17cf79b1254183
openshift-logging/log-file-metric-exporter-rhel8@sha256:812450e04a798d5d3cc1af2e09cc8a46adda76a3424f1cc43655f5c7ef00ede4
openshift-logging/logging-curator5-rhel8@sha256:71d1a448a50a62831512fb80d803ad8134571af56595d545934e1d0dade4bfd2
openshift-logging/logging-loki-rhel8@sha256:2b62a606e6abce2601fead1d9af312f661424f2009ec466919f5c724ae6b31c9
openshift-logging/loki-operator-bundle@sha256:154c903aec585af0d3ba39858cc92c610df9ec4e3801cb983dcb9e2d94fccc91
openshift-logging/loki-rhel8-operator@sha256:8b28ce44f52ceb5a685d1a3a4318f28747b51fe97be760b14f67ad8a67037c9b
openshift-logging/lokistack-gateway-rhel8@sha256:addc0296dbf47afb5cb6c2e23687ed22f767861ce8c48fabda5c0d3ed61474e7
openshift-logging/opa-openshift-rhel8@sha256:82a26a71a6b384cbd8adf6186a3b2206623e22a7d33c1f3167f986ac9d916db6
openshift-logging/vector-rhel8@sha256:d2218c7c79650064538bd3cb979758c201ea811e1661034078766064f0bf30d9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.