Red Hat Product Errata RHSA-2023:1310 - Security Advisory
Issued:
2023-03-29
Updated:
2023-03-29

RHSA-2023:1310 - Security Advisory

Synopsis

Moderate: Logging Subsystem for Red Hat OpenShift - 5.5.9 security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.5.9 - Red Hat OpenShift

Security Fix(es):

  • golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
  • LOG-3730 - [release-5.5] /var/log/oauth-server/audit.log not being scraped by log collector

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:10d3c60fd3c4711ce52b90a4e05dbeba807932d496ffb15ec9dcf0a88955de7c
openshift-logging/elasticsearch-proxy-rhel8@sha256:44ed5004550c6d15e054e9367467847e13ae413d6a2e36b6c67842032456f95f
openshift-logging/elasticsearch-rhel8-operator@sha256:cafbd320c49ed0c24453ece94d05bfb7c20a5c54cd735f89b1f1595847fd6f2c
openshift-logging/elasticsearch6-rhel8@sha256:51f06807e4bbd2f7e67d51405e211969a36f5c269b8e29a5f31f906affc0bee9
openshift-logging/eventrouter-rhel8@sha256:1812310845beec68f17c1d5f62180c21ae33cb6a8d136df2b04847281cc4a550
openshift-logging/fluentd-rhel8@sha256:158218c517e6829dbd542ad4bc8d9b2697db1a72d5bc6507621210e49ee3c08f
openshift-logging/kibana6-rhel8@sha256:3e52d684d044b03e33f47de2a2dffdf9543ab69d02c7a24a71a53b980ae1a623
openshift-logging/log-file-metric-exporter-rhel8@sha256:5ca3c6102d5d22c5f8d5f6dc2ff0564a40f7548165e760143f17ba0ee81fca0b
openshift-logging/logging-curator5-rhel8@sha256:254a547ab6c146d7372a8ec18eb554348f0549bf25e7087246caf697095c0fe8
openshift-logging/logging-loki-rhel8@sha256:54e10be8e1091da8544d69b88882ec496cc2bfec7304d04c3f3b45e4e7fb18aa
openshift-logging/logging-view-plugin-rhel8@sha256:9bb6a3e6085a9f1c62276f6fc816b281340d9064a08eeac8dba107b43270c13b
openshift-logging/loki-rhel8-operator@sha256:0a30ca84f0bfe7125b3a3233053b73cb4c8a85359b45d11a1bfdb5d54de05579
openshift-logging/lokistack-gateway-rhel8@sha256:1b4cd1c7a95beae8abc650c357ae86286e2dfa505a208323d41b4345a4c912b2
openshift-logging/opa-openshift-rhel8@sha256:1ccf9f743f92103346397c976ab1a932ab83efcd415b03eba2ffc685bd19a877
openshift-logging/vector-rhel8@sha256:9c21bfe4b002e2d74e68349ddb273fbc2d9bc4e490dab93862920cd02db99100

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:0a0559da7e9e6ca7de48c93f08e0930b187d0da1294d077c5340dc08baf3765e
openshift-logging/elasticsearch-proxy-rhel8@sha256:22aeaaee7f95e69f14732084758be53e37734a65a1c02dd05143d56654167968
openshift-logging/elasticsearch-rhel8-operator@sha256:29172efc78a450b37d3e549abd4f152aa5974e86055505617479fd8517c54077
openshift-logging/elasticsearch6-rhel8@sha256:afa21e9a6daade99d696bb3ff311fc563fe3b6d4cc5394db5bca99b8461b30dc
openshift-logging/eventrouter-rhel8@sha256:abc73d7c56ac041fb666c0fcd954cbdd5bb1e7f5574ae8f44d110d9464d63e53
openshift-logging/fluentd-rhel8@sha256:7ba453711bbfa2bde1ab759d77eef773fa7bda16d4dc5e305025175d1ff96edc
openshift-logging/kibana6-rhel8@sha256:a75e1dc70df128550b4ed4c12d96038f8383b8545de734ecce9027adc1ce1a35
openshift-logging/log-file-metric-exporter-rhel8@sha256:0308780d822eb3aa83e2524fbbf9c99ddac677f53bf2b03a62d50e0409d33ee3
openshift-logging/logging-curator5-rhel8@sha256:5523384603d7e2d241581560524b8d508139fa0405a1d843252f3b28984f23f5
openshift-logging/logging-loki-rhel8@sha256:bdaef9fea459531f4b786f922eb07f0e68a57a4ef60d28f3219b1e5d380087ac
openshift-logging/logging-view-plugin-rhel8@sha256:845cffa36532da8ecaf6c02ab3760b36f9d2b60e0fd5db049a40a66884365ddd
openshift-logging/loki-rhel8-operator@sha256:fe586c119e3273fc8014d297e7634943d92705af2beb09557fbec5d39f59ff6e
openshift-logging/lokistack-gateway-rhel8@sha256:23f868ad11164b7cb37e343e4f087ca47e6d35ee84777a7cd40a695d45734452
openshift-logging/opa-openshift-rhel8@sha256:8ccdc6e5f1dd5a4e31e7f546abb47993ed95487860af01e1ed4bea3a1b28ff51
openshift-logging/vector-rhel8@sha256:11b350a1830c6702f6d2daede90abd7c54dbb436c3ebe30a99fb2460a8309457

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:af8c4c2299729cf48c54fc9b653c354a08cb116e516686e16644fdd68d58fdac
openshift-logging/elasticsearch-proxy-rhel8@sha256:db771f2b0b292131caf29b0c3e646559a8aac0cc6b42bf5c0fe3e2c10721edfb
openshift-logging/elasticsearch-rhel8-operator@sha256:99adbffcd95fa7b6e0a699a3687f47cefd95815552c78ea44359898c1ef5a11b
openshift-logging/elasticsearch6-rhel8@sha256:9bb68ee00ea4bf7897bf785dcc5a8f49f77591b2c520a0499b9d593f1f7f3e77
openshift-logging/eventrouter-rhel8@sha256:d09004093fa414f69702473c1f4b8776c9245675e6754186d7a0cacf55c0a9f6
openshift-logging/fluentd-rhel8@sha256:f463acdf2d2ed9b5674df0ba079c2f8be65f761bdc3781a2ff49f323bcb690d0
openshift-logging/kibana6-rhel8@sha256:10722dc15493513ac834200593930eb93a6b231a16365dd92e5b117570a472f7
openshift-logging/log-file-metric-exporter-rhel8@sha256:5a7cfd868121bea76e0648bdf14bc001d2922db3f0f86b39c039478e8476cd8e
openshift-logging/logging-curator5-rhel8@sha256:bbf3f91f411a1de2d35470d3504f281109689bf20c6e8ec966f01ceae966511e
openshift-logging/logging-loki-rhel8@sha256:5130975bb35317db09020551dfd7ae17b004fcb9d409745244d207e5358df4f7
openshift-logging/logging-view-plugin-rhel8@sha256:2094fe72e9687b3322812d82f129324015b8fd9416d0b76f629b10677c514359
openshift-logging/loki-rhel8-operator@sha256:6cdfc86fbfa8c3c90104009065798070053ca26a5bc1caf352d0be5c3aa4d214
openshift-logging/lokistack-gateway-rhel8@sha256:505bb6e8390f1bf6faa4d9886d7b3bac3b38ef5a3b44d030f75a6389709054ea
openshift-logging/opa-openshift-rhel8@sha256:77bbdbb250c7129b7b8f2dcf567e4e8d43013ad9427e9640b64313b82ccaf870
openshift-logging/vector-rhel8@sha256:14107ddb3794b7a778f6fc39324338b4790fafa8df8cdd06b94ad85aabd189af

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:9f60f36c29ff954106e3966d1ca45caf1a10f25047f3888a720514bf762869fb
openshift-logging/cluster-logging-rhel8-operator@sha256:83ab545bdf779f8ce4f50604ee4a626fd6245d31ae83a612438970d9a743321d
openshift-logging/elasticsearch-operator-bundle@sha256:fbb0b82e4e102301e87500dda886861e39983eff3511cb8b7c957b67732e8e6a
openshift-logging/elasticsearch-proxy-rhel8@sha256:ca144406aa4d66149d9c530f245c11eb753b0a20a2f09411202b19f238d474ae
openshift-logging/elasticsearch-rhel8-operator@sha256:05b7944bc2f51fe3a19420d3a0d42b6944fa7dc4fd16860557aae97e81972093
openshift-logging/elasticsearch6-rhel8@sha256:01fea4b904e5081994feca65f14a113bee7402e6f9e32c86de56d78892069248
openshift-logging/eventrouter-rhel8@sha256:e51150b8d08b80036d68631f9fc91e9da331725d58c65699090c5dd0d7f338e5
openshift-logging/fluentd-rhel8@sha256:0d36a99eb193d94f446b1403c4a32c138b6ccf10771a2c5f879a4fc8d7e248fd
openshift-logging/kibana6-rhel8@sha256:969c90a986d2b6d9f24957ef1e095e4e40bd966781636312f0d543c20be8680f
openshift-logging/log-file-metric-exporter-rhel8@sha256:2382d3a838eeb88c6df26747b86e818c13f78212803d24b6186764c975717a6e
openshift-logging/logging-curator5-rhel8@sha256:f8672a422ae4777d05e275a4b001a873f8561c81cd51c6216ba8045015da1860
openshift-logging/logging-loki-rhel8@sha256:0d67b61f5ca2a294353a5205b71ed830d1f9660c936915a35c66e8b1f97f8375
openshift-logging/logging-view-plugin-rhel8@sha256:d0c04934018c8c1409e4a7ff41c3c1b002f33a6a5837a5d628a779626a4466ff
openshift-logging/loki-operator-bundle@sha256:9f58cdf599620e77caf66af6afa22320e3d40b38114143ab9a298098530331fe
openshift-logging/loki-rhel8-operator@sha256:0e084b5b47e05b61b6fc21c03b2f9a4fa872ceea4c5341edd48c392887502247
openshift-logging/lokistack-gateway-rhel8@sha256:af1c4e0724157b79d5d511d9ec7c7025fbb08c31ffc41e622026bc34949ee322
openshift-logging/opa-openshift-rhel8@sha256:280c2a3d668341679a88de4922b3d9916b7f423efd2aee5c4b7be7d0d7223434
openshift-logging/vector-rhel8@sha256:c69856e661af2bf9f49d4beedbd705e3f73a106814e09fbd79eb0c91dae3eb32

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.