Red Hat Product Errata RHSA-2023:3998 - Security Advisory
Issued:
2023-07-12
Updated:
2023-07-12

RHSA-2023:3998 - Security Advisory

Synopsis

Moderate: Logging Subsystem 5.7.3 - Red Hat OpenShift security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.7.3 - Red Hat OpenShift

Security Fix(es):

  • word-wrap: ReDoS (CVE-2023-26115)
  • tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2216827 - CVE-2023-26115 word-wrap: ReDoS
  • BZ - 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
  • LOG-4100 - [release-5.7] Browser keeps plugin files cached after upgrade
  • LOG-4156 - [release-5.7] Degraded condition on LokiStack is reset even when it should persist
  • LOG-4161 - [release-5.7] Ruler does not restart after updates to RulerConfig CR.
  • LOG-4176 - [release-5.7 ]Vector in CrashLoopBackOff when using matchLabel containing special character /
  • LOG-4198 - [release-5.7] Controller crashes when only per tenant limits are defined in LokiStack CR
  • LOG-4258 - Fluentd fails when configured passphase sending to Elasticsearch
  • LOG-4277 - [release-5.7] HTTP request header again too big, causing interaction with elasticsearch to fail
  • LOG-4264 - [release-5.7] Update ose-kube-rbac-proxy to v4.10+
  • LOG-4095 - loki labelKeys with slashes break in 5.7
  • LOG-4177 - CLO pod crash if CLF is updated when CL in Unmanagment status
  • LOG-4271 - [release-5.7] Fix kibana packaging in order for it to be properly scanned by prod sec
  • LOG-4108 - [release-5.7] Custom time range is not getting updated on Aggregated Logs page
  • LOG-3498 - Loki returning timed out after 30000ms

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:cc53d46b4adba475a55f28e57692e245d04ba48f2511df102cbefa7fe0919ecf
openshift-logging/elasticsearch-proxy-rhel8@sha256:d2813e890e74f89a0b6a9972d2d5e24824c20a3863934fc7182c7a9f216532a0
openshift-logging/elasticsearch-rhel8-operator@sha256:d7c7645cc9b052054c973959599d5676084cdc7ad10a4b037207c7b1b453ccba
openshift-logging/elasticsearch6-rhel8@sha256:7af0fa05193b2f75a270c16355bcce6d2117183d59f5ed4d040d5a8e7d40e610
openshift-logging/eventrouter-rhel8@sha256:f457c6d30ba835e7e8bf29de22ca0aa171c48ac91690ec69b52d1bab865762c2
openshift-logging/fluentd-rhel8@sha256:ef813c004ee3a799fdcb14d19f75271980a5b126125f2e2f4a6c36bf61fbc300
openshift-logging/kibana6-rhel8@sha256:84fb35d90e834c43f5159b21140c8b94c21ea9124449425596799f80c7cd8020
openshift-logging/log-file-metric-exporter-rhel8@sha256:66094f9dc36dd6ba75c76cf6cd8218a4386c0aa336a053d741e1cf1f23bb81dc
openshift-logging/logging-curator5-rhel8@sha256:51f0afaea8d8596a8fd538decc0b5ece7a05be30a9fb50f4a4a8b5e5d1c2a6fb
openshift-logging/logging-loki-rhel8@sha256:22498f10e8cb8b3043cd325644381585716c0853473a9cc69e472f65f2c3cb5d
openshift-logging/logging-view-plugin-rhel8@sha256:a3826d612d41edaedccd9ff4f89a0aa0480d87722b58adf001b37a404b1a7693
openshift-logging/loki-rhel8-operator@sha256:eb6448627943a6ef4aaa0505f10540555a7fedc222baa8ba89e94adb2e1a3ba9
openshift-logging/lokistack-gateway-rhel8@sha256:325b6e834b1fb37ea8c0b6cd856d5f92a299b1aefcd71640264fbf36c03e376a
openshift-logging/opa-openshift-rhel8@sha256:7ac115280092a7b1edccabc0a1a33415fa907ffed77e686742a682ed00dbe862
openshift-logging/vector-rhel8@sha256:c6dcfe91600e55d3cd430080744f9a9e391d05b805bc95ade1b7acfc4e4b0ac2

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:25b4eccbc013910c53f83f6b4199043cd81a438e893ae4410832928d69ceb78a
openshift-logging/elasticsearch-proxy-rhel8@sha256:cdf7d7a3d388f9bd4ee34e05d24debed3d72c1d021f7754d648dba2285a97d9c
openshift-logging/elasticsearch-rhel8-operator@sha256:3ed3456206ff4a8d31c7e8de169d74f224b1e6477c69a284839c46baa539a478
openshift-logging/elasticsearch6-rhel8@sha256:4fdca7719007c06b5b749a4c89f80f6c9056150f9e60e00933c2c0ee1b7b6441
openshift-logging/eventrouter-rhel8@sha256:85fabbd04539191db4d739a1af06542d018cb60d1f013344997e469b85d3c623
openshift-logging/fluentd-rhel8@sha256:c1b1303900862a6c41f9e2640021207c6b63203ede686090f62237621a0cbe43
openshift-logging/kibana6-rhel8@sha256:7123433d58b6579455cc263f19c85b63ea951d89f66e2b733bac98a9b7ceac4b
openshift-logging/log-file-metric-exporter-rhel8@sha256:c4370a0ddf8e69001e3264d500f1c6bffb137c0f9102b69c9985e508f0460a41
openshift-logging/logging-curator5-rhel8@sha256:955a2a4cdc1f1a350c4559a7d3ea755b4345477aac73f1b3768247845af277bb
openshift-logging/logging-loki-rhel8@sha256:3dfa1aaf23e2828e75beb5065940288239cb90bda07c3b5efb46e9c25b332fe4
openshift-logging/logging-view-plugin-rhel8@sha256:fe69f918818e882da8198b505bd249b8be5897674ba0c72c27868405477d070b
openshift-logging/loki-rhel8-operator@sha256:c7f34b4de29185bc759a6e4b8f183313da6b0f0929c7ebd3585f8a9f16896767
openshift-logging/lokistack-gateway-rhel8@sha256:8662f22d07a0ac54ab4cc7532bb48118e1836020bbcf41471f49c242a1f0c950
openshift-logging/opa-openshift-rhel8@sha256:0abf679b6fcc0f02af160ea3e30406cdfbd2b7ec855b4d4247133b061a2f641c
openshift-logging/vector-rhel8@sha256:f27ad0565384fafec1007c14c39a353abaa63accbcdd1b57f1e04f2459396b52

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:1aa92ea5423f97f33a5696e7a936a18433211bdf46037e2087dc4b8359bbbedd
openshift-logging/elasticsearch-proxy-rhel8@sha256:b261071a410b5a87f02ded641b6fca2ca46794c301ac51b9b1a476e5e580e597
openshift-logging/elasticsearch-rhel8-operator@sha256:58ffa5355969535fe4911b00a7a8ec4fbc3daf44457397f411f9d1d0e99d2eab
openshift-logging/elasticsearch6-rhel8@sha256:df161e83a11d953b4867faad7079fed1eead2e8fc727902b7ff9671f8d4b1c5d
openshift-logging/eventrouter-rhel8@sha256:9d6f7a8aa0a62965207bb275a33412ff3d11488813822e7752ec891289c01fa7
openshift-logging/fluentd-rhel8@sha256:401e04d0b993745703b300bf05d24321f1af71131fc3cf9d71fdca811cccde7d
openshift-logging/kibana6-rhel8@sha256:d2555e8057588a34b60584b95514be1d85de61e9efa5bf3886182eb913c48a5f
openshift-logging/log-file-metric-exporter-rhel8@sha256:4e9275c00e9fb0c0a50ba652792d11458e88baff2ee1bbef81be535b5a7a95f6
openshift-logging/logging-curator5-rhel8@sha256:832579acb9582f50578a47750fe74b6e872422239aba5277173c6a0bdef51a04
openshift-logging/logging-loki-rhel8@sha256:50da7d343b40123b2f62cdc5d62775f5135efbbac8e7d80142ed4b2c25767f82
openshift-logging/logging-view-plugin-rhel8@sha256:654806471878bd7f9e7c2affd4fad424f8cad686898d817669aabab0bf01d556
openshift-logging/loki-rhel8-operator@sha256:9cab0cee5819cb89d31550d415d4ed56d8c28e84c1296a5e47628a12bf3f2dd1
openshift-logging/lokistack-gateway-rhel8@sha256:0afc1598a966c5011e4d217e392b9087b8d04654f3b3826d08d8bcb74ad3d603
openshift-logging/opa-openshift-rhel8@sha256:03079cb8e4d27db5ca4928a1c43a8eb5d91b9718eafee2a678636a8a49979ffb
openshift-logging/vector-rhel8@sha256:88bdbee2c5cf50b9c2ef574cefff00358ec6f76639e6a5ce37617b015bb8c661

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:dbeee2a22f408eaaa8c36efd07b54c3fcfc29de0d22f1b2ab52f66cfe7de75b0
openshift-logging/cluster-logging-rhel8-operator@sha256:44333474a7390a8e2a5269a40cc1b55b7e52c3fdeacfab7e41bb0741b163eea3
openshift-logging/elasticsearch-operator-bundle@sha256:1340c0cdcbd62207c8923d9b3eff883b6163d75303547551053951d049723653
openshift-logging/elasticsearch-proxy-rhel8@sha256:c74a18e981756e2021247b83713f27f3442646fd3ae6ed7ba7f0a00f239760ef
openshift-logging/elasticsearch-rhel8-operator@sha256:cf1f974d85b790f6b1e5aa1e574d56191c668ef4adf2634b29f26f9bf28381b6
openshift-logging/elasticsearch6-rhel8@sha256:f2d5044bc2af0ec3e78732ae8785d217e80ff18332fca0629ca06c7d481a0d9a
openshift-logging/eventrouter-rhel8@sha256:bed88672a11a7ae0a7273778521b8bb160ff5161e624996f09c2b2accf966d5f
openshift-logging/fluentd-rhel8@sha256:bbff96a917d870ceb4f2982c9bb94440a163a5b798eac9b5ba012a8a8d6ede6f
openshift-logging/kibana6-rhel8@sha256:403c0dd709adab3bc11330a6939e587dea1739cd5670965467f4760530f8df48
openshift-logging/log-file-metric-exporter-rhel8@sha256:36f07e60c39cc3f9f69f40fe6138d11d6b25d8998c1f786527a22ca2319d660f
openshift-logging/logging-curator5-rhel8@sha256:a5b0a709ba5f19c2e99114b4cd91f96848f503cca54b9cbdf44d4f592d27bc21
openshift-logging/logging-loki-rhel8@sha256:b606595d4ebb2dea1885ec1686346997037a027813202abf7b10929ca52b843f
openshift-logging/logging-view-plugin-rhel8@sha256:bdd109da66ec9c32c19ef7918b6bfc7b02b9ce14ac72ca287be42e5f38f2b86e
openshift-logging/loki-operator-bundle@sha256:2fa726e2f73a398aa2ba61df225dc142a135f74172c5f2816b0260d9f6b2e294
openshift-logging/loki-rhel8-operator@sha256:18122b7380a0f17095ab37b375858dc164d77e8476de7ec1a337b2085e42f33e
openshift-logging/lokistack-gateway-rhel8@sha256:324e1825285451ae608657c0a6cc961a1fdd4af2d4b7ed59500103900a3e6e12
openshift-logging/opa-openshift-rhel8@sha256:604d14fcaa7e2a68579423af1c3ce872185bb3741945af63b45dbed8b3bfe711
openshift-logging/vector-rhel8@sha256:7c5d37e649e2b281072fb4900c4b2683d88889b25d520c8c9a849323892d36d4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.