Red Hat Product Errata RHSA-2023:4341 - Security Advisory
Issued:
2023-08-02
Updated:
2023-08-02

RHSA-2023:4341 - Security Advisory

Synopsis

Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Logging Subsystem 5.7.4 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.7.4 - Red Hat OpenShift

Security Fix(es):

  • nodejs-semver: Regular expression denial of service (CVE-2022-25883)
  • rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2164736 - CVE-2023-22796 rubygem-activesupport: Regular Expression Denial of Service
  • BZ - 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service
  • LOG-2701 - [Vector] [Cloudwatch] namespaceUUID is not added to logGroupName when forwarding logs to Cloudwatch.
  • LOG-3880 - Deprecated `curation` and `forwarder` are displayed in the console when creating clusterlogging via `Form view`.
  • LOG-4015 - [Vector][Loki] vector_component_sent_bytes_total metric for Loki sink not exposed by vector.
  • LOG-4073 - Invalid link to doc from installed operator in OpenShift Web Console
  • LOG-4237 - Regression with Red Hat OpenShift Logging 5.7.2
  • LOG-4242 - Vector pods raise `Configuration error` when forwarding to cloudwatch/googlecloudlogging with tlsSecurityProfile configured.
  • LOG-4275 - [release-5.7] Vector pods going into a panic state
  • LOG-4302 - CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch.
  • LOG-4361 - [release-5.7] Setting custom options on the application tenant removes user-alertmanager configuration
  • LOG-4368 - [release-5.7] sts cloudwatch issues after upgrading from 5.5
  • LOG-4389 - [release-5.7] Query Label Values from Loki return duplicate values.

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:e0c2fee54eac82bb2db9458c66f5989d1ece106028facc0bf7630cdb10ce22d9
openshift-logging/elasticsearch-proxy-rhel8@sha256:8ff461c5c4c305e1ae2991bc5df6dbf98a51b0ecc4bace6706f574beea7f64dd
openshift-logging/elasticsearch-rhel8-operator@sha256:bd46b16c0677fab4a383572c274edebbc69c571045ad449d3b5d421405f5672d
openshift-logging/elasticsearch6-rhel8@sha256:7af0fa05193b2f75a270c16355bcce6d2117183d59f5ed4d040d5a8e7d40e610
openshift-logging/eventrouter-rhel8@sha256:34ce66194dfa6a7a20185095f0766ad57fc61225c080b67e558a81a81f815724
openshift-logging/fluentd-rhel8@sha256:337ee7e9da6cc5eeb19f5f2d626c264f02e4d928fc0966943da66e1feb3d9a7a
openshift-logging/kibana6-rhel8@sha256:84fb35d90e834c43f5159b21140c8b94c21ea9124449425596799f80c7cd8020
openshift-logging/log-file-metric-exporter-rhel8@sha256:acb05b891cba1721d3eed20ecfa3b5d19a814b7759d718393c4df5d82f50c6ec
openshift-logging/logging-curator5-rhel8@sha256:51f0afaea8d8596a8fd538decc0b5ece7a05be30a9fb50f4a4a8b5e5d1c2a6fb
openshift-logging/logging-loki-rhel8@sha256:d39a1cbbdc527136f4019717320fc2bf5de546e8f1155127b116c55cf066a61e
openshift-logging/logging-view-plugin-rhel8@sha256:caaf5d6ce2c02b38ede741333d43b8e316a10dd18c2501bfd4cc404bd8029372
openshift-logging/loki-rhel8-operator@sha256:84bd7d93f70ada3fcc298e943d1f0cd96373c77f3da2f626a26b15121f5ee3c9
openshift-logging/lokistack-gateway-rhel8@sha256:21d62198b0452caf49ec5563682897d1e4c5e03e9e1404ce9d9cf72a7de34ba4
openshift-logging/opa-openshift-rhel8@sha256:9893a02da55a768baa6e70cd79dacc5cfb41a8b0624f9c5722a8f5faf842627a
openshift-logging/vector-rhel8@sha256:d6ad099e497eaad1d8dc0f2d160e1869df48c39c3f38ff4e9254799249bc96ab

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:67ef8c821c9b3bca057ea7199aef6e911cd7f7f999ddc2fdf82c8075794b0aa3
openshift-logging/elasticsearch-proxy-rhel8@sha256:d4baa438f24a85b8be45f0bd121d738af1503ebf18e2c54d655acb6cad9e50cc
openshift-logging/elasticsearch-rhel8-operator@sha256:c2571e820b058d0b2baaa952a3c841646e777d7735561b1a43e1024ce606ff9a
openshift-logging/elasticsearch6-rhel8@sha256:4fdca7719007c06b5b749a4c89f80f6c9056150f9e60e00933c2c0ee1b7b6441
openshift-logging/eventrouter-rhel8@sha256:3df6df351b2f6da84340867d2895db147313931f8d82479b8872da64bec6666a
openshift-logging/fluentd-rhel8@sha256:9a6c4ab015df408ff848234705bf0fbff5332e85279485d2b758f23156a9c572
openshift-logging/kibana6-rhel8@sha256:7123433d58b6579455cc263f19c85b63ea951d89f66e2b733bac98a9b7ceac4b
openshift-logging/log-file-metric-exporter-rhel8@sha256:c808aad73043d9cd7392bdaf6d15dd1a078296df5696bbfa597c811025f61201
openshift-logging/logging-curator5-rhel8@sha256:955a2a4cdc1f1a350c4559a7d3ea755b4345477aac73f1b3768247845af277bb
openshift-logging/logging-loki-rhel8@sha256:f9d15f9109b22d56825f56ec5c037e3f8af6119c022a43c4cfb0fa54bd297679
openshift-logging/logging-view-plugin-rhel8@sha256:5add092b1f4fea3a2e872f41b537635cbc23d874fb2fd9d8991928ec1fbfa3f5
openshift-logging/loki-rhel8-operator@sha256:3167db2da135849cdf568ddad218197d71c807fa8526179fff339016afe6f87e
openshift-logging/lokistack-gateway-rhel8@sha256:375048d10fb7192713ca038f43d57e0b34010f7c5707344de7c0abe9b3e59616
openshift-logging/opa-openshift-rhel8@sha256:7e2bd1808123b522d0542aeb738c57c005f079aebe23ea6f4065ff2d3ae731d7
openshift-logging/vector-rhel8@sha256:dcd90c4fb7fa7dcaed3a27b1e80d7215bab65cde107d58fd8cd54957323f9ea7

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:49c4aebcd64396039f8e6d6cce6c55a92d6bbf6108ddf72bdc53606e26ac2b4a
openshift-logging/elasticsearch-proxy-rhel8@sha256:bb1a983e04d731a4e580cc0eff4216951ddc8a9eb27ed14b1960f2b434f3cd2e
openshift-logging/elasticsearch-rhel8-operator@sha256:5575edf75617e0bd07aa97490cffd26f076aa0bcd82c3274538ab45d51e00225
openshift-logging/elasticsearch6-rhel8@sha256:df161e83a11d953b4867faad7079fed1eead2e8fc727902b7ff9671f8d4b1c5d
openshift-logging/eventrouter-rhel8@sha256:0f91fc53a5053e39de0fe264281a56a179a2b78718cfadec1e1b29506630ab70
openshift-logging/fluentd-rhel8@sha256:b6c6af01832e14bbfa3077448ee626daae770e1366efdc0f0784498f4d30e6b1
openshift-logging/kibana6-rhel8@sha256:d2555e8057588a34b60584b95514be1d85de61e9efa5bf3886182eb913c48a5f
openshift-logging/log-file-metric-exporter-rhel8@sha256:91d8fa588ddc7e633dd526aaa883e4a28a4cb9ac4a9ae69984c976f284779931
openshift-logging/logging-curator5-rhel8@sha256:832579acb9582f50578a47750fe74b6e872422239aba5277173c6a0bdef51a04
openshift-logging/logging-loki-rhel8@sha256:2cd86e00137e4fa3ac2857c9f71766c43f514265e583f2efb34afda01f4f148c
openshift-logging/logging-view-plugin-rhel8@sha256:231a9410313b59e0a489a998fd85c92a8c538c461d2a2efaa6a5bf33c36a1aef
openshift-logging/loki-rhel8-operator@sha256:2b0f8aff7372bb80de5dee22455041afc6514238088adeb643ee3890d6ec0a4d
openshift-logging/lokistack-gateway-rhel8@sha256:723e07a7914053df8edabda59d00662f51b41b1f6d3138773100d4a7c2dfd43c
openshift-logging/opa-openshift-rhel8@sha256:56ed37d86ce09040ca99dcd7323725266ac8f125645784185c7efdfdec70385e
openshift-logging/vector-rhel8@sha256:3b9c8eee3ff2d4368517b1934097a612bd56a69ab98809cfa951400314f3acc0

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:e56a09fc05288a5a2ef9eb4ed9536b517e5a19b6317be07ac9caeed7cdabc2c3
openshift-logging/cluster-logging-rhel8-operator@sha256:c65f10b5e11fd2310b21c4acbd56d1fed311e0dd69f7c33d6b2fa0e83bf2d64f
openshift-logging/elasticsearch-operator-bundle@sha256:907c78f7ca1b56bb2ddc79b5b5555c39fd061190aebe72862bbd672c94b248b0
openshift-logging/elasticsearch-proxy-rhel8@sha256:cf018227104330f7930731e0807ae6e4e877890bb3ab9e6d726a6765c9609a06
openshift-logging/elasticsearch-rhel8-operator@sha256:44ba718456214efb36904719c4843c82449ccb18696925c7571324b4eb4a1c4c
openshift-logging/elasticsearch6-rhel8@sha256:f2d5044bc2af0ec3e78732ae8785d217e80ff18332fca0629ca06c7d481a0d9a
openshift-logging/eventrouter-rhel8@sha256:f28aecb4013c43132d6261fd6817a65c2237dd8b5d9177999277ede0a228c79a
openshift-logging/fluentd-rhel8@sha256:1683bf2947833563d426e07b078e14984ea9c4f2a6da2931979eba3277f6aa2a
openshift-logging/kibana6-rhel8@sha256:403c0dd709adab3bc11330a6939e587dea1739cd5670965467f4760530f8df48
openshift-logging/log-file-metric-exporter-rhel8@sha256:5bb8f176d903c84ed9d07d21d80a5640c15d7e34d0aff8635f62db039602c64f
openshift-logging/logging-curator5-rhel8@sha256:a5b0a709ba5f19c2e99114b4cd91f96848f503cca54b9cbdf44d4f592d27bc21
openshift-logging/logging-loki-rhel8@sha256:0375fb8d4343d67fff498cc1d70ea60a2f3bdec1b02462916a252c1d096232f6
openshift-logging/logging-view-plugin-rhel8@sha256:f54b96b6d08566acdc6d4babbcdc539a8709246aafac1ebdea67100a7f3bd52f
openshift-logging/loki-operator-bundle@sha256:c8c3190680b643c4825b186270d4acfa0cc6ae86f90842dc23b6bad6766f8367
openshift-logging/loki-rhel8-operator@sha256:31b811aeb70106ae65bcba0f36554d536ec5152cd61e65ac6eb452ce669bb595
openshift-logging/lokistack-gateway-rhel8@sha256:115fb8f4748722861fc80fe75e56f46d19ff2aa923ab9b03d6b16942750fff45
openshift-logging/opa-openshift-rhel8@sha256:5468b32eb88305a16f127ebe3ffd8b3f71f70f3fcb709a71d99f2ff793624aae
openshift-logging/vector-rhel8@sha256:7b729eacf413158e143ab4683a54ef7a33380ce9917fa3289df93f2288d6a6d2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.