- Issued:
- 2023-09-28
- Updated:
- 2023-09-28
RHSA-2023:5379 - Security Advisory
Synopsis
Important: Network Observability 1.4.0 for OpenShift
Type/Severity
Security Advisory: Important
Topic
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Description
Network Observability 1.4.0
Security Fix(es):
- word-wrap: Regular Expression Denial of Service (CVE-2023-26115)
- nodejs-semver: Regular expression denial of service (CVE-2022-25883)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Network Observability (NETOBSERV) 1 for RHEL 9 x86_64
- Network Observability (NETOBSERV) for ARM 64 1 for RHEL 9 aarch64
- Network Observability (NETOBSERV) for IBM Power, little endian 1 for RHEL 9 ppc64le
- Network Observability (NETOBSERV) for IBM Z and LinuxONE 1 for RHEL 9 s390x
Fixes
- BZ - 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service
- BZ - 2216827 - CVE-2023-26115 word-wrap: ReDoS
- NETOBSERV-975 - Flows dropped due to Loki stream limit during large traffic spikes
- NETOBSERV-1131 - Metrics do not ignore duplicates
- NETOBSERV-1224 - Flowcollector does not report status != Ready in OCP Console
- NETOBSERV-1283 - Not able to monitor Multus/SRIOV traffic on Network Observability Operator
- NETOBSERV-1009 - Export Netflows without Loki
- NETOBSERV-1034 - Remove 1.0.x channel
- NETOBSERV-1107 - Improve ebpf agent memory usage
- NETOBSERV-1137 - UI Enhancements 1.4
- NETOBSERV-1182 - add cluster name to flp configuration
- NETOBSERV-1196 - Extend platform coverage for Network Observability
- NETOBSERV-1242 - Console plugin build infos
- NETOBSERV-139 - Flow dashboards enhancements (flow-based metrics)
- NETOBSERV-962 - Add IPFIX exporter
CVEs
aarch64
network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61 |
network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f |
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7 |
network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128 |
network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b |
ppc64le
network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6 |
network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319 |
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee |
network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f |
network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0 |
s390x
network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582 |
network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a |
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd |
network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26 |
network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f |
x86_64
network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9 |
network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5 |
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a |
network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd |
network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.