Red Hat Product Errata RHSA-2023:5530 - Security Advisory
Issued:
2023-10-20
Updated:
2023-10-20

RHSA-2023:5530 - Security Advisory

Synopsis

Important: Logging Subsystem 5.7.7 - Red Hat OpenShift security update

Type/Severity

Security Advisory: Important

Topic

Logging Subsystem 5.7.7 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.7.7 - Red Hat OpenShift\\Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

NOTE: A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

  • golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
  • golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2222167 - CVE-2023-29406 golang: net/http: insufficient sanitization of Host header
  • BZ - 2228743 - CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys
  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
  • LOG-4555 - [release-5.7] Show FluentD Buffer Usage in metrics dashboard instead of availability
  • LOG-4569 - [release-5.7] transport: authentication handshake failed: x509 on IPv6 Cluster
  • LOG-4575 - Vector not releasing deleted file handles
  • LOG-4686 - [release-5.7] Unused eventrouter metrics consuming unnecessary memory

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:1d6a2bd236f72f3dbb4c2e284cb2ac2554d7d79b416d57ee94b8d158ea3ea807
openshift-logging/elasticsearch-proxy-rhel8@sha256:2995302941f4c0d5016e49c3a01ca3bc4d80935ce1de70c84a2124e28e290947
openshift-logging/elasticsearch-rhel8-operator@sha256:9a492f0164ba9ea96a8cef43577a6d62ce5806dc1e821d3aee2abfcf35a02ac0
openshift-logging/elasticsearch6-rhel8@sha256:a00a7c1c152b6d2897bdc06b0137b556e6931b7d309e4e9a585825dbd558d3ba
openshift-logging/eventrouter-rhel8@sha256:bc31b395c3a2353048cad9d0d44f28e60f7e0a01e5fc6f6b2803d813ec279687
openshift-logging/fluentd-rhel8@sha256:d920792d5ea71265702f0a408888e051b47d23cb8b624c02e6ed29b142d152bf
openshift-logging/kibana6-rhel8@sha256:6bdd69f14340d82695bd645b14f4faaa99c830630087d43aa843418cfb34b89e
openshift-logging/log-file-metric-exporter-rhel8@sha256:7f5f8f7d40938e5a0b2b2724c551f4e1dcf57de78daacd736b28b964d0fa6eec
openshift-logging/logging-curator5-rhel8@sha256:0a7df021980720321c27e8021626e0c4f428150faa75fd92803b3e172f07eedf
openshift-logging/logging-loki-rhel8@sha256:8cb4328b46bc3f8627f11fe69b37d8147f1d76b909c9880066277615c36cabc1
openshift-logging/logging-view-plugin-rhel8@sha256:0f251245e9f1030e64a6c9b76fe22b571e4a3f9cc2fd38979b52e5c91c6bd2e6
openshift-logging/loki-rhel8-operator@sha256:31cdc95fe91aeb315afa5a1daf98e91587eac31b895de5b698bfd4637889ce22
openshift-logging/lokistack-gateway-rhel8@sha256:3ef274ae69a419f4458c290b6bd33c2787798dc5a905f46dc20aff7b1c0b6e25
openshift-logging/opa-openshift-rhel8@sha256:cc216b7b979a7b216fa7d4965ad6b1a147405fe95b95eafc0aa47c758f1b16d9
openshift-logging/vector-rhel8@sha256:eb444e7e77e14ff1f36c048bdd53d482b6cf3ed98d3ff6f2574620187fde49ab

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:2023d126c1be90ab6e6b27e778cc3944a2e5af2b44358537d65e60d385e78959
openshift-logging/elasticsearch-proxy-rhel8@sha256:f223378bb8b335e6ed531a451a48fc17c039004414836cc1f2bf8d408eb6eb18
openshift-logging/elasticsearch-rhel8-operator@sha256:640dfbd649bde0c5fed45d5ecaf595e1cf09ffa6d76be3b75751108c0d85bbcb
openshift-logging/elasticsearch6-rhel8@sha256:0fab0830499ef530add912e8022f9d5a09addbf229e62bea989a1d8734e70a33
openshift-logging/eventrouter-rhel8@sha256:ac827708b7d49a217770e510124427e9430ec13b23d8fc3e0f7bdcb682214b34
openshift-logging/fluentd-rhel8@sha256:65b491f9794f306cfe74b6ff622e9fe8b1155df5ed89e8db1f34ee2d299b2245
openshift-logging/kibana6-rhel8@sha256:eddddb656ad870ad417cb92756ce537d32b55b17a9af3c87b5e2f4834017e48a
openshift-logging/log-file-metric-exporter-rhel8@sha256:fef8afe2da100f267ed9e3848b4a9a1183e04bf0a9702404d03b2f57e5ec1bde
openshift-logging/logging-curator5-rhel8@sha256:927ba226f05237f6ad1faf686149a89f692f8904445f5a35f15a685518d3fe6a
openshift-logging/logging-loki-rhel8@sha256:476a5e47090c24d1f8f5bafaca9b80e5373a2da0f14a7ec6e7254a32440adfdb
openshift-logging/logging-view-plugin-rhel8@sha256:8181f92baa5a86da7767f605f4537b59fad583ee80fcde309fea504e9c3147c0
openshift-logging/loki-rhel8-operator@sha256:4e59120fc8a10978b234716a5757891c197e9394aae2446b3b8d8621f3983792
openshift-logging/lokistack-gateway-rhel8@sha256:4cc1ddf22cba8a5ed94549115b5210d961e1978618c8cb48e820e545369ecb65
openshift-logging/opa-openshift-rhel8@sha256:bdb8fb48f8b164fb3d55de977aaa19414654ec7284f148db11b77b94a3feefd1
openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:c9a5546e0f427376f36d6d350cebe7ed3e7d2468d3c8290528fbe054462e22d6
openshift-logging/elasticsearch-proxy-rhel8@sha256:6f64ee3aeedb891cb4b88e90c7569235d8e136cb2a66c7da1bc3ec73a518aa5d
openshift-logging/elasticsearch-rhel8-operator@sha256:720587fcb7a89a571c04c8e222e5ebf54c899086ce07461e5f5dac7dfe8e6af9
openshift-logging/elasticsearch6-rhel8@sha256:90c408f644a8a853de8338f2d4c1b7ff10877973a98c15868e1e0662da8eca46
openshift-logging/eventrouter-rhel8@sha256:7a45458250a73682ab11a3c743d563ab1c9072281b15d3a18088c5902130a4cd
openshift-logging/fluentd-rhel8@sha256:08ba4f66916d6331ce739c856c863e2de59c7b870ef2247ed2ee4b5895932193
openshift-logging/kibana6-rhel8@sha256:e8af2bde433bebee9236365ce6bc52db26981c8e484df2048cb4ed2b7cb5bed1
openshift-logging/log-file-metric-exporter-rhel8@sha256:a91af106ffacd6a620c6b194697516ee3e9f8aa36605873061766d9f0ec35f84
openshift-logging/logging-curator5-rhel8@sha256:94a2902ffbfcec5c29a23529d81f4605ebab9bde8156ad1be6dba42ccedeb1fe
openshift-logging/logging-loki-rhel8@sha256:9a1e97c4dac0165d92615b30b9140149b038ab788464dcd41f8a14b647220a98
openshift-logging/logging-view-plugin-rhel8@sha256:c1247743656700aa4be1b1f6d43732e9ad65e0a99a928065aa94ef2a3729bac8
openshift-logging/loki-rhel8-operator@sha256:75d73f70f941e73b41e38d666dc1dbdfb465cb2d182b6f3663d632da5a15feb7
openshift-logging/lokistack-gateway-rhel8@sha256:1b1dd755ceb338795820eb5c4abd1914071b4579502eb40379e0126dbc5bd58c
openshift-logging/opa-openshift-rhel8@sha256:a99366c13fbb55e96bebe92054c09ac75133023b940df8b80a43d89c8d6db580
openshift-logging/vector-rhel8@sha256:7c85f6f777f9c74096c33f76fbc9c122f203cb549fc91142d51e6aebdc400ec5

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:0761943b57451fa8cd0d42942a831376ab48f723e8ea461d0a5ea49c9a391d7b
openshift-logging/cluster-logging-rhel8-operator@sha256:efb5cb250782473d1f4eb42d06747c9fad6df65c888cca88ed421bba399c5d96
openshift-logging/elasticsearch-operator-bundle@sha256:060f8fd11a32cbb6247d7d41e4be1fc71026e9bab9238995b7b2e563fb94e6d7
openshift-logging/elasticsearch-proxy-rhel8@sha256:7ca7ec92b15a7556d6a8daabd24a70f42e4260b6caf9168e852890c063e91186
openshift-logging/elasticsearch-rhel8-operator@sha256:368447ae5216ada4c092c8781d3b847a5d37606d7c4ce430376ed5d3a4384863
openshift-logging/elasticsearch6-rhel8@sha256:560831bdc34128719564aaaca4b80bba32062b97c87118b4ac00413609bcf067
openshift-logging/eventrouter-rhel8@sha256:3054aade5994df42ab7c2981865a7851049ea46ed20b7805d1553d6b28ab5af8
openshift-logging/fluentd-rhel8@sha256:f93ddeb2a52c0aead46bb0bb2af71a68c9a11093617615faadb3b07f45590fa1
openshift-logging/kibana6-rhel8@sha256:b104e6731b8ddfb98dd8a0891dfb1051fb59e82d70f91c297a62402922412c32
openshift-logging/log-file-metric-exporter-rhel8@sha256:407891f77d384f8708f9e33469c410e84ba25fa9e4cb16e4a6a9c212f0b48a9c
openshift-logging/logging-curator5-rhel8@sha256:00fe8c23f7944a5d639c17b2e81dd80a424aabbddd4d7f0aff6b54f8cf370a58
openshift-logging/logging-loki-rhel8@sha256:9fe7eba96b742b1a3d55cef2934ce6259be01faf589f0b2ec1bc3b557a833980
openshift-logging/logging-view-plugin-rhel8@sha256:2f09d0a0faad8944b5d4689699ae15d3d4e44cefaa5aaa11f2c584e71b23e667
openshift-logging/loki-operator-bundle@sha256:c569eba6b695d9f26dc47f413e925d02666683a4af0401f23cfd05b96dcb61e9
openshift-logging/loki-rhel8-operator@sha256:c7d2ef7cf71269238bb23db61f08f9d237baa955a18cb394e8d34dc80178cdc5
openshift-logging/lokistack-gateway-rhel8@sha256:37e919ddb8673ef99e5e0e1b9e5c9c388c9417dd45971f2dab05bf92b462ab67
openshift-logging/opa-openshift-rhel8@sha256:cf9edc3befb08c9e0327197884faeb387b44efc169063020d154aa2ce77bd711
openshift-logging/vector-rhel8@sha256:5d785f0ff007386c3d6c69eb06e1bac518c7a1b781504ef5ddbb7e6a682382e8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.