Red Hat Product Errata RHSA-2023:5541 - Security Advisory
Issued:
2023-10-20
Updated:
2023-10-20

RHSA-2023:5541 - Security Advisory

Synopsis

Important: Logging Subsystem 5.6.12 - Red Hat OpenShift security update

Type/Severity

Security Advisory: Important

Topic

Logging Subsystem 5.6.12 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.6.12 - Red Hat OpenShift

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

NOTE: A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

  • tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
  • golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
  • golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
  • BZ - 2222167 - CVE-2023-29406 golang: net/http: insufficient sanitization of Host header
  • BZ - 2228743 - CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys
  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
  • LOG-4570 - [release-5.6] transport: authentication handshake failed: x509 on IPv6 Cluster
  • LOG-4579 - [release-5.6] Show FluentD Buffer Usage in metrics dashboard instead of availability
  • LOG-4687 - [release-5.6] Unused eventrouter metrics consuming unnecessary memory

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:64d3a93c2adbca869845ea59edfbef2675658bd15fd22dfc1681b57809d3269c
openshift-logging/elasticsearch-proxy-rhel8@sha256:ce5fc5a37453626de4bcb9a05d3849ef7da0722bfc8f0fecfc1f693cf6b5deff
openshift-logging/elasticsearch-rhel8-operator@sha256:34a393916466f1d4544cbe4d75936147c4bfc4e0246bee0faebc5c285f26d30d
openshift-logging/elasticsearch6-rhel8@sha256:cd9a57aad90fdec4fef3b0f9b31df96c12bd7fe97cad90f9a1de79e6b0af4bbb
openshift-logging/eventrouter-rhel8@sha256:fc638d1f8ff0f079ea1f5cfa3a9938dc06374ca4e6cd24f92ba62b7d03fd6963
openshift-logging/fluentd-rhel8@sha256:816908f1ac923336e8e3b87129af40271bde545e12b3385186425038f1b14991
openshift-logging/kibana6-rhel8@sha256:0c4ea44d09b21a915c3ecc17c9a50ba22d71ed06b0cc4ba1d8bfbe1ced426e47
openshift-logging/log-file-metric-exporter-rhel8@sha256:b442de2cb36a3a26b3d8b32d953d83d01c4cd5b659f974e1f781fbb5aaef5977
openshift-logging/logging-curator5-rhel8@sha256:4f8f194cc5827f05a969960937e9993528ad030c32d64c7a8d95bcb8ad1bb27a
openshift-logging/logging-loki-rhel8@sha256:f4558c73e630c043e8ffebd92bfbc805d13a644b19e5e43d35979b7942225b98
openshift-logging/logging-view-plugin-rhel8@sha256:79590fd5063ffa0245d96cec02dc4ce257244a431e213ecbe38462e86536b859
openshift-logging/loki-rhel8-operator@sha256:260731d610f37fa0072760f09d460d04fd3a1359d24a2218918412bc1a93947b
openshift-logging/lokistack-gateway-rhel8@sha256:a40f0f1402d912aa12329e0ee3f4d8084337a376f72f1e0b5e45a4dac44ac848
openshift-logging/opa-openshift-rhel8@sha256:e9fc83b6a9a40c2af4dd8a8454d8ca9e3a3bb96fdb290427d3a0c9cb753e91f4
openshift-logging/vector-rhel8@sha256:ebff04a36feae157572fdd32ce2cc045c504b850c0b9f471d381676da314dd97

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:f8553bf9f5a75c089cdf5a26f8853e6f4488c19ef2a8dc1e0ebc96e4aab0384f
openshift-logging/elasticsearch-proxy-rhel8@sha256:26f58db9cb18dfe0eb7a3478a7bb86c87efabe32d98dcf74bc34226a09ea6f0e
openshift-logging/elasticsearch-rhel8-operator@sha256:358c663dbc3c6b0ee31a4b2665c79ff7b826ba6b72c21db62d186a6da09b04c4
openshift-logging/elasticsearch6-rhel8@sha256:caeeb679701abcbb9612b77ef0975575cf31c96b74bfc06553d61140a3f52bb7
openshift-logging/eventrouter-rhel8@sha256:ec56cae824197805c3287f57854343d2d26caa0b192a009c966d28c32f0d0d92
openshift-logging/fluentd-rhel8@sha256:e489da61d05557fba2718fd3e75b7ba50c51c173f43088334db7f3c993748711
openshift-logging/kibana6-rhel8@sha256:0958ffa84bed51e99177837ac672324e5a8c1b20535d8110a3bbabe3f952073e
openshift-logging/log-file-metric-exporter-rhel8@sha256:a2bd4a83b30b2b9e88e8581784e3e901d564d576ba3a58824cd203779ccc9e80
openshift-logging/logging-curator5-rhel8@sha256:cb78249fdad4f2cff00011a9863f40f0749c2f3b4093a322f9590008e62c06c6
openshift-logging/logging-loki-rhel8@sha256:aea6196bddef8110c0d9282d6e84a7e8cdee066fab8ba3607dacb8425b458819
openshift-logging/logging-view-plugin-rhel8@sha256:42223f3fb6d55d6d9155f110b90323965eaf68263d51c485114784a651be8e5e
openshift-logging/loki-rhel8-operator@sha256:c5c0c41173e8c288341859dda8e9c982fba297e2e6c616b953a04ea4280f8caa
openshift-logging/lokistack-gateway-rhel8@sha256:f7c8b8251566fadb3396dfee110b6995e9d2ca27614a3b51f148f78fe5b51b50
openshift-logging/opa-openshift-rhel8@sha256:5b8bc65ad9760c2bcabac5ebf72f2a256271a4c1173871742bf8f817c6ce0478
openshift-logging/vector-rhel8@sha256:10f88bb7c978c24555def7bf4d7fd35dba3d1b5ffdc32fde359b175fc8d8b34e

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:a697fe3d581606f0da267205636c94e0dd7076fdf562fe9d4f0332ec0267f880
openshift-logging/elasticsearch-proxy-rhel8@sha256:938ac92e58ab4fd377219899c6f3c25f41a58260f078e44b371d91964083d96a
openshift-logging/elasticsearch-rhel8-operator@sha256:7a9678d49d25ec0afbcab3c98a3d26d2eeda04a0ece3a833d91dde818f0dde22
openshift-logging/elasticsearch6-rhel8@sha256:8e62859531fcb8dd6b054a76c4bc95b62ff62bcbe69fe18f132689a203168bc8
openshift-logging/eventrouter-rhel8@sha256:b822207e2e70c989cf98d9e5a810e85034a8a1fd2130451e525ce4a804dd1727
openshift-logging/fluentd-rhel8@sha256:3038086e3dbfab1e3070cdeeb7968e863ab4b1012d161ed263e93b153ae2223b
openshift-logging/kibana6-rhel8@sha256:20b6b6aef51ef6cabe133e53dcc1d6665ff8fae0fab4d56ecd6998ca88554773
openshift-logging/log-file-metric-exporter-rhel8@sha256:1646d63e4b9fa7d45f8fc9d1e8cec3cccbed9ba850f3ac07dc75b18f416c580f
openshift-logging/logging-curator5-rhel8@sha256:f09e73392f894fd4f9c38595e617dd4eebabb698d8e1ad0f3ac4e080c37b1f12
openshift-logging/logging-loki-rhel8@sha256:af7c029f15eacd2b65a99271538c68d9b2dcd5c25dbfabadd0e9f8bb2911d827
openshift-logging/logging-view-plugin-rhel8@sha256:50230e9829718254fc51d844e0305978b694354bda4b798fb5066ca3c182d323
openshift-logging/loki-rhel8-operator@sha256:c5e123a5c5d637ff9fb0327c03351e46f14b0d774b484fd045d51df058550d3d
openshift-logging/lokistack-gateway-rhel8@sha256:1da817a84816082f56d2f3bea2f4a680b8e8cc4fe7ff95e311b44e1b5f1f5f0a
openshift-logging/opa-openshift-rhel8@sha256:b76cb34507d54f963da41744b614b83bb7cc031942e7252452c3b299dcc0f530
openshift-logging/vector-rhel8@sha256:7e46ef2e749e3896a86af16744c1c3542ff8a6d0467793af27aedb0fdbc9ee4a

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:02c4a20e1f2b0678afe4ea0757933ce581ef66e6b189622aea7dc0fa91e6c18c
openshift-logging/cluster-logging-rhel8-operator@sha256:556e2c39c0eebd2e8a4d361d40221fa8cf0e9bf7db66dcf2bd2f32576240d94b
openshift-logging/elasticsearch-operator-bundle@sha256:369d45c783651c6e07dfd721fa43025800b263da8e1fdbbc75b296686426e840
openshift-logging/elasticsearch-proxy-rhel8@sha256:c67b4fadb575fc60d60cc3307da75f2fa3e5c4760e572072308a506e4e271ab1
openshift-logging/elasticsearch-rhel8-operator@sha256:2a87c3b6888c57d813169da3ae06aa5bcac1ac916cdc62da3c492928d8eab187
openshift-logging/elasticsearch6-rhel8@sha256:92ab2dde35f2f59c3a8ce7b8b12f5703a7a214e83ca5cc13673d0c8ad373f02e
openshift-logging/eventrouter-rhel8@sha256:ff509532db6b7e2d3a44fac2cf9b63687aa8bfbaab46d7a5f9d58be192475818
openshift-logging/fluentd-rhel8@sha256:149d75b8f4f523c86122176935c63b96305f6eb308e74eea9fa6651c8e75d239
openshift-logging/kibana6-rhel8@sha256:57b608727de6a22f2c39c138d184b4d2e9a1e62b2206fbcab290aeef2802e520
openshift-logging/log-file-metric-exporter-rhel8@sha256:94471501cf396d9d298e9dfee95ed7496e0ec8767eb80bab0ea809cb4e16b878
openshift-logging/logging-curator5-rhel8@sha256:1cac7ceee19cd185658324643c9a81d055d22aa238a28986c76594153c79b422
openshift-logging/logging-loki-rhel8@sha256:47df30d450dbc2b26cf828f2208832ddcba75719cef9486d047e4b2bfb2c61a8
openshift-logging/logging-view-plugin-rhel8@sha256:fd9b30d940cdc8b281fa4a46e8a22f946571e7e72695fef9cfa02c4337e74dc0
openshift-logging/loki-operator-bundle@sha256:62f04228cf7e9abc40efbd69b6dcd0b6d421834b520753194105010cc35e810c
openshift-logging/loki-rhel8-operator@sha256:347cb504d7b382c241a238d1fffc91b5905121c4fe6c976356c46909161b9ced
openshift-logging/lokistack-gateway-rhel8@sha256:ea81838d5b7a63e28ad7e20113253a701063d8d723137681bf11afd801c69f6f
openshift-logging/opa-openshift-rhel8@sha256:01d2e3c8016742d49a9fe1cf7d62c6826dfc8f805babdc4c32e1407c3c8ae6c2
openshift-logging/vector-rhel8@sha256:a9f8b40acd19609ee9c9bc85a4f2cdec9aa4c8c786b62ad94e33c8ea451de961

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.