Red Hat Product Errata RHSA-2023:7720 - Security Advisory
Issued:
2023-12-13
Updated:
2023-12-13

RHSA-2023:7720 - Security Advisory

Synopsis

Low: Logging Subsystem 5.8.1- Red Hat OpenShift security update

Type/Severity

Security Advisory: Low

Topic

An update is now available for RHOL-5.8-RHEL-9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.8.1- Red Hat OpenShift

Security Fix(es):

  • rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 9 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 9 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 9 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 9 s390x

Fixes

  • BZ - 2236261 - CVE-2023-38037 rubygem-activesupport: File Disclosure of Locally Encrypted Files
  • LOG-4452 - Index management cronjobs are rolling over indices when parsing JSON is enabled and not expected
  • LOG-4480 - Vector Incorrectly Assigns Some Logs with a Level of "default"
  • LOG-4655 - No error in CLF when the filterRefs refers to a non-existing filter.
  • LOG-4683 - Sometimes the normal users can not create index pattern before the first app index roll over
  • LOG-4706 - Fluentd CrashLoopBackOff on IPv6 single stack and dual stack clusters
  • LOG-4741 - cluster-logging-operator reconciling dozens of times with each ClusterLogForwarder change
  • LOG-4768 - Logging 5.8.0 vector pods going into the CrashlLoopBackOff state on IBM Power
  • LOG-4791 - Fluentd collector Pods no longer picks up the log collector SAs Secret as a fallback
  • LOG-4811 - Fluentd is unable to forward logs to external ipv6 elasticsearch instance
  • LOG-4815 - HttpReceiver requires Audit Permissions to be used
  • LOG-4836 - [release-5.8] logging-loki-ruler pods are not injected with custom CA certificate defined in LokiStack CR
  • LOG-4612 - Service/secret is not deleted when the inputs.receiver.http is removed
  • LOG-4780 - Consume Cloudwatch web identity token that is not found at the well known SA path
  • LOG-4821 - Bad output status formating
  • LOG-4828 - [release-5.8] Operator - Add request duration metrics to the TSDB shipper implementation
  • LOG-4841 - [release-5.8] Queries from Observe Logs containing ~= are mutated when modifying the time range
  • LOG-4852 - Vector collector Pods no longer picks up the log collector SAs Secret as a fallback

aarch64

openshift-logging/cluster-logging-rhel9-operator@sha256:15bcff9e0087d20c30492c916938b008b41fce8c4abc69b3dcc6621ae331700e
openshift-logging/elasticsearch-proxy-rhel9@sha256:a38e13a13472ef326d4f1cb0805f2141efd430101de4b0e2470b1528a76b75e2
openshift-logging/elasticsearch-rhel9-operator@sha256:5e9f7ed92dbb92baf9be52c1eaa43664ca5fc08ac1fb0c9e1de3d832bc17b457
openshift-logging/elasticsearch6-rhel9@sha256:6cce35b0749f0e115aaeb30a7996590badbd2d086998ac33e839cda2516e396f
openshift-logging/eventrouter-rhel9@sha256:a93fd59ea9de4d82452af373aec0288def0f0db9e552b8f933faeb68fa3d79ed
openshift-logging/fluentd-rhel9@sha256:a6f4fd3e1f093375c7e0f2f154196c06bace153fbfcb0237a56c0387d2edeb7b
openshift-logging/log-file-metric-exporter-rhel9@sha256:bfdf0d62d423e626ddd12e39d7b5dbe0a670dd245f011aea9d538cbcc00a16a3
openshift-logging/logging-curator5-rhel9@sha256:e7ef2d60bc5079702791cbcf07299e79738490ce91e4c112806ee9664e9a0c52
openshift-logging/logging-loki-rhel9@sha256:832177cd3be5a23b036c5c003c16c476ab93b71368311b58b787c5e12a76cd8c
openshift-logging/logging-view-plugin-rhel9@sha256:2cc1fdae4617d808fe9a1fcaebc557ddd2fb0a2c5cd5fd96fd4810f363770a65
openshift-logging/loki-rhel9-operator@sha256:45922b7824894a777dd5dd5cffd3eb55c8ecdb866f664f4c8f5c980a9960691a
openshift-logging/lokistack-gateway-rhel9@sha256:f9acd1ae73903e1c60b0b2eb4c89093cc34d4894e41d97e86a6d30b01b9034f9
openshift-logging/opa-openshift-rhel9@sha256:3563962ecba36c84353c1f5b416e46d7c5e562548e06866d7c38c7daad5ca459
openshift-logging/vector-rhel9@sha256:1d103197028cff982dc182bcc155d8a9cdf86141584382aed233e92ad8a05dd7

ppc64le

openshift-logging/cluster-logging-rhel9-operator@sha256:7c24df1cacad4f8552d1026d04f640ed2dc0362d7ab7b3eac5f6595ae2123e15
openshift-logging/elasticsearch-proxy-rhel9@sha256:77819649f078cadc55e03b43c268a19581e38467aaf28ec00151e0322ee7dfff
openshift-logging/elasticsearch-rhel9-operator@sha256:02e2347d8518f98fd8423e4855423c7be592534ec1be962e3bcd6b0dc4bb3032
openshift-logging/elasticsearch6-rhel9@sha256:1f48da9acf14852646f38d4c772e0b2dd04c756b04a77e51ed7b7c3e5704a1fc
openshift-logging/eventrouter-rhel9@sha256:89c48b67d5174157e00add824ddaaf8e3e19802bcf1f9ec8d50034c543ad922c
openshift-logging/fluentd-rhel9@sha256:acbb6a11b716567129eb39902cccd1b38934545bd46000dd3a54f7cbfd92674c
openshift-logging/log-file-metric-exporter-rhel9@sha256:d1f232edcf5feee08364aa4c71e11e7ea1818acc174af4247e7478df78355db1
openshift-logging/logging-curator5-rhel9@sha256:9aa108e57dd3834d1a9ce8f9444d3c972d33d545a47194d61823975fbc0495ba
openshift-logging/logging-loki-rhel9@sha256:6e93e530c87e5a2dca8d095f5b11a8072f7be5c8092576abeae82dc98623c96b
openshift-logging/logging-view-plugin-rhel9@sha256:d4e7d6df23f4d10888972388ed7da3dcc1939c4263a41657cbb0a599cd950955
openshift-logging/loki-rhel9-operator@sha256:d60a491579d301e4bd92e9f885a89498abee8bcacb8e473314934b11cf0e4bda
openshift-logging/lokistack-gateway-rhel9@sha256:c3dae5b22b788d0497c3d59164df18a9a567ae303675aa8cd720e20f3b274d5e
openshift-logging/opa-openshift-rhel9@sha256:6dbc7ef6483a34d896dfc32f7f6be35dc7a19b3cd134d5c26b0bd92d59bf9dca
openshift-logging/vector-rhel9@sha256:0ecb3f02020679580bef98d8bcfa7495338a3d7132fb45f63af330a60f78a38f

s390x

openshift-logging/cluster-logging-rhel9-operator@sha256:c19daaa3a40073c990d709217605cc42df664ca0108ec14b4c9b36db08b2affe
openshift-logging/elasticsearch-proxy-rhel9@sha256:5e0d0a36ba870e93d53e3083a235c80c5c545d53f9903ae545a13ee6dbd6bedd
openshift-logging/elasticsearch-rhel9-operator@sha256:7b9195e4607d307586366fc9cb7eef49fe8adc9de28793b3df76e344f1439ab1
openshift-logging/elasticsearch6-rhel9@sha256:1ed855c035ece0aa4e1c86d1720733aa10d86e06ff674c5ca68c79ca2782aec2
openshift-logging/eventrouter-rhel9@sha256:cea5ea82672f63ac837052cefa48e85c15f885c0a245c02f270b4c1aebc63e99
openshift-logging/fluentd-rhel9@sha256:d80cbd7b15463fa3038b09734cab45f245c1f5c43c2f0ae1216a25304a87ae14
openshift-logging/log-file-metric-exporter-rhel9@sha256:3129b81abfb40b55890aaa1850e515dd54bf0243dc455ec3436246f290426677
openshift-logging/logging-curator5-rhel9@sha256:b3f3ef8c50e385ee369671a4348f8fd210f538133fc2512b7657b9769774b2a2
openshift-logging/logging-loki-rhel9@sha256:0bd3c9f450a5803aa474247370deab87c8849ddc58f1062ee78e1a7c3f957fa6
openshift-logging/logging-view-plugin-rhel9@sha256:2ca6702b3bffdda591e45b2749b7d7e8866e078dafb173d5e18a44d0f7ec5a27
openshift-logging/loki-rhel9-operator@sha256:b6226f3daaa9337d4b41ab12046c9a8da17fff449a0ec4c11a0f602e05446fc4
openshift-logging/lokistack-gateway-rhel9@sha256:26f792b719e35a0668e9376d7764c403453b22774ef1f0bdd8a71c5d9c43e9cf
openshift-logging/opa-openshift-rhel9@sha256:ff9d8eb7f57fab1583d12b7cfe7e3a730e350f1fe2f906ed42f6d791c0ba39b3
openshift-logging/vector-rhel9@sha256:6b4a8f1ddc3ab2cba11bd52488a4696376f99ebd7aa9087e56f80a0b0c99d228

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:390c610a7c03bc8dadc59caa093f2805658b61cb12e555357ed8adbe89e6fb1f
openshift-logging/cluster-logging-rhel9-operator@sha256:789fc86c921cafa374efc033e190d6bc29e2c5d594e5a6118dda512623246212
openshift-logging/elasticsearch-operator-bundle@sha256:466b618a211e67669e142674d96c39fca8e65d1ad40b2cf74ba049af7d9f4c1b
openshift-logging/elasticsearch-proxy-rhel9@sha256:9672f471ca228794a3d6f9812a752ddefd5aef390f3632f253a0ebf183e0d1b7
openshift-logging/elasticsearch-rhel9-operator@sha256:42b25316f08862a117210e280a21fa48686ad1776e9a56f6ae18f6e4232c1f93
openshift-logging/elasticsearch6-rhel9@sha256:01d13351fed91fe5899d9693352c97b3004e29e90ae0c2603650ec2339fc5e94
openshift-logging/eventrouter-rhel9@sha256:ffebe1504dd313a06700f6997f9413ccad434e55376ed00ceccba45e864521fc
openshift-logging/fluentd-rhel9@sha256:3cdbc5179cb7bba76cdcf10913d55c7935ab04c0b83ce6e6169d3446ae5fc480
openshift-logging/log-file-metric-exporter-rhel9@sha256:edff700a8c38fbae280a2cfecddce49227557187d1dba8948ded5afb6a010877
openshift-logging/logging-curator5-rhel9@sha256:678db840e4dfca279615efb0ae3908561370db2f7bfe4b6059a95a19828a3f06
openshift-logging/logging-loki-rhel9@sha256:b61952b983e7fa9dac004f70c6a898f317177118a62a4aa1e642987f472c829e
openshift-logging/logging-view-plugin-rhel9@sha256:410b2e4182e3ea678de1f512c517e62f8d03922bb8ac08c246cbbc01697e2606
openshift-logging/loki-operator-bundle@sha256:9665139e085110a74836a91cd905eb3ff0737a100af32f4aff3123db6417b3f6
openshift-logging/loki-rhel9-operator@sha256:a30c8bce24390a46a7bbc7b13b4d8fd25e5c746c7b5ade8000be4775cf0d7982
openshift-logging/lokistack-gateway-rhel9@sha256:86659855e0de6ca71a7f6f4297ad5ab4fad1298fe1a5e957fc78b86820b9176f
openshift-logging/opa-openshift-rhel9@sha256:e1a7480799f45463e35566ae9f09be956460b6b01c0adc32e90ee57f18fea534
openshift-logging/vector-rhel9@sha256:5e7da8934f5443b8b358df9c3b7eed9036803e5837821346a8d455dc002ecb62

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.