- Issued:
- 2024-02-27
- Updated:
- 2024-02-27
RHSA-2024:0998 - Security Advisory
Synopsis
Low: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containers
Type/Severity
Security Advisory: Low
Topic
Red Hat OpenShift distributed tracing 3.1.0
Red Hat Product Security has rated this update as having a security impact of "Low". A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Release of Red Hat OpenShift distributed tracing provides these changes: OpenTelemetry: support for target allocator. Tempo: Monolithic CRD, alerting for span RED metrics, TraceQL support for gateway. OpenTelemetry version 0.93.0. Tempo 2.3.1, Jaeger 1.53.0.
Security Fix(es):
CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
Solution
Red Hat OpenShift distributed tracing Release
Affected Products
- Red Hat OpenShift distributed tracing 3 x86_64
- Red Hat OpenShift distributed tracing for Power, little endian 3 ppc64le
- Red Hat OpenShift distributed tracing for IBM Z and LinuxONE 3 s390x
- Red Hat OpenShift distributed tracing for ARM 3 aarch64
Fixes
- BZ - 2256413 - CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
- TRACING-3135 - Add TraceQL support to TempoStack Gateway
- TRACING-3573 - Alerting from RED metrics
- TRACING-3746 - Enable target allocator in the OpenTelemetry collector
- TRACING-3756 - detectAutoscalingVersion always picks autoscaling/v2beta2 instead of autoscaling/v2 if both APIs are available
- TRACING-3786 - ClusterRoleBinding tempo-redmetrics-cluster-monitoring-view is not created when monitorTab is enabled in TempoStack.
- TRACING-3787 - Create CRD for Tempo Monolithic Deployment
- TRACING-3808 - Fix OTELcol span RED documentation config
- TRACING-3810 - Take replicas into account when calculating resource allocation
- TRACING-3717 - [Tempo] Not able to scale querier.
- TRACING-3718 - [Tempo] Cannot scale queryFrontend component.
- TRACING-3719 - [Tempo] Cannot scale Compactor component.
CVEs
aarch64
rhosdt/jaeger-agent-rhel8@sha256:43e20449da710246bf8259cae71e62af24e768f662a8ddd3a0092505b2672f1e |
rhosdt/jaeger-all-in-one-rhel8@sha256:9aa0cb76e0bda16c4240848b356cae2ba49e5a3a2ec621e6dd156c3bd37496be |
rhosdt/jaeger-collector-rhel8@sha256:4fa1cf00691e3a1ad356e1adebddc7564f498b37ba04aa2e32fdcc47c6d58ad7 |
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:35ccf112089ca4c45d89a794148f4fbfcac1c4d7b9fa3d129e867d25348090f5 |
rhosdt/jaeger-es-rollover-rhel8@sha256:2b27890062d23f9297f19dd51b3bb5a5d9d710b8638a6e471562942a992f3725 |
rhosdt/jaeger-ingester-rhel8@sha256:f7598ab997c158cb8d8d3e960c8dba52c8348a1f7c6406de2c17512f36b65a56 |
rhosdt/jaeger-operator-bundle@sha256:d466daa85cb96a4286defe4e5a49db7104a6d16efa3eef22b806ee0cbecbe6e4 |
rhosdt/jaeger-query-rhel8@sha256:a8a46f69714f6ee148f28735b92dab11140e53aa7d9ac86cb48978fd547ad320 |
rhosdt/jaeger-rhel8-operator@sha256:9a77ccb4521f3278babe3ac8851e123caa402b94c75e360571346cf8a726fde2 |
rhosdt/opentelemetry-collector-rhel8@sha256:d9f0933b7de823c5f56f3e676082e8870a648ab5482d1547cfe62fd2c1ef4201 |
rhosdt/opentelemetry-operator-bundle@sha256:372eb906d7038fcf1e9f4c3d050f60d3e0f7f4d0208f1090a4e38a20367fa6f8 |
rhosdt/opentelemetry-rhel8-operator@sha256:87b8a67d74a835c95c2e2baeb7b5502d5efa512d0ef6f32469018730692b8d39 |
rhosdt/opentelemetry-target-allocator-rhel8@sha256:b8df5d734c3f9d44e7b6620ca30088d2fa2be52aadbba3d05cc6855aa2fd4382 |
rhosdt/tempo-gateway-opa-rhel8@sha256:387b9825a33a64abd4013e9783363d17f22d70969f376cfa5e90c50db7cf03f2 |
rhosdt/tempo-gateway-rhel8@sha256:44ef090d54895ba8f1dd311ae66b6ad5f093d5c0a62c713889679aa9050fde24 |
rhosdt/tempo-operator-bundle@sha256:0a3d8a3ac00883bd62ac012dd9f0e60429fe6e39e3a4bb729b26b1429b8570a4 |
rhosdt/tempo-query-rhel8@sha256:cfbb3fcf8f40aa056d38ede98a2e8e67d687765e82077a9e2de152a8ddf462fd |
rhosdt/tempo-rhel8@sha256:656a86ba0bfa7deb830c56816dc2f4f5d23cfcb7eacf82cf21de2c277d5bd791 |
rhosdt/tempo-rhel8-operator@sha256:f8222683f683997f581bde3dc0933734263c40acda440436e518107227a3b5c3 |
ppc64le
rhosdt/jaeger-agent-rhel8@sha256:031763151642058b03f7dc9ce9832565ee8a9efc7548342b81c0d3404236f021 |
rhosdt/jaeger-all-in-one-rhel8@sha256:8b9a5884126fec9de16cd24ab011510612cf87742ed17574fec3ee1c9db1c2df |
rhosdt/jaeger-collector-rhel8@sha256:8fefa741d7d7f17123d25921a2ba6ae5427e5f20eb0b54e0714c4b0c4b692766 |
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:78a34a112499498e121393e669c8f38a4eecde856bae4c07ccb0fd80158ea9da |
rhosdt/jaeger-es-rollover-rhel8@sha256:03aa6903fe5d341943cda0e21e829f34fc5d87a75879cf974e7e1384eedb7847 |
rhosdt/jaeger-ingester-rhel8@sha256:1aa4ec752bfdc5f50d7f47676777653c101bdf180dbe032f10328df8cc9bf377 |
rhosdt/jaeger-operator-bundle@sha256:37ab786306b724eb1b0c7d90b67a71df0adeebf77cea5a02a5c577205e24135a |
rhosdt/jaeger-query-rhel8@sha256:ec12f276054f230347355943c3c8eca7d1137204587eabfd88b627544639801d |
rhosdt/jaeger-rhel8-operator@sha256:da871ed6cb68ccc082ebe518b62339028389ec65f275e7b4228e801ebeb7aa3f |
rhosdt/opentelemetry-collector-rhel8@sha256:d12c9b5a37e539ced99c3bfb54904cc71ce0ab519c16c2a81e3490e4574bb0ce |
rhosdt/opentelemetry-operator-bundle@sha256:101635c96a2351f30415a221fedd7be45523dff9b0cbc2aa177e62a8337965a8 |
rhosdt/opentelemetry-rhel8-operator@sha256:08642f2e83deb2884c32024d78f3d7436c67852b68936cf4ef692f0fe1968c9f |
rhosdt/opentelemetry-target-allocator-rhel8@sha256:c4239ba3e2695fef8e3cbf0588aa24bf30ef00e64d98b24ab9cc2035805e1173 |
rhosdt/tempo-gateway-opa-rhel8@sha256:4db4423e794be7061450b748df4338aa53a995d04efa15cc9d8faecf668df183 |
rhosdt/tempo-gateway-rhel8@sha256:45f477ffcc1a672999ecb11d5ee01ba8e8fe8ffc03b7b670784cb583396528e5 |
rhosdt/tempo-operator-bundle@sha256:bed9b5b6264ad6718a793074d31b798b059acfc03559c7f3853bed29e7c61153 |
rhosdt/tempo-query-rhel8@sha256:260ca10ac9e1392854e1fc99d93e65cc62f1970eecef50e4efc14867e9d1c21b |
rhosdt/tempo-rhel8@sha256:c725c71a5a0fdaf50b518058166f597ad83c6b3921f3a9a81e3622c94b9fa3e9 |
rhosdt/tempo-rhel8-operator@sha256:69a4b72224602cbfb579606bcbb368229448794ba41ed94acd7c483e3eabb42f |
s390x
rhosdt/jaeger-agent-rhel8@sha256:ce23f8e125ff8250fa1dc20acc764bfe6ea1a9d09576383de1b1451f3de9c67a |
rhosdt/jaeger-all-in-one-rhel8@sha256:f9bd13c513fb606825b184f62ddef133cc62cc2ef0dcba48d2b358cc91e50a5b |
rhosdt/jaeger-collector-rhel8@sha256:9fa0132fbd176998a3136e241769a5d77379e180c13616809db89884164a7c68 |
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:cb8890e0b953ece79f742364ef29f83fd66c11832cc15c4968acd190f9c16aa2 |
rhosdt/jaeger-es-rollover-rhel8@sha256:633de06ce62966f8f990ebcada27f50c7ed765814b08f7b5ed443ab1d323acb5 |
rhosdt/jaeger-ingester-rhel8@sha256:9ff33ebcfc604fcefef198a263af3335b1b3f69550f287c39a78f8fc36f8024f |
rhosdt/jaeger-operator-bundle@sha256:68704551481b4461f530f890effe332b97ec11cd9ac5e4dfbe7e80570bd11376 |
rhosdt/jaeger-query-rhel8@sha256:97a0180642ed59d44ff829eb42b06091c9a63acd31fd199c619b5bdbd1904a26 |
rhosdt/jaeger-rhel8-operator@sha256:c04b79f91559911374c8960b67d2191c40657e2f6a35b1b5b368bf7d09c1c5e9 |
rhosdt/opentelemetry-collector-rhel8@sha256:ffe4ebe2aedbe1e92a06033c4cbd8ff711ee1888a4e15e5a0d59f24f9067810f |
rhosdt/opentelemetry-operator-bundle@sha256:ab2c0a7e31b6a9eb9e5ed99435d1afe37edfe993f8928215a4174c9d666ddec6 |
rhosdt/opentelemetry-rhel8-operator@sha256:4d5516236274e19a8ca232c31e60329d04c54fc7c009d2b2d33f749c02293609 |
rhosdt/opentelemetry-target-allocator-rhel8@sha256:711b3873b87b49688c4098b8c04e5709f4c10ba8288fc91fff98301b35a36a81 |
rhosdt/tempo-gateway-opa-rhel8@sha256:299b92b73cf14b79d988d7cda380d24bc98de97cb3f4aea6c4e5c9318d2071d8 |
rhosdt/tempo-gateway-rhel8@sha256:e017f708545d3a486b63ba451156b8b89c3f89d4e49a2abfcfc4c3b061361db0 |
rhosdt/tempo-operator-bundle@sha256:6ad988eafb7737470ef99f032a6533b5da11f912228653694d732ae6e4bb5cec |
rhosdt/tempo-query-rhel8@sha256:1e76f91d930d22d9a0e357ba3be2629df62e024f5db8055c64dac7cacc742201 |
rhosdt/tempo-rhel8@sha256:09d8aba41ae3371c0df8af522fb907025868350a2ab95dd443f3e3bb994abf4b |
rhosdt/tempo-rhel8-operator@sha256:6acb0162dabfbe5f775b8f2bc1afe48594c68f252e14cbf40a16ddd8658dff9f |
x86_64
rhosdt/jaeger-agent-rhel8@sha256:1bb93c1012b4784e4b9c19696738935ffa04438200d8c4d34e94b0b35b6fa9ec |
rhosdt/jaeger-all-in-one-rhel8@sha256:2807ed52560dc2fc6acfd84ecfaec7e1397e4ee3c484291ba7f9ff4c8ffc19a9 |
rhosdt/jaeger-collector-rhel8@sha256:bb8963ace8e8d471d312d37cb6fba5351a21f8de560de919be9a18fde3d947b1 |
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:bd15894e623999ade8dbdd2acf44ce95035adfe559d0efdbd0bec455e5d1f0cc |
rhosdt/jaeger-es-rollover-rhel8@sha256:cd52a2d4021da71390dabd870d9368bac37285307333475212d20d1edbd836e7 |
rhosdt/jaeger-ingester-rhel8@sha256:90e998a8e6c9d4b8842f1fac7839cfe7bd05efd29549c6d5fa835b4c1e60972e |
rhosdt/jaeger-operator-bundle@sha256:9b67e262cf943b3e946f34f1edfe1d0f69c08e74134e5e839ca18c908ca60c8a |
rhosdt/jaeger-query-rhel8@sha256:d45538ac3e73912d6985f63c1242e580821f32fb440c19a2612deb9cea0a39ec |
rhosdt/jaeger-rhel8-operator@sha256:2b53f9110531aeaefca51796bc768e37cacf16b61baab76d9991e5c4f0ab06f7 |
rhosdt/opentelemetry-collector-rhel8@sha256:29893b492be05951aab4034ae030183e6c90600ff1469f6ac62ede5bd2522d3f |
rhosdt/opentelemetry-operator-bundle@sha256:b81659ff1078ef598924ff354ce1d77a2e33f43a09c712b7213c3e38c93d9bac |
rhosdt/opentelemetry-rhel8-operator@sha256:ac881b31ddd576a5d96baf972d22677a340b7ed000800dab86016f9e7665f896 |
rhosdt/opentelemetry-target-allocator-rhel8@sha256:85a35f9ba78e119cc4d9ef0a0e1243c726c5273e766c513bfdb9c5713062cd66 |
rhosdt/tempo-gateway-opa-rhel8@sha256:cf5f03700173c0404ac957e158aca4f516e97c4743540be263d99126d264f0cd |
rhosdt/tempo-gateway-rhel8@sha256:b4393b8468274bbc58eb1368491ed9a52ae81a37bb828590e95cfb0b402d7dd5 |
rhosdt/tempo-operator-bundle@sha256:153aea091df302b13f4c59ed8810ed6b9ecb850f43cf94d970ce24e6a1335499 |
rhosdt/tempo-query-rhel8@sha256:3e61ced740835e2069812be8e7c4cfe85d495188e94045fb7abb48ee19df8da6 |
rhosdt/tempo-rhel8@sha256:3a8273b8b357f69158d928bacf8640a90eb3c3ed99ffa79d28b889c66fdb6bf5 |
rhosdt/tempo-rhel8-operator@sha256:544b3a3e61ff84f34ca779da531f6515f5284ea6cde6372c61b276055b62d685 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.