Red Hat Product Errata RHSA-2024:1508 - Security Advisory
Issued:
2024-03-27
Updated:
2024-03-27

RHSA-2024:1508 - Security Advisory

Synopsis

Moderate: logging for Red Hat OpenShift security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for RHOL-5.7-RHEL-8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging for Red Hat OpenShift is an opinionated collector and normalizer of application, infrastructure, and audit logs. It is intended to be used for forwarding logs to various supported systems.

Security Fix(es):

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

For Red Hat OpenShift Logging 5.7, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
  • LOG-5172 - [release-5.7] Loki Operator should not emit ReadyCondition when readiness checks fail
  • LOG-5202 - [release-5.7] Loki buildinfo is obscured
  • LOG-5241 - [release-5.7] Loki Operator ServiceMonitor relies on a BearerTokenFile, in violation with UWM Prometheus specification
  • LOG-5251 - [release-5.7] Loki Operator metrics are scraped more than once
  • LOG-5275 - [release-5.7] expose buildDate, goVersion in Loki buildinfo

aarch64

openshift-logging/cluster-logging-rhel8-operator@sha256:a39de32fabd2deec35506897b871caf594e061926032f91140197ae0d362c1eb
openshift-logging/elasticsearch-proxy-rhel8@sha256:65650d796dc4073b4be23d79e026f8312315200396d98a59f9819c1b3f68563f
openshift-logging/elasticsearch-rhel8-operator@sha256:8678d448b67b9fa0ab07a582c4920754711b5de998c5013a772d5c4834049b56
openshift-logging/elasticsearch6-rhel8@sha256:4c14e3ecd699fb8695bbaad85e496de0b6442ffa44d3eac4f1759bdc076bb169
openshift-logging/eventrouter-rhel8@sha256:f30221a22d9863f3fd88828733e2ffa81dc85da886b46fb3aa4324288f58a2ab
openshift-logging/fluentd-rhel8@sha256:b2901141382b34c9a7b83714c4e91b092a01c65b10c60fb0f4f4c951743ed570
openshift-logging/kibana6-rhel8@sha256:5b6290114350d5e397feb4229fafacf6dedf182512610ddcfc96297e7ef7f13c
openshift-logging/log-file-metric-exporter-rhel8@sha256:901533ccc6e769669c31b4e8b401a0929ee27451a08da20fe01c136e0801f8c8
openshift-logging/logging-curator5-rhel8@sha256:2ee6beb9fa9b3fbc80b81093ac5a198cc6f7b7cdc5c1d17c5c8acff928ba400e
openshift-logging/logging-loki-rhel8@sha256:14e4557ef3b5d8e23da88c6ec4e3ca57005697ad9ef9006b7abed668bbbcb33d
openshift-logging/logging-view-plugin-rhel8@sha256:ade217fcb496630fac675c3ae0c2585d8956f37cd10b539755ff035513d6ca92
openshift-logging/loki-rhel8-operator@sha256:9072524268445ce04bcd50c3022f66e8203b8bca9f51848c510a3b02a2fac2cd
openshift-logging/lokistack-gateway-rhel8@sha256:e26733e54aef40456024d48893ad224940d06d09a2e08f5810c7fd3e2cd28bc4
openshift-logging/opa-openshift-rhel8@sha256:c12fa22f7d4c63be9023a92b9dfc776201d533df4d17dde3f95e29199d6f3edb
openshift-logging/vector-rhel8@sha256:c032c622d77a615e12abf3d422a934b61d4fb9b89d3d7620c5c7febecc67fc88

ppc64le

openshift-logging/cluster-logging-rhel8-operator@sha256:7de6d4e6f4184374c1f4194897924157b05db17909844eb483fea81fc9830ab5
openshift-logging/elasticsearch-proxy-rhel8@sha256:1672439fe0725842fd7dfaed85acaa917e5e11fc4b4cbd2ee47f63247fe6df83
openshift-logging/elasticsearch-rhel8-operator@sha256:2ad65674ad1965be9af734e1c303c8fc6ce037b53dc544166af34580b90a3eaf
openshift-logging/elasticsearch6-rhel8@sha256:3ea949120cf831fdd3d17ab0db9ecdc3285bcc1b35513810aab87d277f04dd22
openshift-logging/eventrouter-rhel8@sha256:3f0634aec90df3c4b4590a74e503d974ac90a356bc7031c8a6257cee13ab89e7
openshift-logging/fluentd-rhel8@sha256:03e312047e344331b6abe9c720841cbe536ebae00613c44b53c1e9570e4e8c40
openshift-logging/kibana6-rhel8@sha256:2ee16c577d1d9496b7439caba7cc33c8001e55292b46e756fb0f510f46bca0a0
openshift-logging/log-file-metric-exporter-rhel8@sha256:6a9151d774efd695987cb969ac4feee69a926f9900ce95ee2dbdc4a1b4a3004b
openshift-logging/logging-curator5-rhel8@sha256:4e097a276b5071e8c5a663b0423de2e606c4b9818ef137909c51b7b47b62820b
openshift-logging/logging-loki-rhel8@sha256:d2ba53c37c7f2eb6f1a8c163d011a6a9b92c305f7212734993d1d2d287ec68bb
openshift-logging/logging-view-plugin-rhel8@sha256:cd30d04309e4b42da34a8c93e3c3a66228c72b692404527b7fbedac7bf671223
openshift-logging/loki-rhel8-operator@sha256:699042d45b6b856f9382d07cd4f619344462cdada08209975f9a60275bf34fb3
openshift-logging/lokistack-gateway-rhel8@sha256:c9a759c06cc2040ce3b9402183d2ba3765098d3b6d0f395c88d6c729c45d4eb9
openshift-logging/opa-openshift-rhel8@sha256:bf502019fe6e4be3db43b4367de57cff2ca013c1b6ed048b8f053fb70665a33b
openshift-logging/vector-rhel8@sha256:a80831d09c8d469174a9f69e77860ce686bd3b938f9f4d0b0323ac5f296d2dca

s390x

openshift-logging/cluster-logging-rhel8-operator@sha256:9048cfa21f05513e19b19913a0553b1629dbfe8970b70f115781fc5c7530d988
openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80
openshift-logging/elasticsearch-rhel8-operator@sha256:6f6eff31c7ce0b74af15f3fe1bbc288c384be0021f08ae773cf0a428b99aaf20
openshift-logging/elasticsearch6-rhel8@sha256:e17559447795c40edb0185b580fe5d72d90057da294dbd75ec571e2ff2c549a7
openshift-logging/eventrouter-rhel8@sha256:b057d736376423a5c35ddd69b40602b6bb833e2c2953eea5c33e96b94b06a239
openshift-logging/fluentd-rhel8@sha256:5941d872aef1415286230ee03fe2f42ca2cb799568c2fa3e4f5ae99ba3051a62
openshift-logging/kibana6-rhel8@sha256:98e693efcba4b737c95760bf4e2903d34ea28f1fdf45af9dfaa1c6df21aa1362
openshift-logging/log-file-metric-exporter-rhel8@sha256:aa0123efe2d9f81b47ae19406cc05ee469e37f4aa4e39a5b0f6f68a30b4ff44d
openshift-logging/logging-curator5-rhel8@sha256:50bd9ba78a6f9008e43c8ec77212e024c1b4899b25d8b1b88c0b4b1d9c64f521
openshift-logging/logging-loki-rhel8@sha256:4075ec43f946ef940deba307406bd3817715e2f9564b53714b4e83081cd0c68b
openshift-logging/logging-view-plugin-rhel8@sha256:c687aa23643b33aeafe2f0da4c640395b3a6a26fcda058278c2da592f344ec00
openshift-logging/loki-rhel8-operator@sha256:be1a90981d1af1f8a7b4eca032e900b0d5518dd334b88e09d2244eaab3c1b2ae
openshift-logging/lokistack-gateway-rhel8@sha256:c1fc2ef80a7520854182ba0fd85cc81f42de9ff54176e27b8f10b46479c083a8
openshift-logging/opa-openshift-rhel8@sha256:e538b691d35338e1d64c54524f43cc1f94ed75334b89d2d783178871f533528b
openshift-logging/vector-rhel8@sha256:8d09636cbd8d1df7f5411c2f22c2e1a33be03e9a614ee280d6d1e95fec374bfd

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574
openshift-logging/cluster-logging-rhel8-operator@sha256:d147ced8dea6ba59102e9e0cd87078d97f4f5e7f9577da8b7739efc447a49b6b
openshift-logging/elasticsearch-operator-bundle@sha256:f487d91e2df318c6d7fcbafdbde8304c4e78341f71ed91c7749ffdc41e13ed94
openshift-logging/elasticsearch-proxy-rhel8@sha256:d36a834c264b07c8e3a2c2c710bfa92aae08517a12bf1c82b666b2eee169c11a
openshift-logging/elasticsearch-rhel8-operator@sha256:4dbcc6f81e016c406245fb3b703aff0707a0aaa3b322c25f814e5d750901d6f0
openshift-logging/elasticsearch6-rhel8@sha256:efa83744b53aab35f20e0a963e19f5ee4d15460f55e2b10536e71591919f55e1
openshift-logging/eventrouter-rhel8@sha256:3df82df2f0f270db2fdc11309f6929e453a7bf404e793e44a6b846fc4adfa4ef
openshift-logging/fluentd-rhel8@sha256:715cbbcb0eba7dfbf8a2f53853085ac2ecbf571c694a9f864d0b2230fd8db09e
openshift-logging/kibana6-rhel8@sha256:3432c849ec8fe1ddf5e02ffbd69202c2354467f735d749cf1358d4308f984510
openshift-logging/log-file-metric-exporter-rhel8@sha256:93dd91931d74cf8f6a1abd8f187ca620633740014a0b0f952fdac05aee729778
openshift-logging/logging-curator5-rhel8@sha256:dbc75a61400990152ade84500cf74b8653c0eefa8b6f1b733475750abf191e90
openshift-logging/logging-loki-rhel8@sha256:6f4e5865ebb900359af608cdd34b8afe52be8635fa319f710ee8509e9fcede7f
openshift-logging/logging-view-plugin-rhel8@sha256:9bb8a4b0021333fa788e2ddbb09628cf1d60678e38474d73baf00a7f37209293
openshift-logging/loki-operator-bundle@sha256:613928b1bba576ae6b13d619e2623bcf2f8dc16c977e728a49d08b55ecbc143e
openshift-logging/loki-rhel8-operator@sha256:6782d239c4971cb3aba73889777e5183d84f8e2b3ddbbaa1f2887833cc5088bb
openshift-logging/lokistack-gateway-rhel8@sha256:357b98921c6bacd5bd73a120e1b454afd2c909b2be105f8c6f88f2a8211e32bb
openshift-logging/opa-openshift-rhel8@sha256:11dc55316221417b479e8ad304cabf5877b7b865786a86fc35425b755655b262
openshift-logging/vector-rhel8@sha256:5adca80c657297effd898bbf8a7be459498dad01b744a40b67569ea38c7c671d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.