Red Hat Product Errata RHSA-2024:4333 - Security Advisory
Issued:
2024-07-23
Updated:
2024-07-23

RHSA-2024:4333 - Security Advisory

Synopsis

Moderate: security update Logging for Red Hat OpenShift - 5.9.4

Type/Severity

Security Advisory: Moderate

Topic

Moderate Logging for Red Hat OpenShift - 5.9.4

Description

Logging for Red Hat OpenShift - 5.9.4
logging-loki-container: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

Solution

For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

For Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 9 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 9 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 9 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 9 s390x

Fixes

  • LOG-5373 - clusterlogging.spec.visualization.ocpConsole.timeout as string fails
  • LOG-5524 - Vector collector pod crashes when kubernetes.label in structuredTypeKey contains "-"
  • LOG-5603 - The message "spec.collection.logs.* is deprecated in favor of spec.collection.*" does not disappear even after fixing the old spec
  • LOG-5697 - [release-5.9] Console label queries should use Loki API instead of k8s API
  • LOG-5701 - [release-5.9] loki-operator requires Cluster Credential Operator which does not exist on CRC
  • LOG-5702 - Restrict logging dashboard reconciliation to logging dashboad
  • LOG-5707 - [release-5.9]Vector syslog output for RFC3164 has extra space that does not comply with spec
  • LOG-5747 - Logging dashboards are not created for green installation
  • LOG-5749 - [release-5.9] Missing Loki Volume API in LokiStack

aarch64

openshift-logging/cluster-logging-rhel9-operator@sha256:edccd63edba4b63caf23bc47086d739eb95cf2dee9b3b3b96edc02f49fc31683
openshift-logging/eventrouter-rhel9@sha256:ca933d753d826c72513b8aba907212906585789c4276ec883423492379251046
openshift-logging/fluentd-rhel9@sha256:cd44fb393b2111de5a82c7f4987dbb0f6061f69d935585717f0c937dd413a030
openshift-logging/log-file-metric-exporter-rhel9@sha256:3b15b9c34291fd8030bd8fc17a6be53e854b10059b133262a42765a89a6a06b7
openshift-logging/logging-loki-rhel9@sha256:d8e75c2fde1739164020adf26942fe0822939aa25567ad83eb6aa932a499dd34
openshift-logging/logging-view-plugin-rhel9@sha256:f22c5436fa2c3d64f9044646a26089fb193eb6574ed6322bc36b83da4284d497
openshift-logging/loki-rhel9-operator@sha256:1581330d225d4ddb2e2b388b262c4e1490d47e9996e353bd08bffe08d669008f
openshift-logging/lokistack-gateway-rhel9@sha256:eb4e3ddb22ea45e87e627cf7e4f34702e463fec7f93193f749e7bd5090b275a6
openshift-logging/opa-openshift-rhel9@sha256:23144e3c951939e73e312a432dcdf2175df75289eb65a49a702aa5703bf42d9b
openshift-logging/vector-rhel9@sha256:49ea4969fdd09bca19effed6e2bc12490cffbd42ec1153b517484a6ff486586a

ppc64le

openshift-logging/cluster-logging-rhel9-operator@sha256:8ed56aeca6b017e32c7fd304a9ead907348a93b56b920e53220b151e1d72549e
openshift-logging/eventrouter-rhel9@sha256:158b9f235c6aea056aa3c1a6b868d82abf56fe99827efbe8dbf81fd5b6d7d921
openshift-logging/fluentd-rhel9@sha256:87cc7e3c8e8548f825e16a97049f045415e5400fef0b696a35f3c186f3317452
openshift-logging/log-file-metric-exporter-rhel9@sha256:1392ecf84f028961b14e22539b1bfb249baad922faf8009078770a923287666a
openshift-logging/logging-loki-rhel9@sha256:5fcc83c0ec1d1d1dfdb829e3800d3c45f68c30473e7111b4832a424aab6f9c14
openshift-logging/logging-view-plugin-rhel9@sha256:90cf626029152a0f91e0c45416ab368ae523961e51683f1c77f58867c610ee39
openshift-logging/loki-rhel9-operator@sha256:24d6e282613aaddbce75496c0e7880a34b1e60dd03b418ea498c7d8ddfb3c1f6
openshift-logging/lokistack-gateway-rhel9@sha256:22037ed2dcd6011c3debe2e268bd54d172bd7f425810ebadb8e99d143f87afd0
openshift-logging/opa-openshift-rhel9@sha256:34d0d10e4cc8a045f649e0de4b312096782062e397d57a57606c9bd82cb26667
openshift-logging/vector-rhel9@sha256:930988091e284dbd6747653fb664256e61de37f29989f71b92c4e3ecad61a869

s390x

openshift-logging/cluster-logging-rhel9-operator@sha256:d6160be4c9cb7d99d7b939272f3e959a8071f7bfc5e0386384ece105c5223f67
openshift-logging/eventrouter-rhel9@sha256:463a0f19c38e18b4f8709afd496d2ffe7a90cf0bbe938c8ee1e792abef1867cc
openshift-logging/fluentd-rhel9@sha256:f3ce4c578618bfeb9a2485516f5686d4db64447d6ec3f98c83dbb6513a2d7a54
openshift-logging/log-file-metric-exporter-rhel9@sha256:f0536d732f5dfab9af68e03ba71032abc9fda7868f4e598060b4f036d422d8e6
openshift-logging/logging-loki-rhel9@sha256:389bab83f8f13b8be194d9b749b11cd9dd7a42888b64b5551b359822fb316c0a
openshift-logging/logging-view-plugin-rhel9@sha256:55d632b221b0a93781d721ecb488b62ce44eec06255d273fa4160671b48cd011
openshift-logging/loki-rhel9-operator@sha256:c3822c7ab8741ef6dad2032b5381f5b8d20f02f032c17733e28a862d3451b007
openshift-logging/lokistack-gateway-rhel9@sha256:75aca4bafc8e533a122a0ae620fa7c12dcabfd1ad4c85c3548e9849395d6bf9a
openshift-logging/opa-openshift-rhel9@sha256:3aea842460876baa24b63a146b31f8905a48d55dabb4654e91e6da3d2539d628
openshift-logging/vector-rhel9@sha256:81dcd25f28cc125b35856c441ad69d001d9525f799dcefdde2d29d9838b7204e

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:4692c28a730de2a413042372647da244cfeca7012e0e9ff4c7f594fa34b535c9
openshift-logging/cluster-logging-rhel9-operator@sha256:503167dfcfcb931da055a257c45bc25a5ed40689dd6be16dd377f8a772de1815
openshift-logging/eventrouter-rhel9@sha256:56887bfa89578ef228d9682e60366e8e3450676b1e32e9ea593e7b369aead613
openshift-logging/fluentd-rhel9@sha256:f27df646caa2dd2d3137b724650131cb635517fce5580df6c9573a783251b796
openshift-logging/log-file-metric-exporter-rhel9@sha256:8b0debb82079c693921094e0f931502dddea78cc27321546dfeaac5151642cd3
openshift-logging/logging-loki-rhel9@sha256:a3a9f75013fe4f308e3021a2a7f3daeda97be39d756ec884cdf42f1e27ef54d1
openshift-logging/logging-view-plugin-rhel9@sha256:2be2467b675e403b52357ad7f9c430dc7bcfd86150bed90fac222352a364270a
openshift-logging/loki-operator-bundle@sha256:11b5e9c4e2f69cf131f734dbd9f1ec1b9926aaf9a691c2c4d8ed70e41fd6f820
openshift-logging/loki-rhel9-operator@sha256:3d4e4608806362c23a1f6f3b63c725a383478f276822569cd80eb104d1d15534
openshift-logging/lokistack-gateway-rhel9@sha256:d09acb4495b970b76b56383b830f37417f8bbb32cc23989097649252eff165eb
openshift-logging/opa-openshift-rhel9@sha256:552b7dc3057e38809196abecbe16582cffaa851c8b6a6e76fb5cad57115da713
openshift-logging/vector-rhel9@sha256:07f4aaffe651dc52fd6f53e6fc139954b9f70e7a928f9f97b58de5a5d08e98fd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.