Red Hat Product Errata RHSA-2024:6095 - Security Advisory
Issued:
2024-09-11
Updated:
2024-09-12

RHSA-2024:6095 - Security Advisory

Synopsis

Important: security update Logging for Red Hat OpenShift - 5.9.6

Type/Severity

Security Advisory: Important

Topic

Important Logging for Red Hat OpenShift - 5.9.6

Description

Logging for Red Hat OpenShift - 5.9.6
cluster-logging-rhel9-operator: compat-openssl11(CVE-2023-0286)

Solution

For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

For Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 9 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 9 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 9 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 9 s390x

Fixes

  • LOG-5525 - Updating the data.token field in the cloudwatch secret for a ClusterLogForwarder does not trigger an update
  • LOG-5585 - CVE-2023-0286 affecting cluster-logging-rhel9-operator image
  • LOG-5602 - Vector forwarding authentication issue when password contains special characters
  • LOG-5815 - Drop Filter fails to match on integers
  • LOG-5866 - Vector not releasing deleted file handles
  • LOG-5997 - [release-5.9] Logging must-gather errors out when running on a non-amd64 arch cluster
  • LOG-6016 - The log severity should be sorted from most priority to less
  • LOG-5988 - [release-5.9] Update kube-rbac-proxy to continue support for arm64/ppc64le arch cluster
  • LOG-6033 - [release-5.9] Validation for ClusterLogForwarder fails when using multiple pipelines without name
  • LOG-6023 - logging collector pod missing PreferredScheduling annotation for WLP
  • LOG-6028 - [release-5.9] Point kube-rbac-proxy to correct external repository

aarch64

openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7
openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105
openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207
openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d
openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077
openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2
openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c
openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9
openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7
openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650

ppc64le

openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a
openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d
openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44
openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76
openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc
openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b
openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951
openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82
openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59
openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af

s390x

openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a
openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb
openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a
openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99
openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f
openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac
openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa
openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790
openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e
openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0
openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b
openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f
openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1
openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2
openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd
openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c
openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56
openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457
openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829
openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d
openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.