Red Hat Product Errata RHSA-2025:3132 - Security Advisory
Issued:
2025-03-26
Updated:
2025-03-26

RHSA-2025:3132 - Security Advisory

Synopsis

Important: Logging for Red Hat OpenShift - 6.0.6

Type/Severity

Security Advisory: Important

Topic

Logging for Red Hat OpenShift - 6.0.6

Description

Logging for Red Hat OpenShift - 6.0.6

lokistack-gateway-container: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144)
logging-loki-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)

Solution

For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

For Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.16/observability/logging/logging-6.0/log6x-upgrading-to-6.html

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 6 aarch64
  • Logging Subsystem for Red Hat OpenShift 6 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 6 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 6 s390x

Fixes

  • BZ - 2333122 - CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
  • BZ - 2347423 - CVE-2025-27144 go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
  • LOG-6759 - Collectors in crashloopbackoff when defined an output that not used in the pipeline

aarch64

openshift-logging/cluster-logging-rhel9-operator@sha256:ff4bc240a5c840d16eb48db373fedafef5a7a2f1db0d90b296af054423789cf7
openshift-logging/eventrouter-rhel9@sha256:6fc3e68cc69f8ce6eb93244fc344260b48ac68794da1ce78aeb4fad606576789
openshift-logging/log-file-metric-exporter-rhel9@sha256:0bc239163627bd0b502d74072d5fd8f6606b222784d24963bcc6d104353221c8
openshift-logging/logging-loki-rhel9@sha256:c48d43f0a1db7196656f8f71fed383248131117517566034f6e6e9cb67d86695
openshift-logging/loki-rhel9-operator@sha256:161fc8b97a1752329c7456a6e052b7bedb39a566bc0ba4b91a31a1360aabbaa8
openshift-logging/lokistack-gateway-rhel9@sha256:06322689631815e632be8ac68c784641801499b80c7f84ef65a6b6be7d87a85a
openshift-logging/opa-openshift-rhel9@sha256:f4209e2eb1cb3a197f64db4d08e8ef67937ce88a987c29391f3a6aa50e6c5606
openshift-logging/vector-rhel9@sha256:9183e9614e3f963be71158dc75eee5d8f16e1c177775544094cef5c115ba743f

ppc64le

openshift-logging/cluster-logging-rhel9-operator@sha256:98f1e57da45eaaa9dbb54ccf52e50e23e7238de0b1065721a2f1041cc2404757
openshift-logging/eventrouter-rhel9@sha256:4f287a5ae842fc8b87ba0ac19dd9909ce0fb17b4f4b6c582621b559b55a9c0ae
openshift-logging/log-file-metric-exporter-rhel9@sha256:e5fdace6353f81300d3fbf57d89ec1ea5038afdb2120cb0c524ce61d65424e34
openshift-logging/logging-loki-rhel9@sha256:75b744971db524a4b218e1f81395ac753d1c392f099b3ab79945809f8714728f
openshift-logging/loki-rhel9-operator@sha256:f9f2c7e18a194440964e889c99bffd704b260eee5e4202575dd341fea4ab23fd
openshift-logging/lokistack-gateway-rhel9@sha256:57a6bf54011a5bbff66e9d3f76c619960ac02c2adce88ba84cb73266aaebab32
openshift-logging/opa-openshift-rhel9@sha256:a88fbeca3dce34d749a433de069ac020acd6446be807abbeebb699fbf60e1849
openshift-logging/vector-rhel9@sha256:4e73489bf07ff3376c3947f769902acfc206c6f3ed00cfd7f724f4022be97b44

s390x

openshift-logging/cluster-logging-rhel9-operator@sha256:0a35500c9b027f30669c6f410b468ee528972c18eea0f8783954979f444c28e5
openshift-logging/eventrouter-rhel9@sha256:4672ce29ebd5f099aa2afeeae907e4693a7bc9f6cf0a9fa1e7527a12a17976f0
openshift-logging/log-file-metric-exporter-rhel9@sha256:85164d3f02bdfcc8b1c545c8c8a8a775d6690de8bd27502d70fb686af0ceb53b
openshift-logging/logging-loki-rhel9@sha256:ac504d165b83e047af9d8c2a49f136b13e466c43d2d9f679850b3a32f44d96f3
openshift-logging/loki-rhel9-operator@sha256:f6426dc70bc6bfce23a72163afb3229a28bbc340e1e5dbd42696534a6187b6eb
openshift-logging/lokistack-gateway-rhel9@sha256:8159842ddd7237c3710ce6a93338bd3647d53a6355989f614a2bc26e8ed81452
openshift-logging/opa-openshift-rhel9@sha256:89d23ee10b06a32e8424014a6bad13ec4cacc9458a22d829f1539462c8757624
openshift-logging/vector-rhel9@sha256:483bb4b32ff0932e96a5572a386ecb3e4c605cacfc515d7029f23f572d0e6254

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5
openshift-logging/cluster-logging-rhel9-operator@sha256:6646e0c4534894aab3169a534326a8bfbee5d4c384bdd94434613e4044c8acc6
openshift-logging/eventrouter-rhel9@sha256:6216957ee9e05152231a7816470003822ce706ed768bd9dbf15a7d42ceba0169
openshift-logging/log-file-metric-exporter-rhel9@sha256:ba8ec092b2b26e83e30d78879196dd8d524ef6805abafa5be562e2b734676e68
openshift-logging/logging-loki-rhel9@sha256:4c9aae2b3560cb6bc67ef536459ed04e30b0890e3b34c8fbbfaa7557b449bc44
openshift-logging/loki-operator-bundle@sha256:47f6a0bc969c7039b027fcff8b8fc97ad88f54fc07efd839e98b95d660124d36
openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0
openshift-logging/lokistack-gateway-rhel9@sha256:55d833a3314752d84f5d8fecdec10e1ba933563991e444536aeae17b2e62c397
openshift-logging/opa-openshift-rhel9@sha256:dcbc0f3616072607ef651100b2e9b5817c7ef03c507858bee27bc72a23eb7900
openshift-logging/vector-rhel9@sha256:4544bf43eed07afab6f941b7f8fd56a635045eb3ac182bbd180d816a9fc10f76

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.