Red Hat Product Errata RHSA-2025:3906 - Security Advisory
Issued:
2025-04-16
Updated:
2025-04-16

RHSA-2025:3906 - Security Advisory

Synopsis

Important: Logging for Red Hat OpenShift - 5.9.13

Type/Severity

Security Advisory: Important

Topic

Logging for Red Hat OpenShift - 5.9.13

Description

Logging for Red Hat OpenShift - 5.9.13
logging-fluentd-container: Net::IMAP vulnerable to possible DoS by memory exhaustion (CVE-2025-25186)
logging-fluentd-container: Local File Inclusion in Rack::Static (CVE-2025-27610)
lokistack-gateway-container: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144)
lokistack-gateway-container: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)

Solution

For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/ocp-4-14-release-notes

For Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/logging/cluster-logging-upgrading

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 9 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 9 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 9 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 9 s390x

Fixes

  • BZ - 2344680 - CVE-2025-25186 net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
  • BZ - 2347423 - CVE-2025-27144 go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
  • BZ - 2351231 - CVE-2025-27610 rack: rubygem-rack: Local File Inclusion in Rack::Static
  • BZ - 2354195 - CVE-2025-30204 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
  • LOG-6855 - Not listed the types for different fields in the clusterLogging

aarch64

openshift-logging/cluster-logging-rhel9-operator@sha256:8a735ea6035e59ec0be9c08f9b7dc50146f8a15d6b8a440e550d799fc2ab2bfb
openshift-logging/eventrouter-rhel9@sha256:a6410818a8dcfed63a24ed9cecf3d0fe309983278e2cc56caf914732021c35cb
openshift-logging/fluentd-rhel9@sha256:18d954fab2666daa32c1811a5a2dbfdc5ea33161b867fbe2b1c459b14b2081ce
openshift-logging/log-file-metric-exporter-rhel9@sha256:4e71c1ad1e4f4cf757d7db9aa0c1b278798ee1c8dc30885d2b8bd248a6ae5369
openshift-logging/logging-loki-rhel9@sha256:937c168b0f4715d60478336f89ce79a9cae96509f7eb8949201b23e172097946
openshift-logging/logging-view-plugin-rhel9@sha256:8f9ef4f885a9feb96b9be4e7b2ec32f100b5c135267a5c9cb28e941deccded3a
openshift-logging/loki-rhel9-operator@sha256:5e533297a7d58441eec5f8b7a35dcc465f2848a9eebe198217b9e3bb2fbd1061
openshift-logging/lokistack-gateway-rhel9@sha256:0a8711edfd92e8e22ed060964b6ddb9a5bd8ba2cee037c760d2a0c7f8c8939ff
openshift-logging/opa-openshift-rhel9@sha256:c0f595923db400c436b225ffb9a24c83a710ff19232d1a2ede3ec61d6a26d55a
openshift-logging/vector-rhel9@sha256:fb08179208ba226bd4944f03c90daf7738b9dc9faa312989ff36d9e7fec0a5d4

ppc64le

openshift-logging/cluster-logging-rhel9-operator@sha256:3539043c7d58d40d59bae337e6417ff629a455331c2a8f18072a61a0498c6b0f
openshift-logging/eventrouter-rhel9@sha256:80cc7ad26b3636524fb74173f0515dd59c22a96f3df19542dde1b83e855d8aff
openshift-logging/fluentd-rhel9@sha256:8d4861653f699249106269bf6c22d85dfa6b21e46f950c39267d076f32335037
openshift-logging/log-file-metric-exporter-rhel9@sha256:7c19c8e1c500dd97b7f1c9d9eb64fbf563521755c4e405660c54640917e63157
openshift-logging/logging-loki-rhel9@sha256:0ce3635a5ecae5508fb4831679b1348c6b878a1cf6d8c2ac802e22eb924bf49c
openshift-logging/logging-view-plugin-rhel9@sha256:9a0af2cd5f384ce9c567342cfd65a2918d3fe9f7ef7c84d7a400d1fec93a2d2e
openshift-logging/loki-rhel9-operator@sha256:af54bdb148f587e0158ea25934fb29b4911549adec89e5881f27f651c6d353c9
openshift-logging/lokistack-gateway-rhel9@sha256:2ef3393c55beba60aaebab40b515011d11e7e03c3f880eacce92b183ad855282
openshift-logging/opa-openshift-rhel9@sha256:9d21f986d9b0e58899e745f6e74f9463078117cc170c2e0adcf30cf6a862cae3
openshift-logging/vector-rhel9@sha256:ee54e2a27f7d32caffcbae7cc74aef2871ab6c11040052c1a193b699f1b53772

s390x

openshift-logging/cluster-logging-rhel9-operator@sha256:c3331a796756a51a217608d9ced14e51d70630e1c1725713bfb94f9f14b5834a
openshift-logging/eventrouter-rhel9@sha256:82bb8c2d3a16857a0e852e559e1df84e7f3a7456aac05fc52f4f43d8c0df4df8
openshift-logging/fluentd-rhel9@sha256:aa88fc2cb75d9f006f9d2e5aad15d2b1b8eaa0e80935c4c277d10ea5a2e93963
openshift-logging/log-file-metric-exporter-rhel9@sha256:ecffb9e390c60b776400aecf474dc20093282f75838ead4901348be885c2f54f
openshift-logging/logging-loki-rhel9@sha256:69ca6d9abdddf7134dc13e7d56f7c0516fbbac16d817d39c9506258a01a12d94
openshift-logging/logging-view-plugin-rhel9@sha256:e82024ab78f2d17ff7801c4c436d00a38ad7e9bef1f9edc20981e311cc610756
openshift-logging/loki-rhel9-operator@sha256:aee5721fb00afe90080988c5a3d3ae433584bdad4397af8231dda7c78a117732
openshift-logging/lokistack-gateway-rhel9@sha256:6850fcc0f4f85a4572fd8f5da7c1f79ae765e86692d309e805c5b5ba4b67c4af
openshift-logging/opa-openshift-rhel9@sha256:18ad05c9d29f7368d996f872c7d9456b60a2990a650f6aaf361a506da89fa8dd
openshift-logging/vector-rhel9@sha256:fcd42490f468bee35a25f7c5083270ff7b329c3daa2893d5c775b5007bf5b6f8

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:dbabb3b3c43e5084731aebcd518fee508d6f7bdc2b0a5dc8d4bfe59ed10b033f
openshift-logging/cluster-logging-rhel9-operator@sha256:b4981b32be757f58b436c5aab3f21dfc22e9f29cd7c2261eabf5640a91882bbf
openshift-logging/eventrouter-rhel9@sha256:9b63eb07fca510f850449576f298bb6420e57e46be38f3b53425af1630803888
openshift-logging/fluentd-rhel9@sha256:c76b12f9d59f2be7db69ecd3cb674a8c008852cd697f656c7cf6fba33fabe772
openshift-logging/log-file-metric-exporter-rhel9@sha256:47f7cbd4c70880374b4583e8bee11b48b46402a8df49b76065cde23f32a2dd8b
openshift-logging/logging-loki-rhel9@sha256:2158d0474907210ddd31f75568d04337f195541adf686edd87c136e3ea270ad4
openshift-logging/logging-view-plugin-rhel9@sha256:f43ce3c1fb3a8ec9dddae2f9bbf40c5cfe5c7261cbd372efb5a909b28a56465f
openshift-logging/loki-operator-bundle@sha256:5961121173b43becb595a589806e273494364207977492bd532dbe534ebf6db5
openshift-logging/loki-rhel9-operator@sha256:8d286e6a6f0ca737f0f260b82e3454bd13e58c4eece5df184e6a2aaa324ae165
openshift-logging/lokistack-gateway-rhel9@sha256:b4133caf795ead8349ae7f4d6aff99c6a17e213217d2f51a7186e3fbcf7cef27
openshift-logging/opa-openshift-rhel9@sha256:be524a81ee2125a4d1df24e68ece19c358eb71ca71a26a5ccc26e889fa02ef61
openshift-logging/vector-rhel9@sha256:3d4df146ed48f2516fc878a5723866ff3d806693cb5c1921925f178355bed045

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.