Red Hat Product Errata RHSA-2025:3907 - Security Advisory
Issued:
2025-04-16
Updated:
2025-04-16

RHSA-2025:3907 - Security Advisory

Synopsis

Important: Logging for Red Hat OpenShift - 6.1.5

Type/Severity

Security Advisory: Important

Topic

Logging for Red Hat OpenShift - 6.1.5

Description

Logging for Red Hat OpenShift - 6.1.5
lokistack-gateway-container: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)

Solution

For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/ocp-4-17-release-notes

For Red Hat OpenShift Logging 6.1, see the following instructions to apply this update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/logging/logging-6-1

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 6 aarch64
  • Logging Subsystem for Red Hat OpenShift 6 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 6 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 6 s390x

Fixes

  • BZ - 2354195 - CVE-2025-30204 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
  • LOG-6991 - [release-6.1] Enable time-based sharding of Loki streams
  • LOG-6996 - When forwarding logs with Otel data module, vector pod cannot forward ovn audit logs.

aarch64

openshift-logging/cluster-logging-rhel9-operator@sha256:385ca0686fede6d1407cbe93dd7436ded1fdd1835251df05c72d534f217888eb
openshift-logging/eventrouter-rhel9@sha256:48aee5c2445bb8c4ed364c95a345441c0d20ef189b30b5246b643bc368ed2893
openshift-logging/log-file-metric-exporter-rhel9@sha256:0195ed54d656d19131a61326458acce42ca23e2f43a26c3b028cff8ece76939d
openshift-logging/logging-loki-rhel9@sha256:0f1c47972c62643931c5af17d82117a246ab146d9b521c1bd670900de31b2d26
openshift-logging/loki-rhel9-operator@sha256:290546879b32fbba75ee1de819f5914c4984d1efb414c8d76975b00fa5410b97
openshift-logging/lokistack-gateway-rhel9@sha256:d4a2c37167b17827a6d9efa5a01f0bfe06ab0f4fea21021961c92b1c8b751264
openshift-logging/opa-openshift-rhel9@sha256:0ca75f20b106b356b16a02cd1b804c9ffe61de986f7e505fd3791d3e6b376cc5
openshift-logging/vector-rhel9@sha256:5c3763ba1d42ae880f9be458bba15b399f9a409008848e978b8c0f50e05fc0cc

ppc64le

openshift-logging/cluster-logging-rhel9-operator@sha256:4983f5f7b8ae62f328e8ad02d31e0f05ebf79af4aba0ee2a03241f5b3e83f9ec
openshift-logging/eventrouter-rhel9@sha256:5010457f162ace51005f872c92482dd4e4dd9f5e1c824544b49e1b20ff02f18f
openshift-logging/log-file-metric-exporter-rhel9@sha256:4a61297a2de9388e4e92e3bf44600c7cfd1057ab465416737a3e04bb4eb194e1
openshift-logging/logging-loki-rhel9@sha256:c9ba52ab354ba6ba6ea07bd83ca70359d7d7dcce59fcab8347015ab4a33be2a8
openshift-logging/loki-rhel9-operator@sha256:c229909ec702ca104fdb4c0157fc76ee8ba8a16278a2d1bcc6fbf581ec846efb
openshift-logging/lokistack-gateway-rhel9@sha256:c705fdf8d6b5c4e8f669c1751b1d1da970764998344536dde6fdfe11a1ae4417
openshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec
openshift-logging/vector-rhel9@sha256:b07163c181a3b0b5e10837b9e89a25aed8b501fd1b33c56d89188f10fd939616

s390x

openshift-logging/cluster-logging-rhel9-operator@sha256:102c955f4fe3616cbe8e2e8cb1549da04ec98b8900b014f0e9be2c91379269e2
openshift-logging/eventrouter-rhel9@sha256:0cf1c3992d210339cebe0312e39302096d393fd793dd7858420fc11d51ed0806
openshift-logging/log-file-metric-exporter-rhel9@sha256:5bf2cd46cacfe5e0ff6c8cf6223113df1fd48cdc0f3307c2dd9727fb4e8e09b1
openshift-logging/logging-loki-rhel9@sha256:21e98efab453533dbead455bdfe248fc4b8c1a6dfda148318895d9fb9a8afb7e
openshift-logging/loki-rhel9-operator@sha256:f8a069907c905a39888e179319b60ec15fba1213bc1420898a6dcc9aaae9cd78
openshift-logging/lokistack-gateway-rhel9@sha256:9eb7d0ba124cde7329c1bee6045b6be8d594a1b652b21ed9e704a95e8274b343
openshift-logging/opa-openshift-rhel9@sha256:8f0526bc9f252d614072f73042cb0abddc2a1a81ef2c81bd21ddf2238b38315d
openshift-logging/vector-rhel9@sha256:275912d20e6e84f6c8343208b6a45611686b59b5909de4510ebdafeba47992de

x86_64

openshift-logging/cluster-logging-operator-bundle@sha256:8ff77eeae069d78708d243efa1d0fcb81307fe2f927335a44f559ab6d5bcd260
openshift-logging/cluster-logging-rhel9-operator@sha256:60a6a6a013a5e5f1b1fe59c7c309e2d9ee8cb9c588f1ccb6c7d5a4c7fc016e53
openshift-logging/eventrouter-rhel9@sha256:08e42d7980780340549efeb583fa58af8091772a27d0d3854436a91f5c80d226
openshift-logging/log-file-metric-exporter-rhel9@sha256:a814e6843a2aa15ef06e61f721a2cfa7227d208c4d3b6acd36f0c4112f98a1ea
openshift-logging/logging-loki-rhel9@sha256:16d08b15fd8ef4b0bed13d59b90c44d473c99fcff8e56b2311769f640ca9da9c
openshift-logging/loki-operator-bundle@sha256:ce4d544c2f1155650396009f59348b9065ae71574388369e12cd18b3f3a612f6
openshift-logging/loki-rhel9-operator@sha256:93415c2a2c4fc708ae32ab2dc6424667fe9331899dd0591f9bf7607807bbe311
openshift-logging/lokistack-gateway-rhel9@sha256:90c4d55adcf1665f459b98b9b10dfabc75c4a4fe998023a2e01bfb7c64f1edf9
openshift-logging/opa-openshift-rhel9@sha256:1a5b10a0921455c78bf7ab714ffe27883796424f1c0906b24bf8ef407246e383
openshift-logging/vector-rhel9@sha256:6c4dd876d499a51c2dc746d7350e6f467a90a47b5f73b7794b1c95a4feba9bd9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.