Synopsis
Moderate: Logging Subsystem 5.7.3 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Logging Subsystem 5.7.3 - Red Hat OpenShift
Security Fix(es):
- word-wrap: ReDoS (CVE-2023-26115)
- tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
-
Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
-
Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
-
Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x
Fixes
-
BZ - 2216827
- CVE-2023-26115 word-wrap: ReDoS
-
BZ - 2219310
- CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
-
LOG-4100
- [release-5.7] Browser keeps plugin files cached after upgrade
-
LOG-4156
- [release-5.7] Degraded condition on LokiStack is reset even when it should persist
-
LOG-4161
- [release-5.7] Ruler does not restart after updates to RulerConfig CR.
-
LOG-4176
- [release-5.7 ]Vector in CrashLoopBackOff when using matchLabel containing special character /
-
LOG-4198
- [release-5.7] Controller crashes when only per tenant limits are defined in LokiStack CR
-
LOG-4258
- Fluentd fails when configured passphase sending to Elasticsearch
-
LOG-4277
- [release-5.7] HTTP request header again too big, causing interaction with elasticsearch to fail
-
LOG-4264
- [release-5.7] Update ose-kube-rbac-proxy to v4.10+
-
LOG-4095
- loki labelKeys with slashes break in 5.7
-
LOG-4177
- CLO pod crash if CLF is updated when CL in Unmanagment status
-
LOG-4271
- [release-5.7] Fix kibana packaging in order for it to be properly scanned by prod sec
-
LOG-4108
- [release-5.7] Custom time range is not getting updated on Aggregated Logs page
-
LOG-3498
- Loki returning timed out after 30000ms