Synopsis
Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 5.7.4 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Logging Subsystem 5.7.4 - Red Hat OpenShift
Security Fix(es):
- nodejs-semver: Regular expression denial of service (CVE-2022-25883)
- rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
-
Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
-
Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
-
Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x
Fixes
-
BZ - 2164736
- CVE-2023-22796 rubygem-activesupport: Regular Expression Denial of Service
-
BZ - 2216475
- CVE-2022-25883 nodejs-semver: Regular expression denial of service
-
LOG-2701
- [Vector] [Cloudwatch] namespaceUUID is not added to logGroupName when forwarding logs to Cloudwatch.
-
LOG-3880
- Deprecated `curation` and `forwarder` are displayed in the console when creating clusterlogging via `Form view`.
-
LOG-4015
- [Vector][Loki] vector_component_sent_bytes_total metric for Loki sink not exposed by vector.
-
LOG-4073
- Invalid link to doc from installed operator in OpenShift Web Console
-
LOG-4237
- Regression with Red Hat OpenShift Logging 5.7.2
-
LOG-4242
- Vector pods raise `Configuration error` when forwarding to cloudwatch/googlecloudlogging with tlsSecurityProfile configured.
-
LOG-4275
- [release-5.7] Vector pods going into a panic state
-
LOG-4302
- CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch.
-
LOG-4361
- [release-5.7] Setting custom options on the application tenant removes user-alertmanager configuration
-
LOG-4368
- [release-5.7] sts cloudwatch issues after upgrading from 5.5
-
LOG-4389
- [release-5.7] Query Label Values from Loki return duplicate values.