Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update

Related Vulnerabilities: CVE-2022-25883   CVE-2023-22796  

Source

Synopsis

Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Logging Subsystem 5.7.4 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Logging Subsystem 5.7.4 - Red Hat OpenShift

Security Fix(es):

  • nodejs-semver: Regular expression denial of service (CVE-2022-25883)
  • rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
  • Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86_64
  • Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
  • Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

Fixes

  • BZ - 2164736 - CVE-2023-22796 rubygem-activesupport: Regular Expression Denial of Service
  • BZ - 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service
  • LOG-2701 - [Vector] [Cloudwatch] namespaceUUID is not added to logGroupName when forwarding logs to Cloudwatch.
  • LOG-3880 - Deprecated `curation` and `forwarder` are displayed in the console when creating clusterlogging via `Form view`.
  • LOG-4015 - [Vector][Loki] vector_component_sent_bytes_total metric for Loki sink not exposed by vector.
  • LOG-4073 - Invalid link to doc from installed operator in OpenShift Web Console
  • LOG-4237 - Regression with Red Hat OpenShift Logging 5.7.2
  • LOG-4242 - Vector pods raise `Configuration error` when forwarding to cloudwatch/googlecloudlogging with tlsSecurityProfile configured.
  • LOG-4275 - [release-5.7] Vector pods going into a panic state
  • LOG-4302 - CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch.
  • LOG-4361 - [release-5.7] Setting custom options on the application tenant removes user-alertmanager configuration
  • LOG-4368 - [release-5.7] sts cloudwatch issues after upgrading from 5.5
  • LOG-4389 - [release-5.7] Query Label Values from Loki return duplicate values.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started