Important: Network Observability 1.4.0 for OpenShift

Topic

Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.

The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Network Observability 1.4.0

Security Fix(es):

• word-wrap: Regular Expression Denial of Service (CVE-2023-26115)
• nodejs-semver: Regular expression denial of service (CVE-2022-25883)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Network Observability (NETOBSERV) 1 for RHEL 9 x86_64
• Network Observability (NETOBSERV) for ARM 64 1 for RHEL 9 aarch64
• Network Observability (NETOBSERV) for IBM Power, little endian 1 for RHEL 9 ppc64le
• Network Observability (NETOBSERV) for IBM Z and LinuxONE 1 for RHEL 9 s390x

Fixes

• BZ - 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service
• BZ - 2216827 - CVE-2023-26115 word-wrap: ReDoS
• NETOBSERV-975 - Flows dropped due to Loki stream limit during large traffic spikes
• NETOBSERV-1131 - Metrics do not ignore duplicates
• NETOBSERV-1224 - Flowcollector does not report status != Ready in OCP Console
• NETOBSERV-1283 - Not able to monitor Multus/SRIOV traffic on Network Observability Operator
• NETOBSERV-1009 - Export Netflows without Loki
• NETOBSERV-1034 - Remove 1.0.x channel
• NETOBSERV-1107 - Improve ebpf agent memory usage
• NETOBSERV-1137 - UI Enhancements 1.4
• NETOBSERV-1182 - add cluster name to flp configuration
• NETOBSERV-1196 - Extend platform coverage for Network Observability
• NETOBSERV-1242 - Console plugin build infos
• NETOBSERV-139 - Flow dashboards enhancements (flow-based metrics)
• NETOBSERV-962 - Add IPFIX exporter

CVEs

• CVE-2022-25883
• CVE-2023-2602
• CVE-2023-2603
• CVE-2023-26115
• CVE-2023-28321
• CVE-2023-28322
• CVE-2023-28484
• CVE-2023-29469

References

• https://access.redhat.com/security/updates/classification/#important