what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-7434-01

Red Hat Security Advisory 2022-7434-01
Posted Nov 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-2588, CVE-2022-29900
SHA-256 | 8955b3daac257bb1e631eab88f1476668bf890ade5b3c2f9df79ac69caf7f1a7

Red Hat Security Advisory 2022-7434-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Logging Subsystem 5.5.4 - Red Hat OpenShift security update
Advisory ID: RHSA-2022:7434-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7434
Issue date: 2022-11-10
CVE Names: CVE-2020-35525 CVE-2020-35527 CVE-2022-0494
CVE-2022-1353 CVE-2022-2509 CVE-2022-2588
CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-23816 CVE-2022-23825 CVE-2022-29900
CVE-2022-29901 CVE-2022-32149 CVE-2022-37434
CVE-2022-39399 CVE-2022-40674
====================================================================
1. Summary:

Logging Subsystem 5.5.4 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.5.4 - Red Hat OpenShift

Security Fix(es):

* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

For Red Hat OpenShift Logging 5.5, see the following instructions to apply
this update:

https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-2674 - Many `can't remove non-existent inotify watch for: /var/log/pods/xxxxxx` errors in logfilesmetricexporter container.
LOG-3042 - Logging view plugin removes part of LogQL query
LOG-3049 - [release-5.5] Resources associated with collector / fluentd keep on getting recreated
LOG-3127 - The alerts are Fluentd when type=vector
LOG-3138 - [release-5.5] the content of secret elasticsearch-metrics-token is recreated continually
LOG-3175 - [release-5.5] Vector healthcheck fails when forwarding logs to Cloudwatch
LOG-3213 - must-gather is empty for logging with CLO image
LOG-3234 - [release-5.5] Loki gateway is crashing because cipher-suites are not set
LOG-3251 - [release-5.5] Adding Valid Subscription Annotation

6. References:

https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2022-0494
https://access.redhat.com/security/cve/CVE-2022-1353
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-23816
https://access.redhat.com/security/cve/CVE-2022-23825
https://access.redhat.com/security/cve/CVE-2022-29900
https://access.redhat.com/security/cve/CVE-2022-29901
https://access.redhat.com/security/cve/CVE-2022-32149
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/cve/CVE-2022-40674
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2ygY9zjgjWX9erEAQjsqhAAnWipfbePJjzeNKhBdSB8+KuuFOdDosVl
TM83jx5ov3yumRWxBORPOlN85R1Pfw2Kh7kT669wrbDL91YUU9WTYlONhiubL/oa
MR5Eq6TscAzh1aiy1BRZporGnddlpX5xNmHxl0G65CwisChuB8aom5uR0kymu8V1
4oH5wScZKshX9HgAylMerT7mO31Ya3xKOCPx9j39jP1G1DFM1c5NwYqHPVt3ioLJ
4kwnkt59USHi4AHxj9ELEJ2lHBNF9QTD7BITNuWITac+sCK55OEWKjLzerE7yaNy
4ZGy0ERDwRPScnVSnvtsZYGcuJPAth9eX7c9hxwDxiCdTL5nli0NI5e3MuU3gU/W
yBsDFe8DDi/bnzSw5T8ofT5IfOyc/6PuncZUO3QKF/fGwaN/xD+0Gj5+J7kZKTnq
lxbBOPpn52omWVDittRYxAouYn++CEHbJsUIznJDLOMKYXjuhZ/ERePl0pZAeiao
CScdIGNt6fDFCzNSYgdXJGbw/NPqYSQNpsJjzM2TdwVxaOguVRKXm5EJR7cTJzXm
hA3H3BlP0Bzq5UsW4GifQF3jyv6tOQFd/mMvGv3d+08S/JUKKCzJBdlp9nw6eXqp
TV+8Q4YCRXU5enul8DZGfKH7P7UYvSZ+cBBhxIkcnkhs2MT21ezopxubJs5KG035
qXp/7zyXsVs=t8JW
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close