Red Hat Security Advisory 2022-7434-01 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[28] Download^[29]

        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================                   
Red Hat Security Advisory
Synopsis:          Moderate: Logging Subsystem 5.5.4 - Red Hat OpenShift security update
Advisory ID:       RHSA-2022:7434-01
Product:           Logging Subsystem for Red Hat OpenShift
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7434
Issue date:        2022-11-10
CVE Names:         CVE-2020-35525 CVE-2020-35527 CVE-2022-0494
CVE-2022-1353 CVE-2022-2509 CVE-2022-2588
CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-23816 CVE-2022-23825 CVE-2022-29900
CVE-2022-29901 CVE-2022-32149 CVE-2022-37434
CVE-2022-39399 CVE-2022-40674
====================================================================
1. Summary:
Logging Subsystem 5.5.4 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Logging Subsystem 5.5.4 - Red Hat OpenShift
Security Fix(es):
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
For Red Hat OpenShift Logging 5.5, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html
4. Bugs fixed (https://bugzilla.redhat.com/):
2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-2674 - Many `can't remove non-existent inotify watch for: /var/log/pods/xxxxxx` errors in logfilesmetricexporter container.
LOG-3042 - Logging view plugin removes part of LogQL query
LOG-3049 - [release-5.5] Resources associated with collector / fluentd keep on getting recreated
LOG-3127 - The alerts are Fluentd when type=vector
LOG-3138 - [release-5.5] the content of secret elasticsearch-metrics-token is recreated continually
LOG-3175 - [release-5.5] Vector healthcheck fails when forwarding logs to Cloudwatch
LOG-3213 - must-gather is empty for logging with CLO image
LOG-3234 - [release-5.5] Loki gateway is crashing because cipher-suites are not set
LOG-3251 - [release-5.5] Adding Valid Subscription Annotation
6. References:
https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2022-0494
https://access.redhat.com/security/cve/CVE-2022-1353
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-23816
https://access.redhat.com/security/cve/CVE-2022-23825
https://access.redhat.com/security/cve/CVE-2022-29900
https://access.redhat.com/security/cve/CVE-2022-29901
https://access.redhat.com/security/cve/CVE-2022-32149
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/cve/CVE-2022-40674
https://access.redhat.com/security/updates/classification/#moderate
7. Contact:
The Red Hat security contact is <Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2ygY9zjgjWX9erEAQjsqhAAnWipfbePJjzeNKhBdSB8+KuuFOdDosVl
TM83jx5ov3yumRWxBORPOlN85R1Pfw2Kh7kT669wrbDL91YUU9WTYlONhiubL/oa
MR5Eq6TscAzh1aiy1BRZporGnddlpX5xNmHxl0G65CwisChuB8aom5uR0kymu8V1
4oH5wScZKshX9HgAylMerT7mO31Ya3xKOCPx9j39jP1G1DFM1c5NwYqHPVt3ioLJ
4kwnkt59USHi4AHxj9ELEJ2lHBNF9QTD7BITNuWITac+sCK55OEWKjLzerE7yaNy
4ZGy0ERDwRPScnVSnvtsZYGcuJPAth9eX7c9hxwDxiCdTL5nli0NI5e3MuU3gU/W
yBsDFe8DDi/bnzSw5T8ofT5IfOyc/6PuncZUO3QKF/fGwaN/xD+0Gj5+J7kZKTnq
lxbBOPpn52omWVDittRYxAouYn++CEHbJsUIznJDLOMKYXjuhZ/ERePl0pZAeiao
CScdIGNt6fDFCzNSYgdXJGbw/NPqYSQNpsJjzM2TdwVxaOguVRKXm5EJR7cTJzXm
hA3H3BlP0Bzq5UsW4GifQF3jyv6tOQFd/mMvGv3d+08S/JUKKCzJBdlp9nw6eXqp
TV+8Q4YCRXU5enul8DZGfKH7P7UYvSZ+cBBhxIkcnkhs2MT21ezopxubJs5KG035
qXp/7zyXsVs=t8JW
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://listman.redhat.com/mailman/listinfo/rhsa-announce

• Follow us on Twitter^[32]
• Subscribe to an RSS Feed^[33]

File Tags

• ActiveX^[34] (932)
• Advisory^[35] (79,401)
• Arbitrary^[36] (15,609)
• BBS^[37] (2,859)
• Bypass^[38] (1,610)
• CGI^[39] (1,015)
• Code Execution^[40] (6,880)
• Conference^[41] (672)
• Cracker^[42] (840)
• CSRF^[43] (3,283)
• DoS^[44] (22,481)
• Encryption^[45] (2,348)
• Exploit^[46] (50,247)
• File Inclusion^[47] (4,161)
• File Upload^[48] (945)
• Firewall^[49] (821)
• Info Disclosure^[50] (2,651)
• Intrusion Detection^[51] (864)
• Java^[52] (2,884)
• JavaScript^[53] (816)
• Kernel^[54] (6,240)
• Local^[55] (14,158)
• Magazine^[56] (586)
• Overflow^[57] (12,364)
• Perl^[58] (1,417)
• PHP^[59] (5,081)
• Proof of Concept^[60] (2,287)
• Protocol^[61] (3,418)
• Python^[62] (1,444)
• Remote^[63] (29,978)
• Root^[64] (3,493)
• Ruby^[65] (594)
• Scanner^[66] (1,631)
• Security Tool^[67] (7,762)
• Shell^[68] (3,097)
• Shellcode^[69] (1,204)
• Sniffer^[70] (885)
• Spoof^[71] (2,163)
• SQL Injection^[72] (16,082)
• TCP^[73] (2,376)
• Trojan^[74] (683)
• UDP^[75] (875)
• Virus^[76] (660)
• Vulnerability^[77] (31,048)
• Web^[78] (9,307)
• Whitepaper^[79] (3,724)
• x86^[80] (944)
• XSS^[81] (17,468)
• Other^[82]

File Archives

• November 2022^[83]
• October 2022^[84]
• September 2022^[85]
• August 2022^[86]
• July 2022^[87]
• June 2022^[88]
• May 2022^[89]
• April 2022^[90]
• March 2022^[91]
• February 2022^[92]
• January 2022^[93]
• December 2021^[94]
• Older^[95]

Systems

• AIX^[96] (426)
• Apple^[97] (1,924)
• BSD^[98] (370)
• CentOS^[99] (55)
• Cisco^[100] (1,916)
• Debian^[101] (6,606)
• Fedora^[102] (1,690)
• FreeBSD^[103] (1,242)
• Gentoo^[104] (4,262)
• HPUX^[105] (878)
• iOS^[106] (329)
• iPhone^[107] (108)
• IRIX^[108] (220)
• Juniper^[109] (67)
• Linux^[110] (43,965)
• Mac OS X^[111] (684)
• Mandriva^[112] (3,105)
• NetBSD^[113] (255)
• OpenBSD^[114] (479)
• RedHat^[115] (12,244)
• Slackware^[116] (941)
• Solaris^[117] (1,607)
• SUSE^[118] (1,444)
• Ubuntu^[119] (8,114)
• UNIX^[120] (9,143)
• UnixWare^[121] (185)
• Windows^[122] (6,496)
• Other^[123]

© 2022 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/169810/RHSA-2022-7434-01.txt