Red Hat Security Advisory 2022-7434-01 ≈ Packet Storm

Red Hat Security Advisory 2022-7434-01 ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

Red Hat Security Advisory 2022-7434-01[6]
Authored by Red Hat[7] | Site[8]

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

systems | linux[9], redhat[10]
advisories | CVE-2020-35525[11], CVE-2020-35527[12], CVE-2022-0494[13], CVE-2022-1353[14], CVE-2022-21618[15], CVE-2022-21619[16], CVE-2022-21624[17], CVE-2022-21626[18], CVE-2022-21628[19], CVE-2022-23816[20], CVE-2022-23825[21], CVE-2022-2509[22], CVE-2022-2588[23], CVE-2022-29900[24]
SHA-256 | 8955b3daac257bb1e631eab88f1476668bf890ade5b3c2f9df79ac69caf7f1a7

Change Mirror[28] Download[29]

        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Red Hat Security Advisory
Synopsis: Moderate: Logging Subsystem 5.5.4 - Red Hat OpenShift security update
Advisory ID: RHSA-2022:7434-01
Product: Logging Subsystem for Red Hat OpenShift
Advisory URL:
Issue date: 2022-11-10
CVE Names: CVE-2020-35525 CVE-2020-35527 CVE-2022-0494
CVE-2022-1353 CVE-2022-2509 CVE-2022-2588
CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-23816 CVE-2022-23825 CVE-2022-29900
CVE-2022-29901 CVE-2022-32149 CVE-2022-37434
CVE-2022-39399 CVE-2022-40674
1. Summary:
Logging Subsystem 5.5.4 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Logging Subsystem 5.5.4 - Red Hat OpenShift
Security Fix(es):
* golang: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this errata update:
For Red Hat OpenShift Logging 5.5, see the following instructions to apply
this update:
4. Bugs fixed (
2134010 - CVE-2022-32149 golang: ParseAcceptLanguage takes a long time to parse complex tags
5. JIRA issues fixed (
LOG-2674 - Many `can't remove non-existent inotify watch for: /var/log/pods/xxxxxx` errors in logfilesmetricexporter container.
LOG-3042 - Logging view plugin removes part of LogQL query
LOG-3049 - [release-5.5] Resources associated with collector / fluentd keep on getting recreated
LOG-3127 - The alerts are Fluentd when type=vector
LOG-3138 - [release-5.5] the content of secret elasticsearch-metrics-token is recreated continually
LOG-3175 - [release-5.5] Vector healthcheck fails when forwarding logs to Cloudwatch
LOG-3213 - must-gather is empty for logging with CLO image
LOG-3234 - [release-5.5] Loki gateway is crashing because cipher-suites are not set
LOG-3251 - [release-5.5] Adding Valid Subscription Annotation
6. References:
7. Contact:
The Red Hat security contact is <Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.>. More contact
details at
Copyright 2022 Red Hat, Inc.
Version: GnuPG v1
RHSA-announce mailing list
Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

Login[30] or Register[31] to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By

Read more


Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.


"No secure path in the world"