-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.7.6 - Red Hat OpenShift security update Advisory ID: RHSA-2023:4933-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:4933 Issue date: 2023-09-13 CVE Names: CVE-2023-3899 CVE-2023-4456 CVE-2023-32360 CVE-2023-34969 ===================================================================== 1. Summary: Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.7.6 - Red Hat OpenShift Security Fix(es): * openshift-logging: LokiStack authorisation is cached too broadly (CVE-2023-4456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2233087 - CVE-2023-4456 openshift-logging: LokiStack authorisation is cached too broadly 5. JIRA issues fixed (https://issues.redhat.com/): LOG-4413 - Warning in Vector logs sending logs to Splunk LOG-4456 - [release-5.7] Loki search does not allow special chars LOG-4459 - [release-5.7] Search content disappears when link is copy pasted or shared with other user with opened with similar permissions on project. LOG-4460 - Loki custom labelKeys is causing vector to enter CrashLoopBackOff state LOG-4501 - Modify max_read_bytes for Vector not releasing deleted file handles 6. References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4456 https://access.redhat.com/security/cve/CVE-2023-32360 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlAdTXAAoJENzjgjWX9erEwEMP/0HXrppsXTMCWd9WphWxz0+E GSsso3fVaKKfSqR1vNTGdLdcF7OuHHGXyCtf6qiF+LZIydtVNZL/mu7BAHPAFdd8 HLrToHUNUz+1Jy/iDLebHzH+TKdonQOEzaGPm4+0qab0No4E5Fc8O7dhdMuW50Hi UvsZUZyvgoOXUz7vlRoyoyauXsJqdcEJFvBmYQlzapKt814wJB+IZtubxSocuZY1 JIxneThZPpu6wisk++7UBf87HHIQX2E5Y4/U/hWVnHqeZbUbyqfrZ24dvpkjYJGk RTyfwAETUC4fxtUhQdmOYJH3EYfnSKaJ9q92SHPFYFJPtd6PUxPLK5DlsT/fhh5p U/TzIFDl5pTa4xJJ5LLx9rY8sIBQknvTKIDG4W/LLjn0ZdCxWUyqp3eAmt+4G7iC rO1Xt0lnfr8WwcX00/ApsXEggVZ16KXHL4VbT92o6uoUdJV4baJpXlBgpirVcK6w Nt4x0bsYJ0AHYFtHsriCdakKLN5PLlNe/kKGymZUVyRc0bQwp54jZxhKKpTsFfPj /R37igcqqotQ7d7c/5kyZ9DZS5tTZYatIXOOlLioxEubgdcCPqgwNyKdMASz4+lC bzXCy6St42xi3rKCQvZ/hp06wnf/DftUHaqL3RhemuztrxQSmpo+qqWcxslUmFAh NHqXUna3+FCBrNf1hX4G =aOM3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce