CVE-2022-0552 A flaw was found in the fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete.

CVE-2022-0552 A flaw was found in the fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete.

A new version has been released to fix this issue. The new maven package is origin-aggregated-logging-3.12. The updated image is available in the RBAC Registry. The updated image is available in the RBAC Registry. Users of OpenShift 4.1 are urged to upgrade their systems as soon as possible. End users should contact their system administrators for information on how to upgrade their systems.

OpenShift 4.1 Release Highlights

- Cross-origin resource sharing (CORS) support has been introduced in the 4.1 release of OpenShift
- The OpenShift CLI now provides a more user-friendly and consistent experience for running commands across multiple projects
- Image repositories have been added to OpenShift, which enables users to easily manage images
- The Spring Boot application is now included in the default installation of OpenShift 4.1
- Support for WebSockets has been added in the 4.1 release of OpenShift

Realm/Origin Specific Notes

The new maven package is origin-aggregated-logging-3.12.
The updated image is available in the RBAC Registry.

What is Origin-Aggregated Logging?

Origin-aggregated logging is a middleware mechanism that aggregates the logs of all pods in an application, originates them into a central location, and then makes them available for inspection.
A vulnerability was discovered in the Origin-Aggregated Logging (OAL) feature of OpenShift 4.1 that could allow an attacker to craft a malicious request to get read and write access to files in the log directory. This would allow the attacker to potentially read or write arbitrary files from within the container which may contain sensitive information such as database credentials or configuration files.

What is Origin Aggregated Logging?

Origin Aggregated Logging (OAL) is a logging agent that sends all log entries and aggregates them into one file. This reduces the number of files to manage and simplifies log maintenance.

What is origin-aggregated-logging?

A new version has been released to fix this issue. The new maven package is origin-aggregated-logging-3.12. The updated image is available in the RBAC Registry. The updated image is available in the RBAC Registry. Users of OpenShift 4.1 are urged to upgrade their systems as soon as possible. End users should contact their system administrators for information on how to upgrade their systems.
Origin aggregating is a method of collecting logs from multiple servers and archives them together into a single location, typically an S3 bucket or HPSS repository compatible with Hadoop Distributed File System (HDFS). This enables organizations, such as Google, Facebook, and Twitter to reduce costs by sharing infrastructure and reducing storage needs and backup windows.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe