Issued:: 2023-09-28
Updated:: 2023-09-28

RHSA-2023:5379 - Important: Network Observability 1.4.0 for OpenShift

Synopsis

Important: Network Observability 1.4.0 for OpenShift

Type/Severity

Security Advisory Important

Topic

Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.

The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Network Observability 1.4.0

Security Fix(es):

word-wrap: Regular Expression Denial of Service (CVE-2023-26115)
nodejs-semver: Regular expression denial of service (CVE-2022-25883)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Product	Version	Arch
Network Observability (NETOBSERV)	1	x86_64
Network Observability (NETOBSERV) for IBM Z and LinuxONE	1	s390x
Network Observability (NETOBSERV) for IBM Power, little endian	1	ppc64le
Network Observability (NETOBSERV) for ARM 64	1	aarch64

Fixes

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.