Issued:: 2024-02-27
Updated:: 2024-02-27

RHSA-2024:0998 - Low: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containers

Synopsis

Low: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containers

Type/Severity

Security Advisory Low

Topic

Red Hat OpenShift distributed tracing 3.1.0

Red Hat Product Security has rated this update as having a security impact of "Low". A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Release of Red Hat OpenShift distributed tracing provides these changes: OpenTelemetry: support for target allocator. Tempo: Monolithic CRD, alerting for span RED metrics, TraceQL support for gateway. OpenTelemetry version 0.93.0. Tempo 2.3.1, Jaeger 1.53.0.

Security Fix(es):

CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()

Solution

Red Hat OpenShift distributed tracing Release

Affected Products

Product	Version	Arch
Red Hat OpenShift distributed tracing	3	x86_64
Red Hat OpenShift distributed tracing for Power, little endian	3	ppc64le
Red Hat OpenShift distributed tracing for IBM Z and LinuxONE	3	s390x
Red Hat OpenShift distributed tracing for ARM	3	aarch64

Fixes

CVEs

References

https://access.redhat.com/security/updates/classification/#low

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.