RHSA-2023:1817: Moderate: Network observability 1.2.0 for Openshift
Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.The operator provides dashboards, metrics, and keeps flows accessible in aqueryable log store, Grafana Loki. When a FlowCollector is deployed, newdashboards are available in the Console.This update contains bug fixes.Security Fix(es): golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:1817?
The severity of RHSA-2023:1817 is categorized as important.
How do I fix RHSA-2023:1817?
To fix RHSA-2023:1817, update OpenShift Network Observability to version 1.2.1 or later.
What versions of OpenShift Network Observability are affected by RHSA-2023:1817?
OpenShift Network Observability version 1.2.0 is the only affected version for RHSA-2023:1817.
What type of vulnerability is listed in RHSA-2023:1817?
RHSA-2023:1817 addresses vulnerabilities related to network observability and monitoring pipeline security.
Is there a workaround for RHSA-2023:1817?
There is no official workaround for RHSA-2023:1817; the recommended resolution is to update to a patched version.