When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:11675 https://access.redhat.com/errata/RHSA-2025:11675
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:11673 https://access.redhat.com/errata/RHSA-2025:11673
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:11681 https://access.redhat.com/errata/RHSA-2025:11681
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:11679 https://access.redhat.com/errata/RHSA-2025:11679
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:11677 https://access.redhat.com/errata/RHSA-2025:11677
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:12341 https://access.redhat.com/errata/RHSA-2025:12341
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:12439 https://access.redhat.com/errata/RHSA-2025:12439
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2025:12372 https://access.redhat.com/errata/RHSA-2025:12372
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2025:12325 https://access.redhat.com/errata/RHSA-2025:12325
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2025:12370 https://access.redhat.com/errata/RHSA-2025:12370
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:12437 https://access.redhat.com/errata/RHSA-2025:12437
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:13327 https://access.redhat.com/errata/RHSA-2025:13327
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:13338 https://access.redhat.com/errata/RHSA-2025:13338
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:13336 https://access.redhat.com/errata/RHSA-2025:13336
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:13325 https://access.redhat.com/errata/RHSA-2025:13325
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:13291 https://access.redhat.com/errata/RHSA-2025:13291
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:13289 https://access.redhat.com/errata/RHSA-2025:13289