Red Hat Security Advisory 2024-4499-03 - An update for ruby is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4499.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby security updateAdvisory ID:        RHSA-2024:4499-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4499Issue date:         2024-07-11Revision:           03CVE Names:          CVE-2023-36617====================================================================Summary: An update for ruby is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)* REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36617References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2218614https://bugzilla.redhat.com/show_bug.cgi?id=2270749https://bugzilla.redhat.com/show_bug.cgi?id=2270750https://bugzilla.redhat.com/show_bug.cgi?id=2276810https://bugzilla.redhat.com/show_bug.cgi?id=2280894

Red Hat Security Advisory 2024-4499-03

Red Hat Security Advisory 2024-4464-03 - Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General Availability release images, which apply security fixes and fix bugs. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4464.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: Red Hat Advanced Cluster Management 2.10.4 security updates and bug fixes  
Advisory ID:        RHSA-2024:4464-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4464  
Issue date:         2024-07-11  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General  
Availability release images, which apply security fixes and fix bugs.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.10.4 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/release_notes/index

Security fix:

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

Jira issues addressed:

* ACM-11006: Trying to edit an Application from ACM console fails with error: 'Cannot read properties of undefined'

* ACM-11662 endpoint-observability-operator has an extra replicaset that keeps spawning pods that gets killed constantly, causing alerts to fire

* ACM-11961: Auto import of managed clusters remains stuck on switching hubs

* ACM-11986: Managed clusters created by RHACM do not reconnect to an AODP restored ACM on their own

* ACM-12133: Edit an existing appsub results on creating another subscription with errors

* ACM-12405: Unable to deploy Latest OCP 4.16 - generating manifests fails with 'GLIBC_2.34' not found

* ACM-12436: \"Could not start a watch request\" error when using OperatorPolicy

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html-single/install/index#installing

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#low  
https://issues.redhat.com/browse/ACM-11006  
https://issues.redhat.com/browse/ACM-11662  
https://issues.redhat.com/browse/ACM-11961  
https://issues.redhat.com/browse/ACM-11986  
https://issues.redhat.com/browse/ACM-12028  
https://issues.redhat.com/browse/ACM-12091  
https://issues.redhat.com/browse/ACM-12133  
https://issues.redhat.com/browse/ACM-12258  
https://issues.redhat.com/browse/ACM-12405  
https://issues.redhat.com/browse/ACM-12436

Red Hat Security Advisory 2024-4464-03

Red Hat Security Advisory 2024-4462-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4462.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ghostscript security updateAdvisory ID:        RHSA-2024:4462-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4462Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-33871====================================================================Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-33871References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2283508

Red Hat Security Advisory 2024-4462-03

Red Hat Security Advisory 2024-4460-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4460.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Data Grid 8.5.0 security updateAdvisory ID:        RHSA-2024:4460-03Product:            Red Hat JBoss Data GridAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4460Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-29025====================================================================Summary: An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.5.0 replaces Data Grid 8.4.8 and includes bug fixes and enhancements. Find out more about Data Grid 8.5.0 in the Release Notes[3].Security Fix(es):* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak [jdg-8] (CVE-2024-29180)* CVE-2024-29025 netty-codec-http: Allocation of Resources Without Limits or Throttling [jdg-8] (CVE-2024-29025)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-29025References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.5/html-single/red_hat_data_grid_8.5_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2270863https://bugzilla.redhat.com/show_bug.cgi?id=2272907

Red Hat Security Advisory 2024-4460-03

Red Hat Security Advisory 2024-4457-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4457.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: openssh security updateAdvisory ID:        RHSA-2024:4457-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4457Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-6409====================================================================Summary: An update for openssh is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 (CVE-2024-6409)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6409References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2295085

Red Hat Security Advisory 2024-4457-03

Red Hat Security Advisory 2024-4456-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a traversal vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4456.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3 security updateAdvisory ID:        RHSA-2024:4456-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4456Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2276518

Red Hat Security Advisory 2024-4456-03

Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4455.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Virtualization 4.16.0 Images security update  
Advisory ID:        RHSA-2024:4455-03  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4455  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45857  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.16.0 images.

Security Fix(es):

* axios: exposure of confidential data stored in cookies (CVE-2023-45857)

* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45857

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2248979  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://issues.redhat.com/browse/CNV-18671  
https://issues.redhat.com/browse/CNV-23541  
https://issues.redhat.com/browse/CNV-23927  
https://issues.redhat.com/browse/CNV-28040  
https://issues.redhat.com/browse/CNV-29298  
https://issues.redhat.com/browse/CNV-29431  
https://issues.redhat.com/browse/CNV-29476  
https://issues.redhat.com/browse/CNV-29869  
https://issues.redhat.com/browse/CNV-30877  
https://issues.redhat.com/browse/CNV-31319  
https://issues.redhat.com/browse/CNV-31828  
https://issues.redhat.com/browse/CNV-32664  
https://issues.redhat.com/browse/CNV-32812  
https://issues.redhat.com/browse/CNV-32997  
https://issues.redhat.com/browse/CNV-33184  
https://issues.redhat.com/browse/CNV-33527  
https://issues.redhat.com/browse/CNV-33529  
https://issues.redhat.com/browse/CNV-33701  
https://issues.redhat.com/browse/CNV-33836  
https://issues.redhat.com/browse/CNV-34072  
https://issues.redhat.com/browse/CNV-34180  
https://issues.redhat.com/browse/CNV-34488  
https://issues.redhat.com/browse/CNV-34884  
https://issues.redhat.com/browse/CNV-35213  
https://issues.redhat.com/browse/CNV-35452  
https://issues.redhat.com/browse/CNV-35728  
https://issues.redhat.com/browse/CNV-35729  
https://issues.redhat.com/browse/CNV-35763  
https://issues.redhat.com/browse/CNV-35782  
https://issues.redhat.com/browse/CNV-35859  
https://issues.redhat.com/browse/CNV-36130  
https://issues.redhat.com/browse/CNV-36208  
https://issues.redhat.com/browse/CNV-36209  
https://issues.redhat.com/browse/CNV-36210  
https://issues.redhat.com/browse/CNV-36211  
https://issues.redhat.com/browse/CNV-36271  
https://issues.redhat.com/browse/CNV-36299  
https://issues.redhat.com/browse/CNV-36837  
https://issues.redhat.com/browse/CNV-37111  
https://issues.redhat.com/browse/CNV-37373  
https://issues.redhat.com/browse/CNV-37376  
https://issues.redhat.com/browse/CNV-37377  
https://issues.redhat.com/browse/CNV-37378  
https://issues.redhat.com/browse/CNV-37382  
https://issues.redhat.com/browse/CNV-37383  
https://issues.redhat.com/browse/CNV-37412  
https://issues.redhat.com/browse/CNV-37462  
https://issues.redhat.com/browse/CNV-37501  
https://issues.redhat.com/browse/CNV-37629  
https://issues.redhat.com/browse/CNV-37667  
https://issues.redhat.com/browse/CNV-37685  
https://issues.redhat.com/browse/CNV-37788  
https://issues.redhat.com/browse/CNV-37857  
https://issues.redhat.com/browse/CNV-37859  
https://issues.redhat.com/browse/CNV-38129  
https://issues.redhat.com/browse/CNV-38270  
https://issues.redhat.com/browse/CNV-38375  
https://issues.redhat.com/browse/CNV-38404  
https://issues.redhat.com/browse/CNV-38450  
https://issues.redhat.com/browse/CNV-38568  
https://issues.redhat.com/browse/CNV-38596  
https://issues.redhat.com/browse/CNV-38608  
https://issues.redhat.com/browse/CNV-38609  
https://issues.redhat.com/browse/CNV-38655  
https://issues.redhat.com/browse/CNV-38700  
https://issues.redhat.com/browse/CNV-38707  
https://issues.redhat.com/browse/CNV-38724  
https://issues.redhat.com/browse/CNV-38883  
https://issues.redhat.com/browse/CNV-38887  
https://issues.redhat.com/browse/CNV-38902  
https://issues.redhat.com/browse/CNV-39028  
https://issues.redhat.com/browse/CNV-39030  
https://issues.redhat.com/browse/CNV-39034  
https://issues.redhat.com/browse/CNV-39056  
https://issues.redhat.com/browse/CNV-39101  
https://issues.redhat.com/browse/CNV-39371  
https://issues.redhat.com/browse/CNV-39418  
https://issues.redhat.com/browse/CNV-39421  
https://issues.redhat.com/browse/CNV-39425  
https://issues.redhat.com/browse/CNV-39469  
https://issues.redhat.com/browse/CNV-39558  
https://issues.redhat.com/browse/CNV-39618  
https://issues.redhat.com/browse/CNV-39659  
https://issues.redhat.com/browse/CNV-39682  
https://issues.redhat.com/browse/CNV-39685  
https://issues.redhat.com/browse/CNV-39722  
https://issues.redhat.com/browse/CNV-39727  
https://issues.redhat.com/browse/CNV-39752  
https://issues.redhat.com/browse/CNV-39753  
https://issues.redhat.com/browse/CNV-39878  
https://issues.redhat.com/browse/CNV-39880  
https://issues.redhat.com/browse/CNV-39893  
https://issues.redhat.com/browse/CNV-39940  
https://issues.redhat.com/browse/CNV-39941  
https://issues.redhat.com/browse/CNV-39946  
https://issues.redhat.com/browse/CNV-39978  
https://issues.redhat.com/browse/CNV-39995  
https://issues.redhat.com/browse/CNV-40006  
https://issues.redhat.com/browse/CNV-40120  
https://issues.redhat.com/browse/CNV-40136  
https://issues.redhat.com/browse/CNV-40161  
https://issues.redhat.com/browse/CNV-40162  
https://issues.redhat.com/browse/CNV-40164  
https://issues.redhat.com/browse/CNV-40196  
https://issues.redhat.com/browse/CNV-40200  
https://issues.redhat.com/browse/CNV-40242  
https://issues.redhat.com/browse/CNV-40258  
https://issues.redhat.com/browse/CNV-40334  
https://issues.redhat.com/browse/CNV-40335  
https://issues.redhat.com/browse/CNV-40336  
https://issues.redhat.com/browse/CNV-40341  
https://issues.redhat.com/browse/CNV-40344  
https://issues.redhat.com/browse/CNV-40419  
https://issues.redhat.com/browse/CNV-40445  
https://issues.redhat.com/browse/CNV-40455  
https://issues.redhat.com/browse/CNV-40457  
https://issues.redhat.com/browse/CNV-40598  
https://issues.redhat.com/browse/CNV-40682  
https://issues.redhat.com/browse/CNV-40776  
https://issues.redhat.com/browse/CNV-40846  
https://issues.redhat.com/browse/CNV-40886  
https://issues.redhat.com/browse/CNV-40903  
https://issues.redhat.com/browse/CNV-41084  
https://issues.redhat.com/browse/CNV-41139  
https://issues.redhat.com/browse/CNV-41195  
https://issues.redhat.com/browse/CNV-41199  
https://issues.redhat.com/browse/CNV-41200  
https://issues.redhat.com/browse/CNV-41203  
https://issues.redhat.com/browse/CNV-41206  
https://issues.redhat.com/browse/CNV-41209  
https://issues.redhat.com/browse/CNV-41210  
https://issues.redhat.com/browse/CNV-41224  
https://issues.redhat.com/browse/CNV-41286  
https://issues.redhat.com/browse/CNV-41355  
https://issues.redhat.com/browse/CNV-41385  
https://issues.redhat.com/browse/CNV-41386  
https://issues.redhat.com/browse/CNV-41402  
https://issues.redhat.com/browse/CNV-41474  
https://issues.redhat.com/browse/CNV-41494  
https://issues.redhat.com/browse/CNV-41495  
https://issues.redhat.com/browse/CNV-41503  
https://issues.redhat.com/browse/CNV-41507  
https://issues.redhat.com/browse/CNV-41522  
https://issues.redhat.com/browse/CNV-41526  
https://issues.redhat.com/browse/CNV-41550  
https://issues.redhat.com/browse/CNV-41579  
https://issues.redhat.com/browse/CNV-41590  
https://issues.redhat.com/browse/CNV-41600  
https://issues.redhat.com/browse/CNV-41604  
https://issues.redhat.com/browse/CNV-41632  
https://issues.redhat.com/browse/CNV-41640  
https://issues.redhat.com/browse/CNV-41772  
https://issues.redhat.com/browse/CNV-41804  
https://issues.redhat.com/browse/CNV-41844  
https://issues.redhat.com/browse/CNV-41846  
https://issues.redhat.com/browse/CNV-41959  
https://issues.redhat.com/browse/CNV-42015  
https://issues.redhat.com/browse/CNV-42052  
https://issues.redhat.com/browse/CNV-42087  
https://issues.redhat.com/browse/CNV-42363  
https://issues.redhat.com/browse/CNV-42622  
https://issues.redhat.com/browse/CNV-42786  
https://issues.redhat.com/browse/CNV-42844  
https://issues.redhat.com/browse/CNV-42853  
https://issues.redhat.com/browse/CNV-42884  
https://issues.redhat.com/browse/CNV-43024  
https://issues.redhat.com/browse/CNV-43027  
https://issues.redhat.com/browse/CNV-43033  
https://issues.redhat.com/browse/CNV-43039  
https://issues.redhat.com/browse/CNV-43041  
https://issues.redhat.com/browse/CNV-43069  
https://issues.redhat.com/browse/CNV-43194  
https://issues.redhat.com/browse/CNV-43205

Red Hat Security Advisory 2024-4455-03

Red Hat Security Advisory 2024-4321-03 - Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4321.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.21 bug fix and security update  
Advisory ID:        RHSA-2024:4321-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4321  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.21. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:4324

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-27221  
https://issues.redhat.com/browse/OCPBUGS-33619  
https://issues.redhat.com/browse/OCPBUGS-34156  
https://issues.redhat.com/browse/OCPBUGS-34665  
https://issues.redhat.com/browse/OCPBUGS-34912  
https://issues.redhat.com/browse/OCPBUGS-34949  
https://issues.redhat.com/browse/OCPBUGS-35552  
https://issues.redhat.com/browse/OCPBUGS-35736  
https://issues.redhat.com/browse/OCPBUGS-35749  
https://issues.redhat.com/browse/OCPBUGS-35935  
https://issues.redhat.com/browse/OCPBUGS-35988  
https://issues.redhat.com/browse/OCPBUGS-36150  
https://issues.redhat.com/browse/OCPBUGS-36151  
https://issues.redhat.com/browse/OCPBUGS-36225  
https://issues.redhat.com/browse/OCPBUGS-36258  
https://issues.redhat.com/browse/OCPBUGS-36279  
https://issues.redhat.com/browse/OCPBUGS-36287  
https://issues.redhat.com/browse/OCPBUGS-36306  
https://issues.redhat.com/browse/OCPBUGS-36312  
https://issues.redhat.com/browse/OCPBUGS-36374  
https://issues.redhat.com/browse/OCPBUGS-36377

Red Hat Security Advisory 2024-4321-03

Red Hat Security Advisory 2024-2096-03 - Moderate: Logging for Red Hat OpenShift - 5.9.1.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2096.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: security update Logging for Red Hat OpenShift - 5.9.1  
Advisory ID:        RHSA-2024:2096-03  
Product:            logging for Red Hat OpenShift  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2096  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45289  
====================================================================

Summary: 

Moderate: Logging for Red Hat OpenShift - 5.9.1

Description:

Logging for Red Hat OpenShift - 5.9.1

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

https://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html

CVEs:

CVE-2023-45289

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/LOG-4672  
https://issues.redhat.com/browse/LOG-5062  
https://issues.redhat.com/browse/LOG-5268  
https://issues.redhat.com/browse/LOG-5278  
https://issues.redhat.com/browse/LOG-5307  
https://issues.redhat.com/browse/LOG-5309  
https://issues.redhat.com/browse/LOG-5322  
https://issues.redhat.com/browse/LOG-5323  
https://issues.redhat.com/browse/LOG-5395  
https://issues.redhat.com/browse/LOG-5397  
https://issues.redhat.com/browse/LOG-5401

Red Hat Security Advisory 2024-2096-03

Ubuntu Security Notice 6890-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6890-1July 10, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-6601,CVE-2024-6604, CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611,CVE-2024-6612, CVE-2024-6613, CVE-2024-6614, CVE-2024-6615)It was discovered that Firefox did not properly manage certain memoryoperations in the NSS. An attacker could potentially exploit this issue tocause a denial of service, or execute arbitrary code. (CVE-2024-6602,CVE-2024-6609)Irvan Kurniawan discovered that Firefox did not properly manage memoryduring thread creation. An attacker could potentially exploit thisissue to cause a denial of service, or execute arbitrary code.(CVE-2024-6603)It was discovered that Firefox incorrectly handled array accesses in theclipboard component, leading to an out-of-bounds read vulnerability. Anattacker could possibly use this issue to cause a denial of service orexpose sensitive information. (CVE-2024-6606)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   firefox                         128.0+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changesReferences:   https://ubuntu.com/security/notices/USN-6890-1   CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604,   CVE-2024-6606, CVE-2024-6607, CVE-2024-6608, CVE-2024-6609,   CVE-2024-6610, CVE-2024-6611, CVE-2024-6612, CVE-2024-6613,   CVE-2024-6614, CVE-2024-6615Package Information:   https://launchpad.net/ubuntu/+source/firefox/128.0+build2-0ubuntu0.20.04.1