Red Hat Security Advisory 2024-8876-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8876.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: go-toolset:rhel8 security updateAdvisory ID:        RHSA-2024:8876-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8876Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-24790====================================================================Summary: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es):* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-24790References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292787

Red Hat Security Advisory 2024-8876-03

Red Hat Security Advisory 2024-8874-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8874.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: haproxy security updateAdvisory ID:        RHSA-2024:8874-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8874Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2023-45539====================================================================Summary: An update for haproxy is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.Security Fix(es):* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45539References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253037

Red Hat Security Advisory 2024-8874-03

Red Hat Security Advisory 2024-8870-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, null pointer, and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8870.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:8870-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8870  
Issue date:         2024-11-05  
Revision:           03  
CVE Names:          CVE-2022-48773  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

* kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

* kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

* kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

* kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

* kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

* kernel: nouveau: lock the client object tree. (CVE-2024-27062)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

* kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)

* kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

* kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)

* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

* kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

* kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

* kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

* kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

* kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

* kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

* kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

* kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

* kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

* kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-48773

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2266247  
https://bugzilla.redhat.com/show_bug.cgi?id=2269183  
https://bugzilla.redhat.com/show_bug.cgi?id=2275750  
https://bugzilla.redhat.com/show_bug.cgi?id=2277168  
https://bugzilla.redhat.com/show_bug.cgi?id=2278262  
https://bugzilla.redhat.com/show_bug.cgi?id=2278350  
https://bugzilla.redhat.com/show_bug.cgi?id=2278387  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281669  
https://bugzilla.redhat.com/show_bug.cgi?id=2281817  
https://bugzilla.redhat.com/show_bug.cgi?id=2293356  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293458  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297475  
https://bugzilla.redhat.com/show_bug.cgi?id=2297508  
https://bugzilla.redhat.com/show_bug.cgi?id=2297545  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2297568  
https://bugzilla.redhat.com/show_bug.cgi?id=2298109  
https://bugzilla.redhat.com/show_bug.cgi?id=2298412  
https://bugzilla.redhat.com/show_bug.cgi?id=2300412  
https://bugzilla.redhat.com/show_bug.cgi?id=2300442  
https://bugzilla.redhat.com/show_bug.cgi?id=2300487  
https://bugzilla.redhat.com/show_bug.cgi?id=2300488  
https://bugzilla.redhat.com/show_bug.cgi?id=2300508  
https://bugzilla.redhat.com/show_bug.cgi?id=2300517  
https://bugzilla.redhat.com/show_bug.cgi?id=2307862  
https://bugzilla.redhat.com/show_bug.cgi?id=2307865  
https://bugzilla.redhat.com/show_bug.cgi?id=2307892  
https://bugzilla.redhat.com/show_bug.cgi?id=2309852  
https://bugzilla.redhat.com/show_bug.cgi?id=2309853  
https://bugzilla.redhat.com/show_bug.cgi?id=2311715  
https://bugzilla.redhat.com/show_bug.cgi?id=2315178  
https://bugzilla.redhat.com/show_bug.cgi?id=2317601

Red Hat Security Advisory 2024-8870-03

Red Hat Security Advisory 2024-8860-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8860.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: krb5 security updateAdvisory ID:        RHSA-2024:8860-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8860Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-3596====================================================================Summary: An update for krb5 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* freeradius: forgery attack (CVE-2024-3596)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-3596References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263240https://issues.redhat.com/browse/RHEL-50253

Red Hat Security Advisory 2024-8860-03

Red Hat Security Advisory 2024-8859-03 - An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8859.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: xmlrpc-c security updateAdvisory ID:        RHSA-2024:8859-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8859Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-45491====================================================================Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.Security Fix(es):* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-45491References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2308616

Red Hat Security Advisory 2024-8859-03

Red Hat Security Advisory 2024-8856-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, null pointer, and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8856.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8856-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8856  
Issue date:         2024-11-05  
Revision:           03  
CVE Names:          CVE-2022-48773  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

* kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

* kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

* kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

* kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

* kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

* kernel: nouveau: lock the client object tree. (CVE-2024-27062)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

* kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)

* kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

* kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)

* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

* kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

* kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

* kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

* kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

* kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

* kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

* kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

* kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

* kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

* kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-48773

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2266247  
https://bugzilla.redhat.com/show_bug.cgi?id=2269183  
https://bugzilla.redhat.com/show_bug.cgi?id=2275750  
https://bugzilla.redhat.com/show_bug.cgi?id=2277168  
https://bugzilla.redhat.com/show_bug.cgi?id=2278262  
https://bugzilla.redhat.com/show_bug.cgi?id=2278350  
https://bugzilla.redhat.com/show_bug.cgi?id=2278387  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281669  
https://bugzilla.redhat.com/show_bug.cgi?id=2281817  
https://bugzilla.redhat.com/show_bug.cgi?id=2293356  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293458  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297475  
https://bugzilla.redhat.com/show_bug.cgi?id=2297508  
https://bugzilla.redhat.com/show_bug.cgi?id=2297545  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2297568  
https://bugzilla.redhat.com/show_bug.cgi?id=2298109  
https://bugzilla.redhat.com/show_bug.cgi?id=2298412  
https://bugzilla.redhat.com/show_bug.cgi?id=2300412  
https://bugzilla.redhat.com/show_bug.cgi?id=2300442  
https://bugzilla.redhat.com/show_bug.cgi?id=2300487  
https://bugzilla.redhat.com/show_bug.cgi?id=2300488  
https://bugzilla.redhat.com/show_bug.cgi?id=2300508  
https://bugzilla.redhat.com/show_bug.cgi?id=2300517  
https://bugzilla.redhat.com/show_bug.cgi?id=2307862  
https://bugzilla.redhat.com/show_bug.cgi?id=2307865  
https://bugzilla.redhat.com/show_bug.cgi?id=2307892  
https://bugzilla.redhat.com/show_bug.cgi?id=2309852  
https://bugzilla.redhat.com/show_bug.cgi?id=2309853  
https://bugzilla.redhat.com/show_bug.cgi?id=2311715  
https://bugzilla.redhat.com/show_bug.cgi?id=2315178  
https://bugzilla.redhat.com/show_bug.cgi?id=2317601

Red Hat Security Advisory 2024-8856-03

Red Hat Security Advisory 2024-8849-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8849.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: haproxy security updateAdvisory ID:        RHSA-2024:8849-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8849Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2023-45539====================================================================Summary: An update for haproxy is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.Security Fix(es):* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45539References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253037

Red Hat Security Advisory 2024-8849-03

Red Hat Security Advisory 2024-8847-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8847.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: grafana-pcp security updateAdvisory ID:        RHSA-2024:8847-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8847Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-9355====================================================================Summary: An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.Security Fix(es):* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9355References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2315719

Red Hat Security Advisory 2024-8847-03

Red Hat Security Advisory 2024-8846-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8846.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:8846-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8846Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-9341====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341)* Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9341References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315691https://bugzilla.redhat.com/show_bug.cgi?id=2315887https://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8846-03

Red Hat Security Advisory 2024-8843-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8843.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.11-urllib3 security updateAdvisory ID:        RHSA-2024:8843-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8843Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Tag

#linux