Red Hat Security Advisory 2024-4108-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4108.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:4108-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4108  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2021-47400  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)

* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)

* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)

* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)

Bug Fix(es):

* lpfc updates for rh9.4 - (14.2.0.15 14.2.0.16 patches) (JIRA:RHEL-35144)

* cifs - kernel panic with cifs_put_smb_ses (JIRA:RHEL-25787)

* Rhel-9.2- observed \"vas: Failed reconfig VAS capabilities with DLPAR \" message while running proc add rem mix operations in shared mode[5.14.0-252.el9.ppc64le][P9] (JIRA:RHEL-34086)

* CNB95: dpll: rebase DPLL to upstream v6.8 (JIRA:RHEL-36570)

* Boot process stalls during initial loading of RHEL9.2 between the 59th and 100th AC cycle (JIRA:RHEL-36681)

* ice: DPLL-related fixes (JIRA:RHEL-36714)

* [HPE RHEL 9.2 BUG] x86/platform/uv: UV support for sub-NUMA clustering (JIRA:RHEL-37595)

* CNB95: net/sched: update TC core to upstream v6.8 (JIRA:RHEL-37640)

* [ice] Entering Safe Mode because DDP package could not be loaded and hit panic then (JIRA:RHEL-38906)

* [ice] Add automatic VF reset on Tx MDD events (JIRA:RHEL-39082)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47400

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2280745  
https://bugzilla.redhat.com/show_bug.cgi?id=2281127  
https://bugzilla.redhat.com/show_bug.cgi?id=2281740  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2282336  
https://bugzilla.redhat.com/show_bug.cgi?id=2284581

Red Hat Security Advisory 2024-4108-03

Red Hat Security Advisory 2024-4107-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4107.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security and bug fix updateAdvisory ID:        RHSA-2024:4107-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4107Issue date:         2024-06-26Revision:           03CVE Names:          CVE-2022-1048====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)Bug Fix(es):* core: backport rps_default_mask support (JIRA:RHEL-26427)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-1048References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2066706https://bugzilla.redhat.com/show_bug.cgi?id=2270881https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-4107-03

Red Hat Security Advisory 2024-4106-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4106.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:4106-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4106  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2021-47400  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)

* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)

* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)

* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47400

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2280745  
https://bugzilla.redhat.com/show_bug.cgi?id=2281127  
https://bugzilla.redhat.com/show_bug.cgi?id=2281740  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2282336  
https://bugzilla.redhat.com/show_bug.cgi?id=2284581

Red Hat Security Advisory 2024-4106-03

Red Hat Security Advisory 2024-4101-03 - An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4101.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: samba security updateAdvisory ID:        RHSA-2024:4101-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4101Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2023-34966====================================================================Summary: An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.Security Fix(es):* samba: infinite loop in mdssvc RPC service for spotlight (CVE-2023-34966)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-34966References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2222793

Red Hat Security Advisory 2024-4101-03

Red Hat Security Advisory 2024-4098-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4098.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security updateAdvisory ID:        RHSA-2024:4098-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4098Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2023-2002====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operatingsystem.Security Fix(es):* Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-2002References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2187308

Red Hat Security Advisory 2024-4098-03

Red Hat Security Advisory 2024-4092-03 - An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4092.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: redhat-ds:12 security, bug fix update  
Advisory ID:        RHSA-2024:4092-03  
Product:            Red Hat Directory Server  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4092  
Issue date:         2024-06-25  
Revision:           03  
CVE Names:          CVE-2024-2199  
====================================================================

Summary: 

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

Description:

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.

Security Fix(es):

* 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) (2267976)

* 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199) (2274401)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* One level scoped search now returns a subsuffix correctly (BZ#2292903)

* Improved performance of filter component evaluation when tested against a large value set, such as group members (BZ#2293001)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-2199

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2267976  
https://bugzilla.redhat.com/show_bug.cgi?id=2274401  
https://bugzilla.redhat.com/show_bug.cgi?id=2292903  
https://bugzilla.redhat.com/show_bug.cgi?id=2293001

Red Hat Security Advisory 2024-4092-03

Red Hat Security Advisory 2024-4084-03 - An update for git is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4084.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: git security update  
Advisory ID:        RHSA-2024:4084-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4084  
Issue date:         2024-06-25  
Revision:           03  
CVE Names:          CVE-2024-32002  
====================================================================

Summary: 

An update for git is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: Recursive clones RCE (CVE-2024-32002)

* git: RCE while cloning local repos (CVE-2024-32004)

* git: additional local RCE (CVE-2024-32465)

* git: insecure hardlinks (CVE-2024-32020)

* git: symlink bypass (CVE-2024-32021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-32002

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280421  
https://bugzilla.redhat.com/show_bug.cgi?id=2280428  
https://bugzilla.redhat.com/show_bug.cgi?id=2280446  
https://bugzilla.redhat.com/show_bug.cgi?id=2280466  
https://bugzilla.redhat.com/show_bug.cgi?id=2280484

Red Hat Security Advisory 2024-4084-03

Red Hat Security Advisory 2024-4083-03 - An update for git is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4083.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: git security update  
Advisory ID:        RHSA-2024:4083-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4083  
Issue date:         2024-06-25  
Revision:           03  
CVE Names:          CVE-2024-32002  
====================================================================

Summary: 

An update for git is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: Recursive clones RCE (CVE-2024-32002)

* git: RCE while cloning local repos (CVE-2024-32004)

* git: additional local RCE (CVE-2024-32465)

* git: insecure hardlinks (CVE-2024-32020)

* git: symlink bypass (CVE-2024-32021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-32002

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280421  
https://bugzilla.redhat.com/show_bug.cgi?id=2280428  
https://bugzilla.redhat.com/show_bug.cgi?id=2280446  
https://bugzilla.redhat.com/show_bug.cgi?id=2280466  
https://bugzilla.redhat.com/show_bug.cgi?id=2280484

Red Hat Security Advisory 2024-4083-03

Red Hat Security Advisory 2024-4081-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4081.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: [23.0] Security update for the 23.0 release (RPMs)Advisory ID:        RHSA-2024:4081-03Product:            Red Hat build of QuarkusAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4081Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-20954====================================================================Summary: An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container image on top of the latest release of OpenJDK 17.0.11.Security Fix(es):* org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access(CVE-2024-20954)* org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service(CVE-2024-21098)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20954References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2278636https://bugzilla.redhat.com/show_bug.cgi?id=2278674

Red Hat Security Advisory 2024-4081-03

Red Hat Security Advisory 2024-4079-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4079.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: [23.1] Security update for the 23.1 release (RPMs)Advisory ID:        RHSA-2024:4079-03Product:            Red Hat build of QuarkusAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4079Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-20954====================================================================Summary: An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages isnow available for the Red Hat build of Quarkus.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:The quarkus-mandrel-java and quarkus-mandrel-231 packages provide theGraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1 container image on top of the latest release of OpenJDK 21.0.3.Security Fix(es):* org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access(CVE-2024-20954)* org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service(CVE-2024-21098)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20954References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2278636https://bugzilla.redhat.com/show_bug.cgi?id=2278674

Tag

#red_hat