RHBA-2023:7229 - Bug Fix Advisory

Topic

An updated ubi9-minimal container image is now available in the Red Hat container registry.

Description

The Universal Base Image Minimal (ubi9-minimal) is a stripped-down image that uses microdnf as the package manager.

This updates the ubi9-minimal image in the Red Hat container registry.

To pull a container image, run the following command as root:

podman pull registry.access.redhat.com/<image_name>

Solution

The container images provided by this update can be downloaded from the Red Hat container registry at registry.access.redhat.com using the "podman pull" command.

For more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.

Affected Products

• Red Hat Enterprise Linux for x86_64 9 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
• Red Hat Enterprise Linux Server - AUS 9.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems 9 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
• Red Hat Enterprise Linux for Power, little endian 9 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
• Red Hat Enterprise Linux for ARM 64 9 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
• Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
• Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

• BZ - 2241933 - CVE-2023-38545 curl: heap based buffer overflow in the SOCKS5 proxy handshake
• BZ - 2241938 - CVE-2023-38546 curl: cookie injection with none file

CVEs

• CVE-2023-38545
• CVE-2023-38546

References

• https://catalog.redhat.com/software/containers/search