RHBA-2024:10997 - Bug Fix Advisory

Topic

An update for flatpak-runtime-container and flatpak-sdk-container is now available for Red Hat Enterprise Linux 8.

Description

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2278445 - CVE-2024-27043 kernel: media: edia: dvbdev: fix a use-after-free
• BZ - 2280462 - CVE-2024-27399 kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
• BZ - 2293429 - CVE-2024-38564 kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
• BZ - 2315210 - CVE-2024-46858 kernel: mptcp: pm: Fix uaf in __timer_delete_sync
• BZ - 2319212 - CVE-2024-10041 pam: libpam: Libpam vulnerable to read hashed password
• BZ - 2321440 - CVE-2024-9287 python: Virtual environment (venv) activation scripts don't quote paths
• BZ - 2322153 - CVE-2024-49761 rexml: REXML ReDoS vulnerability
• BZ - 2324291 - CVE-2024-10963 pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
• BZ - 2325776 - CVE-2024-11168 python: Improper validation of IPv6 and IPvFuture addresses
• RHEL-23018 - Using "pam_access", ssh login fails with this entry in /etc/security/access.conf "+:username:127.0.0.1"

CVEs

(none)

References

• https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.10_release_notes/index