Red Hat Product Errata RHBA-2024:1702 - Bug Fix Advisory
Issued:
2024-04-08
Updated:
2024-04-08

RHBA-2024:1702 - Bug Fix Advisory

Synopsis

updated Red Hat Enterprise Linux 8 container images

Type/Severity

Bug Fix Advisory

Topic

Updated Red Hat Enterprise Linux 8 container images are now available

Description

The Red Hat Enterprise Linux 8 container images have been updated to address the following security advisory: RHSA-2024:1687 (see References)

Users of Red Hat Enterprise Linux 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2264569 - CVE-2023-46809 nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)
  • BZ - 2264574 - CVE-2024-22019 nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
  • BZ - 2264582 - CVE-2024-21892 nodejs: code injection and privilege escalation through Linux capabilities
  • BZ - 2265717 - CVE-2024-21896 nodejs: path traversal by monkey-patching buffer internals
  • BZ - 2265720 - CVE-2024-21891 nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization
  • BZ - 2265722 - CVE-2024-21890 nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write
  • BZ - 2265727 - CVE-2024-22017 nodejs: setuid() does not drop all privileges due to io_uring

aarch64

rhel8/nodejs-20@sha256:3fc51f78f8ece1d8245a73ae098c6d2292511be65cf29332151fac09d927411c
ubi8/nodejs-20@sha256:3fc51f78f8ece1d8245a73ae098c6d2292511be65cf29332151fac09d927411c
ubi8/nodejs-20-minimal@sha256:a9b32aa5c5eb38da3070ed471062a63d53c3578db189c90cf54900e2b6fc27e3
rhel8/nodejs-20-minimal@sha256:a9b32aa5c5eb38da3070ed471062a63d53c3578db189c90cf54900e2b6fc27e3
rhel8/perl-526@sha256:3faed9fec2d68d1628665469fc5186139411cdc335f0b00fb9e35d1a2f3d6d01
ubi8/perl-526@sha256:3faed9fec2d68d1628665469fc5186139411cdc335f0b00fb9e35d1a2f3d6d01
rhel8/perl-532@sha256:c8ea962c67b2ff5209a7856781d997305f1672419660767fe88b315fd723a5ab
ubi8/perl-532@sha256:c8ea962c67b2ff5209a7856781d997305f1672419660767fe88b315fd723a5ab
rhel8/php-74@sha256:f709ff6eeb4a3981f612c3d5b8f3ec7fa368b9d97076e37b427f1ae15cd3fc2d
ubi8/php-74@sha256:f709ff6eeb4a3981f612c3d5b8f3ec7fa368b9d97076e37b427f1ae15cd3fc2d
ubi8/php-80@sha256:7e403a9c735fc2aa01ac7db584e2c7a7e2d5caa1ded1bde433508596babfb49a
rhel8/php-80@sha256:7e403a9c735fc2aa01ac7db584e2c7a7e2d5caa1ded1bde433508596babfb49a
rhel8/python-27@sha256:de8085ca15555c63849b132850d4f224a372937e9b9dcbffd86fbd0931fd0abf
ubi8/python-27@sha256:de8085ca15555c63849b132850d4f224a372937e9b9dcbffd86fbd0931fd0abf
rhel8/python-311@sha256:797be582c8ed75e5799250f4d3d49e66d5e6a92537d158db557b0fb6478a265d
ubi8/python-311@sha256:797be582c8ed75e5799250f4d3d49e66d5e6a92537d158db557b0fb6478a265d
rhel8/python-36@sha256:f6708fbc644e8a5327c4e590607c905a21e0079cd9f88373f51bdd1ff5e19a0d
ubi8/python-36@sha256:f6708fbc644e8a5327c4e590607c905a21e0079cd9f88373f51bdd1ff5e19a0d
ubi8/python-39@sha256:fc1c9c1d48320c911b0b87fad0c7581a749ebc1553f083984bcd372320e8db6e
rhel8/python-39@sha256:fc1c9c1d48320c911b0b87fad0c7581a749ebc1553f083984bcd372320e8db6e
ubi8/ruby-25@sha256:06b27ece0308f8f66c9836f03e3d1cd62355f0e3a70230e940ac7c63c9547e71
rhel8/ruby-25@sha256:06b27ece0308f8f66c9836f03e3d1cd62355f0e3a70230e940ac7c63c9547e71
ubi8/ruby-30@sha256:b92b24b7bf43768f760e8936cc2f9fd897c5fc192fc57db5153aca93c8218191
rhel8/ruby-30@sha256:b92b24b7bf43768f760e8936cc2f9fd897c5fc192fc57db5153aca93c8218191
ubi8/ruby-31@sha256:54254a047b5f91e9a27ec3bb644c6a57412390b83e307493945670f2e2d5cfae
rhel8/ruby-31@sha256:54254a047b5f91e9a27ec3bb644c6a57412390b83e307493945670f2e2d5cfae
rhel8/s2i-base@sha256:015ce30ab977949047e7075574e50bfcf4d7f514045c5b0cef883dafe8e88516
ubi8/s2i-base@sha256:015ce30ab977949047e7075574e50bfcf4d7f514045c5b0cef883dafe8e88516

ppc64le

rhel8/nodejs-20@sha256:f6a7a951d5e0c0dfba39aa8177c02676270dc6b71965ce8dec853a94dcabd766
ubi8/nodejs-20@sha256:f6a7a951d5e0c0dfba39aa8177c02676270dc6b71965ce8dec853a94dcabd766
ubi8/nodejs-20-minimal@sha256:f016f53bef424d63fb00da9a8c1af8e76b47c2a9318e3afc5d04e53da05f1601
rhel8/nodejs-20-minimal@sha256:f016f53bef424d63fb00da9a8c1af8e76b47c2a9318e3afc5d04e53da05f1601
rhel8/perl-526@sha256:03508cb3a45632cdc9bd7f06c0d4e8cc58d1a61b4b1cf520c77b0241dc52544f
ubi8/perl-526@sha256:03508cb3a45632cdc9bd7f06c0d4e8cc58d1a61b4b1cf520c77b0241dc52544f
rhel8/perl-532@sha256:0b84442f42f04a78bf983450f724c3a3a10973bdb21b91ee8c3b6d25bc0307d3
ubi8/perl-532@sha256:0b84442f42f04a78bf983450f724c3a3a10973bdb21b91ee8c3b6d25bc0307d3
rhel8/php-74@sha256:c12593117d41615a7cee4a47776c70fabdb2ef5d31c2bc4f6256a330f7b5159a
ubi8/php-74@sha256:c12593117d41615a7cee4a47776c70fabdb2ef5d31c2bc4f6256a330f7b5159a
ubi8/php-80@sha256:b0ef9924a1ee7c7bac46b641b52357f0e07399e04249acfc83efe4c463d9f62d
rhel8/php-80@sha256:b0ef9924a1ee7c7bac46b641b52357f0e07399e04249acfc83efe4c463d9f62d
rhel8/python-27@sha256:87b6683ab695e364f029fbefecbd4129341a427298b14b983215c8380d84fbca
ubi8/python-27@sha256:87b6683ab695e364f029fbefecbd4129341a427298b14b983215c8380d84fbca
rhel8/python-311@sha256:f9e2d00dd58ac5d84cbf0dd9ba7dc8c17eee8d08fd83cf1f0344a01fab67597d
ubi8/python-311@sha256:f9e2d00dd58ac5d84cbf0dd9ba7dc8c17eee8d08fd83cf1f0344a01fab67597d
rhel8/python-36@sha256:7fdbc41f74aec9e80893f6340083d8964009f3d13e3711d22267de30685f01d2
ubi8/python-36@sha256:7fdbc41f74aec9e80893f6340083d8964009f3d13e3711d22267de30685f01d2
ubi8/python-39@sha256:5327c3566942b9ad9281d4c0db34a2e9939723a4ea0d228604a781123c9feacd
rhel8/python-39@sha256:5327c3566942b9ad9281d4c0db34a2e9939723a4ea0d228604a781123c9feacd
ubi8/ruby-25@sha256:ea79636460384f9e7ec04f2299cf61887f67c452c2b7254badf9c10b751d5dee
rhel8/ruby-25@sha256:ea79636460384f9e7ec04f2299cf61887f67c452c2b7254badf9c10b751d5dee
ubi8/ruby-30@sha256:0bfcd6a1e286b6935728a9151a7031a69f3fcc76363004d19e4be2b18cd00487
rhel8/ruby-30@sha256:0bfcd6a1e286b6935728a9151a7031a69f3fcc76363004d19e4be2b18cd00487
ubi8/ruby-31@sha256:74b00425521d6270d85e3bbb23313b723ca9bd17b561fb88744978a6bbc559c7
rhel8/ruby-31@sha256:74b00425521d6270d85e3bbb23313b723ca9bd17b561fb88744978a6bbc559c7
rhel8/s2i-base@sha256:ce1bb1450b55fe41e34fdcdd82e761db0b3ff86357670e401879b8c4552c67b6
ubi8/s2i-base@sha256:ce1bb1450b55fe41e34fdcdd82e761db0b3ff86357670e401879b8c4552c67b6

s390x

rhel8/nodejs-20@sha256:8261492aeaced80f4dfe4dd384a636cd81f9411f06b3beb4e22ff0803275e91e
ubi8/nodejs-20@sha256:8261492aeaced80f4dfe4dd384a636cd81f9411f06b3beb4e22ff0803275e91e
ubi8/nodejs-20-minimal@sha256:a32f908921dfe09f264f6d4996340717012f1127f08b4076fc5fe713117c40b9
rhel8/nodejs-20-minimal@sha256:a32f908921dfe09f264f6d4996340717012f1127f08b4076fc5fe713117c40b9
rhel8/perl-526@sha256:8ec6e215be2f72ae903b0cb2e4ae83d716723758ffb96a6f30b2b94778ee2902
ubi8/perl-526@sha256:8ec6e215be2f72ae903b0cb2e4ae83d716723758ffb96a6f30b2b94778ee2902
rhel8/perl-532@sha256:4684660d2181e45903c509644a227092308610c6b091cb85068cd1789f244033
ubi8/perl-532@sha256:4684660d2181e45903c509644a227092308610c6b091cb85068cd1789f244033
rhel8/php-74@sha256:e49314abdd68466bc6f1571a6004731f0644fb6c30d6d3879b1ff82849398769
ubi8/php-74@sha256:e49314abdd68466bc6f1571a6004731f0644fb6c30d6d3879b1ff82849398769
ubi8/php-80@sha256:7f4ef3dbb009f966bfc309ff36d02aa9f248a3bbd9fcec7acaa135ef8bcc40c1
rhel8/php-80@sha256:7f4ef3dbb009f966bfc309ff36d02aa9f248a3bbd9fcec7acaa135ef8bcc40c1
rhel8/python-27@sha256:e95556c309cb0f484457987adb6a2863f2137f898714cb1f0610007c359603c8
ubi8/python-27@sha256:e95556c309cb0f484457987adb6a2863f2137f898714cb1f0610007c359603c8
rhel8/python-311@sha256:386f338cacca998dcd84436a2d7f7280c2d26dd754b8f829f7ec83e3a7e12b95
ubi8/python-311@sha256:386f338cacca998dcd84436a2d7f7280c2d26dd754b8f829f7ec83e3a7e12b95
rhel8/python-36@sha256:28855e6cbcf7172670a0227fa7dfca0ee4dec792dbadc83311788adb418d62b3
ubi8/python-36@sha256:28855e6cbcf7172670a0227fa7dfca0ee4dec792dbadc83311788adb418d62b3
ubi8/python-39@sha256:a03998165fd88725e950041190b10321c216af51cfdb5e38775b5348b4ee9552
rhel8/python-39@sha256:a03998165fd88725e950041190b10321c216af51cfdb5e38775b5348b4ee9552
ubi8/ruby-25@sha256:40c6531878e2e6fe3a3545114243ae01a155d83361142cfd9cff208dfaebc860
rhel8/ruby-25@sha256:40c6531878e2e6fe3a3545114243ae01a155d83361142cfd9cff208dfaebc860
ubi8/ruby-30@sha256:36109bd747d9dbc377e0efbc293db3fac229ed5ba093350bb51cf9b81933cbc2
rhel8/ruby-30@sha256:36109bd747d9dbc377e0efbc293db3fac229ed5ba093350bb51cf9b81933cbc2
ubi8/ruby-31@sha256:abbdc0d3f377d62148a6451071af5f251666ffc5a3ff9c182e1d804841dbd64f
rhel8/ruby-31@sha256:abbdc0d3f377d62148a6451071af5f251666ffc5a3ff9c182e1d804841dbd64f
rhel8/s2i-base@sha256:9dc004f10f2c2831ed0fbbefa7a61f70f130bcb443e44ae8011f0619618366c1
ubi8/s2i-base@sha256:9dc004f10f2c2831ed0fbbefa7a61f70f130bcb443e44ae8011f0619618366c1

x86_64

rhel8/nodejs-20@sha256:a2de9783f9eb3983079ed07613aecde1011384b0b61a91a0c9caf8bdc80af89f
ubi8/nodejs-20@sha256:a2de9783f9eb3983079ed07613aecde1011384b0b61a91a0c9caf8bdc80af89f
ubi8/nodejs-20-minimal@sha256:8862f31a275a75973cf617fe2203caadecd17ddfaba7f79292f8ff46f5bc9c02
rhel8/nodejs-20-minimal@sha256:8862f31a275a75973cf617fe2203caadecd17ddfaba7f79292f8ff46f5bc9c02
rhel8/perl-526@sha256:959d5b07ada3ac23cf1b9dc5037e64b4ec20313160152c1c99ea56330fb08618
ubi8/perl-526@sha256:959d5b07ada3ac23cf1b9dc5037e64b4ec20313160152c1c99ea56330fb08618
rhel8/perl-532@sha256:5262159379a7e119b513eb2de4bbcfeaedf2d3086bb45578befcf2b92196cd3a
ubi8/perl-532@sha256:5262159379a7e119b513eb2de4bbcfeaedf2d3086bb45578befcf2b92196cd3a
rhel8/php-74@sha256:c36fdca2f16f2b4e29029c08e13e52de0cb2f808d26f037d5fb9f9f3d867440d
ubi8/php-74@sha256:c36fdca2f16f2b4e29029c08e13e52de0cb2f808d26f037d5fb9f9f3d867440d
ubi8/php-80@sha256:65c3daa0982a2204ca9e8a6a416458b57f3aa42aaee8dd75dffe63e01f926377
rhel8/php-80@sha256:65c3daa0982a2204ca9e8a6a416458b57f3aa42aaee8dd75dffe63e01f926377
rhel8/python-27@sha256:48068a0a99b87625ec4052d49b1527e7d6a88a6d5ac9f343e8d6c538e760fa21
ubi8/python-27@sha256:48068a0a99b87625ec4052d49b1527e7d6a88a6d5ac9f343e8d6c538e760fa21
rhel8/python-311@sha256:be10c7db61bddd57654c9e66c3ab07a2c83eeac7f490f7b826f852d61510d916
ubi8/python-311@sha256:be10c7db61bddd57654c9e66c3ab07a2c83eeac7f490f7b826f852d61510d916
rhel8/python-36@sha256:97455f65f3442e833caaf654d6f7b60dd1831f49f0fa52190a16e09dcaf5c0a0
ubi8/python-36@sha256:97455f65f3442e833caaf654d6f7b60dd1831f49f0fa52190a16e09dcaf5c0a0
ubi8/python-39@sha256:21722c91c1e496e00fe97caf9876d45c3d6d36801cbb3465b2223e22b0b8b131
rhel8/python-39@sha256:21722c91c1e496e00fe97caf9876d45c3d6d36801cbb3465b2223e22b0b8b131
ubi8/ruby-25@sha256:a31e8437b82e131b65a1abee895dffa90524ac1cd8e1fe5feea5b3c122185f16
rhel8/ruby-25@sha256:a31e8437b82e131b65a1abee895dffa90524ac1cd8e1fe5feea5b3c122185f16
ubi8/ruby-30@sha256:3b80a6d291b1b2ba8323765c8b7c772e7d1eea6258ec10f2945466c7100b0fe2
rhel8/ruby-30@sha256:3b80a6d291b1b2ba8323765c8b7c772e7d1eea6258ec10f2945466c7100b0fe2
ubi8/ruby-31@sha256:1107c7133e61bc56629a49ab2e0ff121570b63b35d5955d55205746b73c8adba
rhel8/ruby-31@sha256:1107c7133e61bc56629a49ab2e0ff121570b63b35d5955d55205746b73c8adba
rhel8/s2i-base@sha256:0d5dc904975b8061372a0df6264c6b09de0bf683c7d52d80c46c8e1266797736
ubi8/s2i-base@sha256:0d5dc904975b8061372a0df6264c6b09de0bf683c7d52d80c46c8e1266797736

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.