Red Hat Product Errata RHBA-2024:3548 - Bug Fix Advisory
Issued:
2024-06-03
Updated:
2024-06-03

RHBA-2024:3548 - Bug Fix Advisory

Synopsis

updated Cryostat 2 on RHEL 8 container images

Type/Severity

Bug Fix Advisory

Topic

Updated Cryostat 2 on RHEL 8 container images are now available

Description

The Cryostat 2 on RHEL 8 container images have been updated to address the following security advisories: RHSA-2024:3344, RHSA-2024:3347 (see References)

Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Cryostat 2 on RHEL 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Cryostat 2 x86_64

Fixes

  • BZ - 2276518 - CVE-2023-6597 python: Path traversal on tempfile.TemporaryDirectory
  • BZ - 2276525 - CVE-2024-0450 python: The zipfile module is vulnerable to zip-bombs leading to denial of service
  • BZ - 2277202 - CVE-2024-33599 glibc: stack-based buffer overflow in netgroup cache
  • BZ - 2277204 - CVE-2024-33600 glibc: null pointer dereferences after failed netgroup cache insertion
  • BZ - 2277205 - CVE-2024-33601 glibc: netgroup cache may terminate daemon on memory allocation failure
  • BZ - 2277206 - CVE-2024-33602 glibc: netgroup cache assumes NSS callback uses in-buffer strings

aarch64

cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:a30e602ed5c18200278ad0295f13aacc6347bc3623fdd8ade92eb4db258dc016
cryostat-tech-preview/cryostat-operator-bundle@sha256:ce660e8073ece3378cdcbcc6374619b2e9c9547412372d61165e61812dffd7df
cryostat-tech-preview/cryostat-reports-rhel8@sha256:8698041d139ad66c7b22c106e94312cfc7ecfb99c673e4db020c6b71d4b33b07
cryostat-tech-preview/cryostat-rhel8@sha256:bd6ac7a7280eef8efe64b53e9f42d9ccfceab287c8f44f51abf3f812d49cb527
cryostat-tech-preview/cryostat-rhel8-operator@sha256:49a78902fb019bd12310a2eefbd16fa3ba3aea6e2e8e2043bd001692f363ff84
cryostat-tech-preview/jfr-datasource-rhel8@sha256:b4b269e66ace0dd03c434ed7895b954a96dbce4a238bf4aac06790c0201be968

x86_64

cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce6395f5721140a7597b7d2d7043402859d4282503c6bf8c04f0238aa824c23a
cryostat-tech-preview/cryostat-operator-bundle@sha256:3d7d57bf8f245e1314df1bfc5ff971e245da0ab01da8dbf86d6705e9797cbfdf
cryostat-tech-preview/cryostat-reports-rhel8@sha256:68991f12601cf5f17a4965ae8f5ae61d91d435c98cb982774ed5d5439f817a56
cryostat-tech-preview/cryostat-rhel8@sha256:17a36f5a53dfb62bbbffdd2d80576945e8e66353a33aff56fd7f5f5c653dd51d
cryostat-tech-preview/cryostat-rhel8-operator@sha256:81a49775927a3532eff39a6b2a09c9cf1dc045b0a563f50584176ee4495ee047
cryostat-tech-preview/jfr-datasource-rhel8@sha256:7362c70ace0b355d28ba253eedd1adbdeb1d6729ed30b960a4cac4e2c9f6d906

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.