- Issued:
- 2024-06-20
- Updated:
- 2024-06-20
RHBA-2024:3990 - Bug Fix Advisory
Synopsis
updated RHOSE ASYNC - AUTO container images
Type/Severity
Bug Fix Advisory
Topic
Updated RHOSE ASYNC - AUTO container images are now available
Description
The RHOSE ASYNC - AUTO container images have been updated to address the following security advisory: RHSA-2024:3618 (see References)
Users of RHOSE ASYNC - AUTO container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Solution
The RHOSE ASYNC - AUTO container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
Fixes
- BZ - 2250843 - CVE-2023-6240 kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
- BZ - 2257406 - CVE-2024-0340 kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()
- BZ - 2263875 - CVE-2024-25744 kernel: untrusted VMM can trigger int80 syscall handling
- BZ - 2265271 - CVE-2023-52439 kernel: uio: Fix use-after-free in uio_open
- BZ - 2265646 - CVE-2024-26593 kernel: i2c: i801: Fix block process call transactions
- BZ - 2265654 - CVE-2023-52445 kernel: pvrusb2: fix use after free on context disconnection
- BZ - 2265833 - CVE-2024-26603 kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever
- BZ - 2266296 - CVE-2019-25162 kernel: use after free in i2c
- BZ - 2266446 - CVE-2021-46934 kernel: i2c: validate user data in compat ioctl
- BZ - 2266746 - CVE-2020-36777 kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()
- BZ - 2266841 - CVE-2021-47013 kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
- BZ - 2267038 - CVE-2023-52477 kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors
- BZ - 2267185 - CVE-2021-47055 kernel: mtd: require write permissions for locking and badblock ioctls
- BZ - 2267355 - CVE-2024-26615 kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump
- BZ - 2267509 - CVE-2022-48627 kernel: vt: fix memory overlapping when deleting chars in the buffer
- BZ - 2267705 - CVE-2024-23307 kernel: Integer Overflow in raid5_cache_count
- BZ - 2267724 - CVE-2023-52565 kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu()
- BZ - 2267758 - CVE-2023-52578 kernel: net: bridge: data races indata-races in br_handle_frame_finish()
- BZ - 2267789 - CVE-2023-52528 kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
- BZ - 2267797 - CVE-2023-52520 kernel: platform/x86: think-lmi: Fix reference leak
- BZ - 2267804 - CVE-2023-52513 kernel: RDMA/siw: Fix connection failure handling
- BZ - 2268291 - CVE-2023-52607 kernel: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
- BZ - 2268293 - CVE-2023-52606 kernel: powerpc/lib: Validate size for vector operations
- BZ - 2268309 - CVE-2023-52598 kernel: s390/ptrace: handle setting of fpc register correctly
- BZ - 2268315 - CVE-2023-52595 kernel: wifi: rt2x00: restart beacon queue when hardware reset
- BZ - 2268317 - CVE-2023-52594 kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
- BZ - 2269213 - CVE-2024-26610 kernel: wifi: iwlwifi: fix a memory corruption
- BZ - 2269856 - CVE-2021-47118 kernel: pid: take a reference when initializing `cad_pid`
- BZ - 2270080 - CVE-2023-52610 kernel: net/sched: act_ct: fix skb leak and crash on ooo frags
- BZ - 2270879 - CVE-2024-26643 kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
- BZ - 2270881 - CVE-2024-26642 kernel: netfilter: nf_tables: disallow anonymous set with timeout flag
- BZ - 2271469 - CVE-2021-47171 kernel: net: usb: fix memory leak in smsc75xx_bind
- BZ - 2271476 - CVE-2021-47153 kernel: i2c: i801: Don't generate an interrupt on bus reset
- BZ - 2272780 - CVE-2024-26659 kernel: xhci: handle isoc Babble and Buffer Overrun events properly
- BZ - 2272791 - CVE-2024-26664 kernel: hwmon: (coretemp) Fix out-of-bounds memory access
- BZ - 2273092 - CVE-2024-26694 kernel: wifi: iwlwifi: fix double-free bug
- BZ - 2273094 - CVE-2024-26693 kernel: wifi: iwlwifi: mvm: fix a crash when we run out of stations
- BZ - 2273223 - CVE-2024-26779 kernel: wifi: mac80211: fix race condition on enabling fast-xmit
- BZ - 2273260 - CVE-2024-26744 kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter
- BZ - 2273262 - CVE-2024-26743 kernel: RDMA/qedr: Fix qedr_create_user_qp error flow
- BZ - 2274624 - CVE-2021-47185 kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
- BZ - 2275645 - CVE-2024-26901 kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
- BZ - 2275655 - CVE-2024-26897 kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
- BZ - 2275666 - CVE-2024-26892 kernel: wifi: mt76: mt7921e: fix use-after-free in free_irq()
- BZ - 2275707 - CVE-2024-26872 kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup
- BZ - 2275777 - CVE-2024-26919 kernel: usb: ulpi: Fix debugfs directory leak
- BZ - 2278169 - CVE-2024-26964 kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma
- BZ - 2278237 - CVE-2024-26934 kernel: USB: core: Fix deadlock in usb_deauthorize_interface()
- BZ - 2278240 - CVE-2024-26933 kernel: USB: core: Fix deadlock in port "disable" sysfs attribute
- BZ - 2278268 - CVE-2024-27014 kernel: net/mlx5e: Prevent deadlock while disabling aRFS
- BZ - 2278314 - CVE-2024-26993 kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection()
- BZ - 2278356 - CVE-2024-26973 kernel: fat: fix uninitialized field in nostale filehandles
- BZ - 2278398 - CVE-2024-27059 kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
- BZ - 2278409 - CVE-2024-27056 kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists
- BZ - 2278417 - CVE-2024-27052 kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
- BZ - 2278431 - CVE-2024-27048 kernel: wifi: brcm80211: handle pmk_op allocation failure
- BZ - 2278537 - CVE-2022-48669 kernel: powerpc/pseries: Fix potential memleak in papr_get_attr()
CVEs
- CVE-2019-25162
- CVE-2020-36777
- CVE-2021-46934
- CVE-2021-47013
- CVE-2021-47055
- CVE-2021-47118
- CVE-2021-47153
- CVE-2021-47171
- CVE-2021-47185
- CVE-2022-48627
- CVE-2022-48669
- CVE-2023-6240
- CVE-2023-52439
- CVE-2023-52445
- CVE-2023-52477
- CVE-2023-52513
- CVE-2023-52520
- CVE-2023-52528
- CVE-2023-52565
- CVE-2023-52578
- CVE-2023-52594
- CVE-2023-52595
- CVE-2023-52598
- CVE-2023-52606
- CVE-2023-52607
- CVE-2023-52610
- CVE-2024-0340
- CVE-2024-23307
- CVE-2024-25744
- CVE-2024-26593
- CVE-2024-26603
- CVE-2024-26610
- CVE-2024-26615
- CVE-2024-26642
- CVE-2024-26643
- CVE-2024-26659
- CVE-2024-26664
- CVE-2024-26693
- CVE-2024-26694
- CVE-2024-26743
- CVE-2024-26744
- CVE-2024-26779
- CVE-2024-26872
- CVE-2024-26892
- CVE-2024-26897
- CVE-2024-26901
- CVE-2024-26919
- CVE-2024-26933
- CVE-2024-26934
- CVE-2024-26964
- CVE-2024-26973
- CVE-2024-26993
- CVE-2024-27014
- CVE-2024-27048
- CVE-2024-27052
- CVE-2024-27056
- CVE-2024-27059
x86_64
| openshift4/dpdk-base-rhel8@sha256:4cbca0b6b05b1b3dea320279eb49d52ea57eff0e7780d31cdbfae250e3f27ca0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
