RHBA-2024:5114 - Bug Fix Advisory

Topic

Updated el9/flatpak-sdk container image is now available for Red Hat Enterprise Linux 9.

Description

The el9/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 9 to address the following security advisory: RHSA-2024:4928 (see References)

Users of el9/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 9 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat Enterprise Linux for x86_64 9 x86_64
• Red Hat Enterprise Linux for IBM z Systems 9 s390x
• Red Hat Enterprise Linux for Power, little endian 9 ppc64le
• Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

• BZ - 2265794 - CVE-2023-52458 kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned
• BZ - 2273236 - CVE-2024-26773 kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
• BZ - 2273274 - CVE-2024-26737 kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
• BZ - 2275690 - CVE-2024-26880 kernel: dm: call the resume method on internal suspend
• BZ - 2275761 - CVE-2024-26852 kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
• BZ - 2278337 - CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero
• BZ - 2278435 - CVE-2024-27046 kernel: nfp: flower: handle acti_netdevs allocation failure
• BZ - 2278473 - CVE-2024-27030 kernel: octeontx2-af: Use separate handlers for interrupts
• BZ - 2281247 - CVE-2024-35857 kernel: icmp: prevent possible NULL dereferences from icmp_build_probe()
• BZ - 2281647 - CVE-2024-35907 kernel: mlxbf_gige: call request_irq() after NAPI initialized
• BZ - 2281700 - CVE-2024-35885 kernel: mlxbf_gige: stop interface during shutdown
• BZ - 2282669 - CVE-2023-52809 kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
• BZ - 2282898 - CVE-2021-47459 kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
• BZ - 2284506 - CVE-2024-36924 kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
• BZ - 2284598 - CVE-2024-36952 kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
• BZ - 2293316 - CVE-2022-48743 kernel: net: amd-xgbe: Fix skb data length underflow
• BZ - 2293412 - CVE-2024-38580 kernel: epoll: be better about file lifetimes

CVEs

• CVE-2021-47459
• CVE-2022-48743
• CVE-2023-52458
• CVE-2023-52809
• CVE-2024-4032
• CVE-2024-24806
• CVE-2024-26737
• CVE-2024-26773
• CVE-2024-26852
• CVE-2024-26880
• CVE-2024-26982
• CVE-2024-27030
• CVE-2024-27046
• CVE-2024-35235
• CVE-2024-35857
• CVE-2024-35885
• CVE-2024-35907
• CVE-2024-36924
• CVE-2024-36952
• CVE-2024-38580

References

• https://access.redhat.com/errata/RHSA-2024:4928
• https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/el9/flatpak-sdk