- Issued:
- 2024-08-15
- Updated:
- 2024-08-15
RHBA-2024:5464 - Bug Fix Advisory
Synopsis
updated el9/flatpak-sdk container image
Type/Severity
Bug Fix Advisory
Topic
Updated el9/flatpak-sdk container image is now available for Red Hat Enterprise Linux 9.
Description
The el9/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 9 to address the following security advisory: RHSA-2024:5363 (see References)
Users of el9/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Solution
The Red Hat Enterprise Linux 9 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
- Red Hat Enterprise Linux Server - AUS 9.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
- Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
Fixes
- BZ - 2265838 - CVE-2024-26600 kernel: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
- BZ - 2273405 - CVE-2024-26808 kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
- BZ - 2275600 - CVE-2024-26828 kernel: cifs: fix underflow in parse_server_interfaces()
- BZ - 2275655 - CVE-2024-26897 kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
- BZ - 2275715 - CVE-2024-26868 kernel: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
- BZ - 2275748 - CVE-2024-26853 kernel: igc: avoid returning frame twice in XDP_REDIRECT
- BZ - 2278380 - CVE-2024-27065 kernel: netfilter: nf_tables: do not compare internal table flags on updates
- BZ - 2278417 - CVE-2024-27052 kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
- BZ - 2278429 - CVE-2024-27049 kernel: wifi: mt76: mt7925e: fix use-after-free in free_irq()
- BZ - 2278519 - CVE-2023-52651 kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
- BZ - 2278989 - CVE-2024-21823 kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
- BZ - 2281057 - CVE-2024-35789 kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
- BZ - 2281097 - CVE-2024-27417 kernel: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
- BZ - 2281133 - CVE-2024-27434 kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
- BZ - 2281190 - CVE-2024-35823 kernel: vt: fix unicode buffer corruption when deleting characters
- BZ - 2281237 - CVE-2024-35800 kernel: efi: fix panic in kdump kernel
- BZ - 2281257 - CVE-2024-35852 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
- BZ - 2281265 - CVE-2024-35848 kernel: eeprom: at24: fix memory corruption race condition
- BZ - 2281272 - CVE-2024-35845 kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination
- BZ - 2281639 - CVE-2024-35911 kernel: ice: fix memory corruption bug with suspend and rebuild
- BZ - 2281667 - CVE-2024-35899 kernel: netfilter: nf_tables: flush pending destroy work before exit_net release
- BZ - 2281821 - CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully
- BZ - 2281900 - CVE-2024-35969 kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
- BZ - 2281949 - CVE-2024-36005 kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
- BZ - 2282719 - CVE-2023-52864 kernel: platform/x86: wmi: Fix opening of char device
- BZ - 2284400 - CVE-2024-36020 kernel: i40e: fix vf may be used uninitialized in this function warning
- BZ - 2284417 - CVE-2024-36017 kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
- BZ - 2284474 - CVE-2024-36941 kernel: wifi: nl80211: don't free NULL coalescing rule
- BZ - 2284496 - CVE-2024-36929 kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs
- BZ - 2284511 - CVE-2024-36922 kernel: wifi: iwlwifi: read txq->read_ptr under lock
- BZ - 2284513 - CVE-2024-36921 kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal
- BZ - 2284543 - CVE-2024-36903 kernel: ipv6: Fix potential uninit-value access in __ip6_make_skb()
- BZ - 2292331 - CVE-2024-36971 kernel: net: UAF in network route management
- BZ - 2293208 - CVE-2021-47606 kernel: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
- BZ - 2293418 - CVE-2024-38575 kernel: wifi: brcmfmac: pcie: handle randbuf allocation failure
- BZ - 2293441 - CVE-2024-38558 kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6
- BZ - 2293657 - CVE-2024-33621 kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
- BZ - 2293658 - CVE-2024-37356 kernel: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
- BZ - 2293686 - CVE-2024-37353 kernel: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
- BZ - 2293687 - CVE-2024-36489 kernel: tls: fix missing memory barrier in tls_init
- BZ - 2293688 - CVE-2024-38391 kernel: cxl/region: Fix cxlr_pmem leaks
- BZ - 2297056 - CVE-2024-39487 kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
- BZ - 2297512 - CVE-2024-40928 kernel: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
- BZ - 2297538 - CVE-2024-40954 kernel: net: do not leave a dangling sk pointer, when socket creation fails
- BZ - 2297542 - CVE-2024-40958 kernel: netns: Make get_net_ns() handle zero refcount net
- BZ - 2297545 - CVE-2024-40961 kernel: ipv6: prevent possible NULL deref in fib6_nh_init()
CVEs
- CVE-2021-47606
- CVE-2023-52651
- CVE-2023-52864
- CVE-2024-21823
- CVE-2024-26600
- CVE-2024-26808
- CVE-2024-26828
- CVE-2024-26853
- CVE-2024-26868
- CVE-2024-26897
- CVE-2024-27049
- CVE-2024-27052
- CVE-2024-27065
- CVE-2024-27417
- CVE-2024-27434
- CVE-2024-33621
- CVE-2024-35789
- CVE-2024-35800
- CVE-2024-35823
- CVE-2024-35845
- CVE-2024-35848
- CVE-2024-35852
- CVE-2024-35899
- CVE-2024-35911
- CVE-2024-35937
- CVE-2024-35969
- CVE-2024-36005
- CVE-2024-36017
- CVE-2024-36020
- CVE-2024-36489
- CVE-2024-36903
- CVE-2024-36921
- CVE-2024-36922
- CVE-2024-36929
- CVE-2024-36941
- CVE-2024-36971
- CVE-2024-37353
- CVE-2024-37356
- CVE-2024-38391
- CVE-2024-38558
- CVE-2024-38575
- CVE-2024-39487
- CVE-2024-40928
- CVE-2024-40954
- CVE-2024-40958
- CVE-2024-40961
x86_64
| rhel9/flatpak-sdk@sha256:7ccc0acc427bd2084986b89ecbd3f875ce03413ea781ca0b1c63d0dee8541332 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
