Red Hat Product Errata RHBA-2024:6299 - Bug Fix Advisory
Issued:
2024-09-04
Updated:
2024-09-04

RHBA-2024:6299 - Bug Fix Advisory

Synopsis

updated el9/flatpak-sdk container image

Type/Severity

Bug Fix Advisory

Topic

Updated el9/flatpak-sdk container image is now available for Red Hat Enterprise Linux 9.

Description

The el9/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 9 to address the following security advisory: RHSA-2024:5928 (see References)

Users of el9/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 9 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2265185 - CVE-2024-26581 kernel: nftables: nft_set_rbtree skip end interval element from gc
  • BZ - 2272797 - CVE-2024-26668 kernel: netfilter: nft_limit: reject configurations that cause integer overflow
  • BZ - 2273654 - CVE-2024-26810 kernel: vfio/pci: Lock external INTx masking ops
  • BZ - 2275742 - CVE-2024-26855 kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
  • BZ - 2275744 - CVE-2024-26908 kernel: x86/xen: Add some null pointer checking to smp.c
  • BZ - 2277166 - CVE-2024-26925 kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
  • BZ - 2278256 - CVE-2024-27020 kernel: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
  • BZ - 2278258 - CVE-2024-27019 kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
  • BZ - 2278264 - CVE-2024-27016 kernel: netfilter: flowtable: validate pppoe header
  • BZ - 2281101 - CVE-2024-27415 kernel: netfilter: bridge: confirm multicast packets before passing them up the stack
  • BZ - 2281284 - CVE-2024-35839 kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info
  • BZ - 2281669 - CVE-2024-35898 kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
  • BZ - 2281672 - CVE-2024-35897 kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
  • BZ - 2281675 - CVE-2024-35896 kernel: netfilter: validate user input for expected length
  • BZ - 2281916 - CVE-2024-35962 kernel: netfilter: complete validation of user input
  • BZ - 2281958 - CVE-2024-36003 kernel: ice: fix LAG and VF lock dependency in ice_reset_vf()
  • BZ - 2282720 - CVE-2023-52771 kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race
  • BZ - 2283468 - CVE-2023-52880 kernel: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
  • BZ - 2284421 - CVE-2024-36025 kernel: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
  • BZ - 2293356 - CVE-2024-38608 kernel: net/mlx5e: Fix netif state handling
  • BZ - 2293414 - CVE-2024-38579 kernel: crypto: bcm - Fix pointer arithmetic
  • BZ - 2293455 - CVE-2024-38544 kernel: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
  • BZ - 2293459 - CVE-2024-38540 kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
  • BZ - 2293461 - CVE-2024-38538 kernel: net: bridge: xmit: make sure we have at least eth header len bytes
  • BZ - 2295914 - CVE-2024-39476 kernel: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
  • BZ - 2297489 - CVE-2024-40905 kernel: ipv6: fix possible race in __fib6_drop_pcpu_from()
  • BZ - 2297495 - CVE-2024-40911 kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station
  • BZ - 2297496 - CVE-2024-40912 kernel: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
  • BZ - 2297498 - CVE-2024-40914 kernel: mm/huge_memory: don't unpoison huge_zero_folio
  • BZ - 2297513 - CVE-2024-40929 kernel: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
  • BZ - 2297523 - CVE-2024-40939 kernel: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
  • BZ - 2297525 - CVE-2024-40941 kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation
  • BZ - 2297541 - CVE-2024-40957 kernel: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
  • BZ - 2297562 - CVE-2024-40978 kernel: scsi: qedi: Fix crash while reading debugfs attribute
  • BZ - 2297567 - CVE-2024-40983 kernel: tipc: force a dst refcount before doing decryption
  • BZ - 2299240 - CVE-2024-41090 kernel: virtio-net: tap: mlx5_core short frame denial of service
  • BZ - 2299336 - CVE-2024-41091 kernel: virtio-net: tun: mlx5_core short frame denial of service
  • BZ - 2300410 - CVE-2024-41041 kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()
  • BZ - 2300453 - CVE-2024-41076 kernel: NFSv4: Fix memory leak in nfs4_set_security_label
  • BZ - 2301473 - CVE-2024-42110 kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
  • BZ - 2301519 - CVE-2024-42152 kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment

x86_64

rhel9/flatpak-sdk@sha256:76691decfc8b11c85ee464cf657b892a369dce06d3b37dea6163259741929714

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.