Red Hat Product Errata RHBA-2024:7631 - Bug Fix Advisory
Issued:
2024-10-03
Updated:
2024-10-03

RHBA-2024:7631 - Bug Fix Advisory

Synopsis

Updated rhel8/toolbox container image

Type/Severity

Bug Fix Advisory

Topic

An updated rhel8/toolbox container image is now available in the Red Hat container registry.

Description

The rhel8/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI.

To pull this container image, run one of the following commands:

podman pull registry.redhat.io/rhel8/toolbox (authenticated)
podman pull registry.access.redhat.com/ubi8/toolbox (unauthenticated)

Solution

The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the "podman pull" command.

For more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2280296 - CVE-2024-30203 emacs: Gnus treats inline MIME contents as trusted
  • BZ - 2280298 - CVE-2024-30205 emacs: Org mode considers contents of remote files to be trusted
  • BZ - 2292921 - CVE-2024-4032 python: incorrect IPv4 and IPv6 private ranges
  • BZ - 2293942 - CVE-2024-39331 emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
  • BZ - 2302255 - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
  • BZ - 2308615 - CVE-2024-45490 libexpat: Negative Length Parsing Vulnerability in libexpat
  • BZ - 2308616 - CVE-2024-45491 libexpat: Integer Overflow or Wraparound
  • BZ - 2308617 - CVE-2024-45492 libexpat: integer overflow
  • BZ - 2309426 - CVE-2024-6232 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
  • RHEL-48605 - Fedora 40+ mock cannot bootstrap RHEL 8 chroots: nothing provides /usr/libexec/platform-python needed by python3-dnf

aarch64

rhel8/toolbox@sha256:2a003e28bf58d3b020950961b71ab1937fe806fa8e4746a5effa5ef13e7e1de1
ubi8/toolbox@sha256:2a003e28bf58d3b020950961b71ab1937fe806fa8e4746a5effa5ef13e7e1de1

ppc64le

rhel8/toolbox@sha256:f9910b5335b4ff9989e8992a5e0c31d6a0ee83248fe41adaa0d00b16b02e8a79
ubi8/toolbox@sha256:f9910b5335b4ff9989e8992a5e0c31d6a0ee83248fe41adaa0d00b16b02e8a79

s390x

rhel8/toolbox@sha256:43bef04d620ad08e7808634eb25d8862ab6473df67060977ac8cd990d91a0462
ubi8/toolbox@sha256:43bef04d620ad08e7808634eb25d8862ab6473df67060977ac8cd990d91a0462

x86_64

rhel8/toolbox@sha256:d806cf6294bcb32e6118e8d7665f1be21924babcc2298e1f8b1cfa5631fdd059
ubi8/toolbox@sha256:d806cf6294bcb32e6118e8d7665f1be21924babcc2298e1f8b1cfa5631fdd059

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.