- Issued:
- 2024-10-03
- Updated:
- 2024-10-03
RHBA-2024:7631 - Bug Fix Advisory
Synopsis
Updated rhel8/toolbox container image
Type/Severity
Bug Fix Advisory
Topic
An updated rhel8/toolbox container image is now available in the Red Hat container registry.
Description
The rhel8/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI.
To pull this container image, run one of the following commands:
podman pull registry.redhat.io/rhel8/toolbox (authenticated)
podman pull registry.access.redhat.com/ubi8/toolbox (unauthenticated)
Solution
The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the "podman pull" command.
For more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2280296 - CVE-2024-30203 emacs: Gnus treats inline MIME contents as trusted
- BZ - 2280298 - CVE-2024-30205 emacs: Org mode considers contents of remote files to be trusted
- BZ - 2292921 - CVE-2024-4032 python: incorrect IPv4 and IPv6 private ranges
- BZ - 2293942 - CVE-2024-39331 emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
- BZ - 2302255 - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
- BZ - 2308615 - CVE-2024-45490 libexpat: Negative Length Parsing Vulnerability in libexpat
- BZ - 2308616 - CVE-2024-45491 libexpat: Integer Overflow or Wraparound
- BZ - 2308617 - CVE-2024-45492 libexpat: integer overflow
- BZ - 2309426 - CVE-2024-6232 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
- RHEL-48605 - Fedora 40+ mock cannot bootstrap RHEL 8 chroots: nothing provides /usr/libexec/platform-python needed by python3-dnf
CVEs
aarch64
rhel8/toolbox@sha256:2a003e28bf58d3b020950961b71ab1937fe806fa8e4746a5effa5ef13e7e1de1 |
ubi8/toolbox@sha256:2a003e28bf58d3b020950961b71ab1937fe806fa8e4746a5effa5ef13e7e1de1 |
ppc64le
rhel8/toolbox@sha256:f9910b5335b4ff9989e8992a5e0c31d6a0ee83248fe41adaa0d00b16b02e8a79 |
ubi8/toolbox@sha256:f9910b5335b4ff9989e8992a5e0c31d6a0ee83248fe41adaa0d00b16b02e8a79 |
s390x
rhel8/toolbox@sha256:43bef04d620ad08e7808634eb25d8862ab6473df67060977ac8cd990d91a0462 |
ubi8/toolbox@sha256:43bef04d620ad08e7808634eb25d8862ab6473df67060977ac8cd990d91a0462 |
x86_64
rhel8/toolbox@sha256:d806cf6294bcb32e6118e8d7665f1be21924babcc2298e1f8b1cfa5631fdd059 |
ubi8/toolbox@sha256:d806cf6294bcb32e6118e8d7665f1be21924babcc2298e1f8b1cfa5631fdd059 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.