Red Hat 製品エラータ RHBA-2024:7754 - Bug Fix Advisory
発行日:
2024-10-07
更新日:
2024-10-07

RHBA-2024:7754 - Bug Fix Advisory

概要

Updated rhel8/flatpak-runtime and rhel8/flatpak-sdk container images update

タイプ/重大度

Bug Fix Advisory

トピック

Updated rhel8/flatpak-runtime and rhel8/flatpak-sdk container images are now available in the Red Hat container registry.

説明

Flatpak is a system for running graphical applications as containers. A Flatpak application has access to content from two container images - the application itself, and the runtime image. To build against a particular runtime image, a corresponding SDK image is used.

flatpak-runtime provides the runtime image and flatpak-sdk provides the SDK image.

解決策

To install and use Red Hat Enterprise Linux Flatpak content available in the the Red Hat Container Catalog, make sure that you have the latest version of the Flatpak client installed on your system:

yum update flatpak

After updating the Flatpak packages, add the Flatpak remote to your system. This enables the Flatpak client and gnome-software to find RHEL Flatpak content available on the Red Hat Container Catalog:

flatpak remote-add rhel https://flatpaks.redhat.io/rhel.flatpakrepo

Provide the credentials for your Red Hat Enterprise Linux account:

podman login registry.redhat.io

Podman only saves credentials until the user logs out. To save your credentials permanently, run:

cp $XDG_RUNTIME_DIR/containers/auth.json $HOME/.config/flatpak/oci-auth.json

To enable the RHEL Flatpak remote for a set of workstations within an organization, you should use a Registry Service Account. Credentials can be installed system-wide at /etc/flatpak/oci-auth.json.

Then, you can install the runtime and the SDK:

flatpak install rhel com.redhat.Platform//el8
flatpak install rhel com.redhat.Sdk//el8

Generally, you do not need to install the runtime explicitly. It is installed along with an application that uses it.

If you have previously installed the runtime or SDK, you can update to the latest version by running:

flatpak update

The SDK is used by using flatpak-builder with a manifest that includes:

{
[...]
"runtime": "com.redhat.Platform",
"runtime-version": "el8",
"sdk": "com.redhat.Sdk",
}

For more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.

影響を受ける製品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

修正

  • BZ - 2280296 - CVE-2024-30203 emacs: Gnus treats inline MIME contents as trusted
  • BZ - 2280298 - CVE-2024-30205 emacs: Org mode considers contents of remote files to be trusted
  • BZ - 2292921 - CVE-2024-4032 python: incorrect IPv4 and IPv6 private ranges
  • BZ - 2293942 - CVE-2024-39331 emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
  • BZ - 2302255 - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
  • BZ - 2308615 - CVE-2024-45490 libexpat: Negative Length Parsing Vulnerability in libexpat
  • BZ - 2308616 - CVE-2024-45491 libexpat: Integer Overflow or Wraparound
  • BZ - 2308617 - CVE-2024-45492 libexpat: integer overflow
  • BZ - 2309426 - CVE-2024-6232 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
  • RHEL-48605 - Fedora 40+ mock cannot bootstrap RHEL 8 chroots: nothing provides /usr/libexec/platform-python needed by python3-dnf

CVE

x86_64

rhel8/flatpak-runtime@sha256:17a112da9bc3f2144590ff92cf9b0ff41880856b83e632c643097cc3b4054f74
rhel8/flatpak-sdk@sha256:fe063766963faa6b0741d0bd063695d4df4cd16c9779638e7e3cf5424962aa5d

Red Hat のセキュリティーに関する連絡先は secalert@redhat.com です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。