Red Hat Product Errata RHBA-2024:9014 - Bug Fix Advisory
Issued:
2024-11-07
Updated:
2024-11-07

RHBA-2024:9014 - Bug Fix Advisory

Synopsis

updated el9/flatpak-sdk container image

Type/Severity

Bug Fix Advisory

Topic

Updated el9/flatpak-sdk container image is now available for Red Hat Enterprise Linux 9.

Description

The el9/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 9 to address the following security advisory: RHSA-2024:8617 (see References)

Users of el9/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 9 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2268118 - CVE-2024-2201 hw: cpu: intel: Native Branch History Injection (BHI)
  • BZ - 2270100 - CVE-2024-26640 kernel: tcp: add sanity checks to rx zerocopy
  • BZ - 2275604 - CVE-2024-26826 kernel: mptcp: fix data re-injection from stale subflow
  • BZ - 2277171 - CVE-2024-26923 kernel: af_unix: Fix garbage collector racing against connect()
  • BZ - 2278176 - CVE-2024-26961 kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del
  • BZ - 2278235 - CVE-2024-26935 kernel: scsi: core: Fix unremoved procfs host directory regression
  • BZ - 2282357 - CVE-2021-47383 kernel: tty: Fix out-of-bound vmalloc access in imageblit
  • BZ - 2293654 - CVE-2024-36244 kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too
  • BZ - 2296067 - CVE-2024-39472 kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup
  • BZ - 2297476 - CVE-2024-39504 kernel: netfilter: nft_inner: validate mandatory meta and payload
  • BZ - 2297488 - CVE-2024-40904 kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
  • BZ - 2297515 - CVE-2024-40931 kernel: mptcp: ensure snd_una is properly initialized on connect
  • BZ - 2297544 - CVE-2024-40960 kernel: ipv6: prevent possible NULL dereference in rt6_probe()
  • BZ - 2297556 - CVE-2024-40972 kernel: ext4: do not create EA inode under buffer lock
  • BZ - 2297561 - CVE-2024-40977 kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
  • BZ - 2297579 - CVE-2024-40995 kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
  • BZ - 2297582 - CVE-2024-40998 kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()
  • BZ - 2297589 - CVE-2024-41005 kernel: netpoll: Fix race condition in netpoll_owner_active
  • BZ - 2300296 - CVE-2024-41013 kernel: xfs: don't walk off the end of a directory data block
  • BZ - 2300297 - CVE-2024-41014 kernel: xfs: add bounds checking to xlog_recover_process_data
  • BZ - 2311715 - CVE-2024-45018 kernel: netfilter: flowtable: initialise extack before use

x86_64

rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.