Red Hat Product Errata RHBA-2024:9811 - Bug Fix Advisory
Issued:
2024-11-18
Updated:
2024-11-18

RHBA-2024:9811 - Bug Fix Advisory

Synopsis

updated integration/camel-k-rhel8-operator-bundle container image

Type/Severity

Bug Fix Advisory

Topic

Updated integration/camel-k-rhel8-operator-bundle container image is now available for RHEL-8 based Middleware Containers.

Description

The integration/camel-k-rhel8-operator-bundle container image has been updated for RHEL-8 based Middleware Containers to address the following security advisory: RHBA-2024:9635 (see References)

Users of integration/camel-k-rhel8-operator-bundle container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

  • BZ - 2266247 - CVE-2024-24857 kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set()
  • BZ - 2269183 - CVE-2023-52492 kernel: dmaengine: fix NULL pointer in channel unregistration function
  • BZ - 2275750 - CVE-2024-26851 kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range
  • BZ - 2277168 - CVE-2024-26924 kernel: netfilter: nft_set_pipapo: do not free live element
  • BZ - 2278262 - CVE-2024-27017 kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump
  • BZ - 2278350 - CVE-2024-26976 kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed
  • BZ - 2278387 - CVE-2024-27062 kernel: nouveau: lock the client object tree.
  • BZ - 2281284 - CVE-2024-35839 kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info
  • BZ - 2281669 - CVE-2024-35898 kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
  • BZ - 2281817 - CVE-2024-35939 kernel: dma-direct: Leak pages on dma_set_decrypted() failure
  • BZ - 2293356 - CVE-2024-38608 kernel: net/mlx5e: Fix netif state handling
  • BZ - 2293402 - CVE-2024-38586 kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets.
  • BZ - 2293458 - CVE-2024-38541 kernel: of: module: add buffer overflow check in of_modalias()
  • BZ - 2293459 - CVE-2024-38540 kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
  • BZ - 2297475 - CVE-2024-39503 kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
  • BZ - 2297508 - CVE-2024-40924 kernel: drm/i915/dpt: Make DPT object unshrinkable
  • BZ - 2297545 - CVE-2024-40961 kernel: ipv6: prevent possible NULL deref in fib6_nh_init()
  • BZ - 2297567 - CVE-2024-40983 kernel: tipc: force a dst refcount before doing decryption
  • BZ - 2297568 - CVE-2024-40984 kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
  • BZ - 2298109 - CVE-2022-48773 kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
  • BZ - 2298412 - CVE-2024-41009 kernel: bpf: Fix overrunning reservations in ringbuf
  • BZ - 2300412 - CVE-2024-41042 kernel: netfilter: nf_tables: prefer nft_chain_validate
  • BZ - 2300442 - CVE-2024-41066 kernel: ibmvnic: Add tx check to prevent skb leak
  • BZ - 2300487 - CVE-2024-41092 kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers
  • BZ - 2300488 - CVE-2024-41093 kernel: drm/amdgpu: avoid using null object of framebuffer
  • BZ - 2300508 - CVE-2024-42070 kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
  • BZ - 2300517 - CVE-2024-42079 kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush
  • BZ - 2307862 - CVE-2024-43889 kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()
  • BZ - 2307865 - CVE-2024-43892 kernel: memcg: protect concurrent access to mem_cgroup_idr
  • BZ - 2307892 - CVE-2024-44935 kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().
  • BZ - 2309852 - CVE-2024-44989 kernel: bonding: fix xfrm real_dev null pointer dereference
  • BZ - 2309853 - CVE-2024-44990 kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok
  • BZ - 2311715 - CVE-2024-45018 kernel: netfilter: flowtable: initialise extack before use
  • BZ - 2315178 - CVE-2024-46826 kernel: ELF: fix kernel.randomize_va_space double read
  • BZ - 2317601 - CVE-2024-47668 kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

CVEs

(none)

aarch64

integration/camel-k-rhel8-operator-bundle@sha256:a86199b15535e0400cd6f3fabd4eb4f4196155f4ac5956ff19a9f57861bd2dcc

ppc64le

integration/camel-k-rhel8-operator-bundle@sha256:402510de5262c9ffc8f11b45ae407f0705246f0b7f2ace3a300933a8199e6aac

s390x

integration/camel-k-rhel8-operator-bundle@sha256:c8cfb0bdefacf56b64b5e595a31ee5e3c8533b1386d082acc5674ca5f145b503

x86_64

integration/camel-k-rhel8-operator-bundle@sha256:d4f8893cd5794f8e8016f8545894b6d76c8420453cc0cf053d64acf931d0612c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.