Red Hat Product Errata RHSA-2024:10759 - Security Advisory
Issued:
2024-12-03
Updated:
2024-12-03

RHSA-2024:10759 - Security Advisory

Synopsis

Important: rhc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rhc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.

Security Fix(es):

  • go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

Red Hat Enterprise Linux for x86_64 9

SRPM
rhc-0.2.5-1.el9_5.src.rpm SHA-256: 61b2ab0c66d00b33185fb0650f4906f0c9f30e8831f82fa34ab4f59e3f884827
x86_64
rhc-0.2.5-1.el9_5.x86_64.rpm SHA-256: 1d4c0b5a668740197f3ab02b6142926cf45d18d2cb17219c5636d9ba1b8c74c2
rhc-debuginfo-0.2.5-1.el9_5.x86_64.rpm SHA-256: 8c6c90979ae39678e4d514e1c2bef420392b4c21d622f4094478ff77d2c809f9
rhc-debugsource-0.2.5-1.el9_5.x86_64.rpm SHA-256: 0e7ed5925b68d61bbb566bf794ded42bc11f5db74d8bb5c84799c20741ba9aed

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
rhc-0.2.5-1.el9_5.src.rpm SHA-256: 61b2ab0c66d00b33185fb0650f4906f0c9f30e8831f82fa34ab4f59e3f884827
s390x
rhc-0.2.5-1.el9_5.s390x.rpm SHA-256: 8be077f48714cf3037f9399e4744b2c891a2cf52cf97ffedf427f8ca0ab053aa
rhc-debuginfo-0.2.5-1.el9_5.s390x.rpm SHA-256: c8f64b026912b1e70c757f6c24b4fe39ea192ee29ecf1bb896534059dc1f4c38
rhc-debugsource-0.2.5-1.el9_5.s390x.rpm SHA-256: c8afd7691b1a281b9e0073a42b3192ef50e8aa8e1453ebae28e738051e1fa6be

Red Hat Enterprise Linux for Power, little endian 9

SRPM
rhc-0.2.5-1.el9_5.src.rpm SHA-256: 61b2ab0c66d00b33185fb0650f4906f0c9f30e8831f82fa34ab4f59e3f884827
ppc64le
rhc-0.2.5-1.el9_5.ppc64le.rpm SHA-256: bb47f190f6ed254a2ca4d780330de26aaf5314301c30d3f44fce7e9562938291
rhc-debuginfo-0.2.5-1.el9_5.ppc64le.rpm SHA-256: 5240297004c96b56c8c904e16950c28e79c10f57d7460f37ac808306e873a776
rhc-debugsource-0.2.5-1.el9_5.ppc64le.rpm SHA-256: 5ef4dbbe5c5733210a49751ab972293126f17eb565c6fc91d6c2eb734cc0ec00

Red Hat Enterprise Linux for ARM 64 9

SRPM
rhc-0.2.5-1.el9_5.src.rpm SHA-256: 61b2ab0c66d00b33185fb0650f4906f0c9f30e8831f82fa34ab4f59e3f884827
aarch64
rhc-0.2.5-1.el9_5.aarch64.rpm SHA-256: 78f73ac6c4544020ad236f0ce0be2c545fa57525d37747139f08a686e62b9041
rhc-debuginfo-0.2.5-1.el9_5.aarch64.rpm SHA-256: a1f4f8128e5b106ae2638386438c7bf167daf62009774d275d3d7f2e14b23f48
rhc-debugsource-0.2.5-1.el9_5.aarch64.rpm SHA-256: 0d75c119e7f55ba8853afe2f02e8c991ffd93381acb1b96d940b13dfc06b1b3c

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
rhc-debuginfo-0.2.5-1.el9_5.x86_64.rpm SHA-256: 8c6c90979ae39678e4d514e1c2bef420392b4c21d622f4094478ff77d2c809f9
rhc-debugsource-0.2.5-1.el9_5.x86_64.rpm SHA-256: 0e7ed5925b68d61bbb566bf794ded42bc11f5db74d8bb5c84799c20741ba9aed
rhc-devel-0.2.5-1.el9_5.x86_64.rpm SHA-256: ea602731079a527f4195118a4e75d2f070e200189bb0e2df53e307d532c00e04

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
rhc-debuginfo-0.2.5-1.el9_5.ppc64le.rpm SHA-256: 5240297004c96b56c8c904e16950c28e79c10f57d7460f37ac808306e873a776
rhc-debugsource-0.2.5-1.el9_5.ppc64le.rpm SHA-256: 5ef4dbbe5c5733210a49751ab972293126f17eb565c6fc91d6c2eb734cc0ec00
rhc-devel-0.2.5-1.el9_5.ppc64le.rpm SHA-256: 4ef795f4c283afb02bdad57d716f764a656e0f7c7f9432e80ad24c385890df04

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
rhc-debuginfo-0.2.5-1.el9_5.aarch64.rpm SHA-256: a1f4f8128e5b106ae2638386438c7bf167daf62009774d275d3d7f2e14b23f48
rhc-debugsource-0.2.5-1.el9_5.aarch64.rpm SHA-256: 0d75c119e7f55ba8853afe2f02e8c991ffd93381acb1b96d940b13dfc06b1b3c
rhc-devel-0.2.5-1.el9_5.aarch64.rpm SHA-256: 6951aea617ea424c2888c22db1b93ddd0589eb767787e317644404eaaa9c0a26

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
rhc-debuginfo-0.2.5-1.el9_5.s390x.rpm SHA-256: c8f64b026912b1e70c757f6c24b4fe39ea192ee29ecf1bb896534059dc1f4c38
rhc-debugsource-0.2.5-1.el9_5.s390x.rpm SHA-256: c8afd7691b1a281b9e0073a42b3192ef50e8aa8e1453ebae28e738051e1fa6be
rhc-devel-0.2.5-1.el9_5.s390x.rpm SHA-256: 46bd5a6867f4aaf72b7c0048867aa9361a7c43e016715ff03476bcd9a9662d55

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.