- Issued:
- 2024-04-18
- Updated:
- 2024-04-18
RHSA-2024:1874 - Security Advisory
Synopsis
Moderate: rhc-worker-script security and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.
Security Fix(es):
- golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhc-worker-script] (CVE-2024-24786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Enhancement(s):
- Allow users to specify environment variables through the rhc-worker-script configuration file to be passed down to the scripts being executed (HMS-3843)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Fixes
- BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
- HMS-3843 - Allow users to specify environment variables through the rhc-worker-script configuration file to be passed down to the scripts being executed
CVEs
Red Hat Enterprise Linux Server 7
| SRPM | |
|---|---|
| rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
| x86_64 | |
| rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
| x86_64 | |
| rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux Workstation 7
| SRPM | |
|---|---|
| rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
| x86_64 | |
| rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux Desktop 7
| SRPM | |
|---|---|
| rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
| x86_64 | |
| rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux for Scientific Computing 7
| SRPM | |
|---|---|
| rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
| x86_64 | |
| rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
