- Issued:
- 2024-04-30
- Updated:
- 2024-04-30
RHSA-2024:2625 - Security Advisory
Synopsis
Important: rhc-worker-script security and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.
Security Fix(es):
- golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Enhancement(s):
- Include deps information in rhc-worker-script binary (JIRA:HMS-3983)
- Set more granular log level for the scripts (JIRA:HMS-3837)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Fixes
- BZ - 2268273 - CVE-2023-45288 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
- HMS-3837 - Set more granular log level for the scripts
- HMS-3983 - Include deps information in rhc-worker-script binary
CVEs
Red Hat Enterprise Linux Server 7
| SRPM | |
|---|---|
| rhc-worker-script-0.8-1.el7_9.src.rpm | SHA-256: a0bc41c5a96285348f0016647b5edc961f56b800b142cae43020ba6d02f05fed |
| x86_64 | |
| rhc-worker-script-0.8-1.el7_9.x86_64.rpm | SHA-256: 788e8eeb3651cf4e09010cbe6ff5a2a1ce2c16e6c7b5c788a1cd18f23dd29c9f |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| rhc-worker-script-0.8-1.el7_9.src.rpm | SHA-256: a0bc41c5a96285348f0016647b5edc961f56b800b142cae43020ba6d02f05fed |
| x86_64 | |
| rhc-worker-script-0.8-1.el7_9.x86_64.rpm | SHA-256: 788e8eeb3651cf4e09010cbe6ff5a2a1ce2c16e6c7b5c788a1cd18f23dd29c9f |
Red Hat Enterprise Linux Workstation 7
| SRPM | |
|---|---|
| rhc-worker-script-0.8-1.el7_9.src.rpm | SHA-256: a0bc41c5a96285348f0016647b5edc961f56b800b142cae43020ba6d02f05fed |
| x86_64 | |
| rhc-worker-script-0.8-1.el7_9.x86_64.rpm | SHA-256: 788e8eeb3651cf4e09010cbe6ff5a2a1ce2c16e6c7b5c788a1cd18f23dd29c9f |
Red Hat Enterprise Linux Desktop 7
| SRPM | |
|---|---|
| rhc-worker-script-0.8-1.el7_9.src.rpm | SHA-256: a0bc41c5a96285348f0016647b5edc961f56b800b142cae43020ba6d02f05fed |
| x86_64 | |
| rhc-worker-script-0.8-1.el7_9.x86_64.rpm | SHA-256: 788e8eeb3651cf4e09010cbe6ff5a2a1ce2c16e6c7b5c788a1cd18f23dd29c9f |
Red Hat Enterprise Linux for Scientific Computing 7
| SRPM | |
|---|---|
| rhc-worker-script-0.8-1.el7_9.src.rpm | SHA-256: a0bc41c5a96285348f0016647b5edc961f56b800b142cae43020ba6d02f05fed |
| x86_64 | |
| rhc-worker-script-0.8-1.el7_9.x86_64.rpm | SHA-256: 788e8eeb3651cf4e09010cbe6ff5a2a1ce2c16e6c7b5c788a1cd18f23dd29c9f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
