RHSA-2024:6235 - Security Advisory

Topic

Red Hat Trusted Profile Analyzer 1.1.2 release Red Hat Product Security has rated this update as having a security impact of Moderate

Description

Red Hat Trusted Profile Analyzer 1.1.2 Security Fix(es): * nodejs-async: Regular expression denial of service while parsing function in autoinject (CVE-2024-39249) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * TC-1730 - CycloneDX SBOM with escape sequence upload failed.

Solution

It is recommended that existing users of RHTPA 1.1.1 upgrade to 1.1.2. There are no changes to any data structures or API’s included within this release.

Fixes

CVEs

(none)

References

• https://access.redhat.com/security/cve/CVE-2024-39249
• https://issues.redhat.com/browse/TC-1640
• https://issues.redhat.com/browse/TC-1730
• https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.1/html/release_notes/index