RHSA-2024:7213 - Security Advisory

Topic

Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.

Description

Users of service-interconnect 1.4 LTS rhel9 container images are advised
to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs.
Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory the in Red Hat Container Catalog

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Service Interconnect 1.4 for RHEL 9 x86_64
• Red Hat Service Interconnect 1.4 for RHEL 8 x86_64

Fixes

• BZ - 2270498 - CVE-2024-2398 curl: HTTP/2 push headers memory-leak
• BZ - 2279632 - CVE-2024-34397 glib2: Signal subscription vulnerabilities
• BZ - 2294676 - CVE-2024-37371 krb5: GSS message token handling
• BZ - 2294677 - CVE-2024-37370 krb5: GSS message token handling
• BZ - 2297771 - CVE-2024-6345 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
• BZ - 2302255 - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

CVEs

• CVE-2024-2398
• CVE-2024-6119
• CVE-2024-6345
• CVE-2024-6923
• CVE-2024-34397
• CVE-2024-37370
• CVE-2024-37371
• CVE-2024-45490
• CVE-2024-45491
• CVE-2024-45492

References

• https://access.redhat.com/security/updates/classification/#low