Red Hat Product Errata RHSA-2024:9277 - Security Advisory
Issued:
2024-11-12
Updated:
2024-11-12

RHSA-2024:9277 - Security Advisory

Synopsis

Moderate: oci-seccomp-bpf-hook security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for oci-seccomp-bpf-hook is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OCI Hook to generate seccomp json files based on EBF syscalls used by container oci-seccomp-bpf-hook provides a library for applications looking to use the Container Pod concept popularized by Kubernetes.

Security Fix(es):

  • golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2279814 - CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop

Red Hat Enterprise Linux for x86_64 9

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
x86_64
oci-seccomp-bpf-hook-1.2.10-2.el9.x86_64.rpm SHA-256: a8367cf901ac4aa624ec0fb174b788eab6133412ba91ed4d0278009edcc01e19
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.x86_64.rpm SHA-256: a89c006b8557f82f04cdac6892ab887a51515d06a5c2314100b919ddec760071
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.x86_64.rpm SHA-256: f5cabd27b775605a7b7e21e144310dbc98cdadf2418490f5f008303cb4fd8b24

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
x86_64
oci-seccomp-bpf-hook-1.2.10-2.el9.x86_64.rpm SHA-256: a8367cf901ac4aa624ec0fb174b788eab6133412ba91ed4d0278009edcc01e19
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.x86_64.rpm SHA-256: a89c006b8557f82f04cdac6892ab887a51515d06a5c2314100b919ddec760071
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.x86_64.rpm SHA-256: f5cabd27b775605a7b7e21e144310dbc98cdadf2418490f5f008303cb4fd8b24

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
x86_64
oci-seccomp-bpf-hook-1.2.10-2.el9.x86_64.rpm SHA-256: a8367cf901ac4aa624ec0fb174b788eab6133412ba91ed4d0278009edcc01e19
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.x86_64.rpm SHA-256: a89c006b8557f82f04cdac6892ab887a51515d06a5c2314100b919ddec760071
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.x86_64.rpm SHA-256: f5cabd27b775605a7b7e21e144310dbc98cdadf2418490f5f008303cb4fd8b24

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
s390x
oci-seccomp-bpf-hook-1.2.10-2.el9.s390x.rpm SHA-256: 2514bdb320e75faed888b45be7fcf6fb4de7733ac8bdbd949a89e27ddfdeb597
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.s390x.rpm SHA-256: 3bd7897d956ecfca32e7586b14ad95e1a147d3dc05c49b4c0f2d454934c40307
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.s390x.rpm SHA-256: 80ba27eceeaeceb38f437da2c96d4c3afd658db662ab544fb302b83edda55473

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
s390x
oci-seccomp-bpf-hook-1.2.10-2.el9.s390x.rpm SHA-256: 2514bdb320e75faed888b45be7fcf6fb4de7733ac8bdbd949a89e27ddfdeb597
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.s390x.rpm SHA-256: 3bd7897d956ecfca32e7586b14ad95e1a147d3dc05c49b4c0f2d454934c40307
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.s390x.rpm SHA-256: 80ba27eceeaeceb38f437da2c96d4c3afd658db662ab544fb302b83edda55473

Red Hat Enterprise Linux for Power, little endian 9

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
ppc64le
oci-seccomp-bpf-hook-1.2.10-2.el9.ppc64le.rpm SHA-256: 10afb8c7da7e733189642f09f6e2af50349a51cc5563b471b39f317448a002f5
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.ppc64le.rpm SHA-256: 78f83e6ffad4e6c50f20ef515c2edba0a8200a9df8d6e20c0d92bbc76ca1214f
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.ppc64le.rpm SHA-256: 6fb8fb733feee43a2fc73289c1659196931743fc451b38d346fec953311e126d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
ppc64le
oci-seccomp-bpf-hook-1.2.10-2.el9.ppc64le.rpm SHA-256: 10afb8c7da7e733189642f09f6e2af50349a51cc5563b471b39f317448a002f5
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.ppc64le.rpm SHA-256: 78f83e6ffad4e6c50f20ef515c2edba0a8200a9df8d6e20c0d92bbc76ca1214f
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.ppc64le.rpm SHA-256: 6fb8fb733feee43a2fc73289c1659196931743fc451b38d346fec953311e126d

Red Hat Enterprise Linux for ARM 64 9

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
aarch64
oci-seccomp-bpf-hook-1.2.10-2.el9.aarch64.rpm SHA-256: 09d6cd871219571f220e0465b64e6e7b9593924bdc9a0cce801c33320a543486
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.aarch64.rpm SHA-256: 64f7f54c90af7d389481099e5d1ca9fd3685163ab2df7061130c2cb233dc88c9
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.aarch64.rpm SHA-256: c755bcb9633c35c78f43fa0d6ee62cc91f7deabbb446b63ebe22fa1d22eeb7b5

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
aarch64
oci-seccomp-bpf-hook-1.2.10-2.el9.aarch64.rpm SHA-256: 09d6cd871219571f220e0465b64e6e7b9593924bdc9a0cce801c33320a543486
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.aarch64.rpm SHA-256: 64f7f54c90af7d389481099e5d1ca9fd3685163ab2df7061130c2cb233dc88c9
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.aarch64.rpm SHA-256: c755bcb9633c35c78f43fa0d6ee62cc91f7deabbb446b63ebe22fa1d22eeb7b5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
ppc64le
oci-seccomp-bpf-hook-1.2.10-2.el9.ppc64le.rpm SHA-256: 10afb8c7da7e733189642f09f6e2af50349a51cc5563b471b39f317448a002f5
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.ppc64le.rpm SHA-256: 78f83e6ffad4e6c50f20ef515c2edba0a8200a9df8d6e20c0d92bbc76ca1214f
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.ppc64le.rpm SHA-256: 6fb8fb733feee43a2fc73289c1659196931743fc451b38d346fec953311e126d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
x86_64
oci-seccomp-bpf-hook-1.2.10-2.el9.x86_64.rpm SHA-256: a8367cf901ac4aa624ec0fb174b788eab6133412ba91ed4d0278009edcc01e19
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.x86_64.rpm SHA-256: a89c006b8557f82f04cdac6892ab887a51515d06a5c2314100b919ddec760071
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.x86_64.rpm SHA-256: f5cabd27b775605a7b7e21e144310dbc98cdadf2418490f5f008303cb4fd8b24

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
aarch64
oci-seccomp-bpf-hook-1.2.10-2.el9.aarch64.rpm SHA-256: 09d6cd871219571f220e0465b64e6e7b9593924bdc9a0cce801c33320a543486
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.aarch64.rpm SHA-256: 64f7f54c90af7d389481099e5d1ca9fd3685163ab2df7061130c2cb233dc88c9
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.aarch64.rpm SHA-256: c755bcb9633c35c78f43fa0d6ee62cc91f7deabbb446b63ebe22fa1d22eeb7b5

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
oci-seccomp-bpf-hook-1.2.10-2.el9.src.rpm SHA-256: 1e8e81944f948cd6085d2a9ff0c3a3ca200a57e266ccda38e854335cee5e7390
s390x
oci-seccomp-bpf-hook-1.2.10-2.el9.s390x.rpm SHA-256: 2514bdb320e75faed888b45be7fcf6fb4de7733ac8bdbd949a89e27ddfdeb597
oci-seccomp-bpf-hook-debuginfo-1.2.10-2.el9.s390x.rpm SHA-256: 3bd7897d956ecfca32e7586b14ad95e1a147d3dc05c49b4c0f2d454934c40307
oci-seccomp-bpf-hook-debugsource-1.2.10-2.el9.s390x.rpm SHA-256: 80ba27eceeaeceb38f437da2c96d4c3afd658db662ab544fb302b83edda55473

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.