Issued:: 2025-02-13
Updated:: 2025-02-13

RHSA-2025:1487 - Security Advisory

Overview
Updated Images

Synopsis

Important: updated discovery container images

Type/Severity

Security Advisory: Important

Topic

Updated container images are now available for Discovery 1.12.1.

Description

The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Discovery 1 x86_64

Fixes

BZ - 2342118 - CVE-2022-49043 libxml: use-after-free in xmlXIncludeAddNode
BZ - 2342757 - CVE-2024-12797 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

CVEs

References

https://access.redhat.com/security/updates/classification/#important

aarch64

discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c

discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb

x86_64

discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d

discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest