Action not permitted
Modal body text goes here.
cve-2024-34397
Vulnerability from cvelistv5
Published
2024-05-07 00:00
Modified
2024-11-15 17:14
Severity ?
EPSS score ?
Summary
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-34397", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T19:45:07.808061Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:14:35.675Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:51:11.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" }, { "name": "FEDORA-2024-be032e564d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/" }, { "name": "FEDORA-2024-2ce1c754f7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/" }, { "name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0008/" }, { "name": "FEDORA-2024-fd2569c4e9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/" }, { "name": "FEDORA-2024-635a54eb7e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:08:40.913255", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" }, { "name": "FEDORA-2024-be032e564d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/" }, { "name": "FEDORA-2024-2ce1c754f7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/" }, { "name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240531-0008/" }, { "name": "FEDORA-2024-fd2569c4e9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/" }, { "name": "FEDORA-2024-635a54eb7e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-34397", "datePublished": "2024-05-07T00:00:00", "dateReserved": "2024-05-02T00:00:00", "dateUpdated": "2024-11-15T17:14:35.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-34397\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-05-07T18:15:08.350\",\"lastModified\":\"2024-11-21T09:18:34.830\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a se\u00f1ales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar se\u00f1ales D-Bus falsificadas que el cliente basado en GDBus interpretar\u00e1 err\u00f3neamente como enviadas por el mismo. servicio de sistema confiable. Esto podr\u00eda provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"references\":[{\"url\":\"https://gitlab.gnome.org/GNOME/glib/-/issues/3268\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240531-0008/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/05/07/5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gitlab.gnome.org/GNOME/glib/-/issues/3268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240531-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/05/07/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2024_10135
Vulnerability from csaf_redhat
Published
2024-11-21 09:03
Modified
2024-12-11 03:46
Summary
Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS
Notes
Topic
Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.
Details
Users of service-interconnect 1.4 LTS rhel9 container images are advised
to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs.
Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory the in Red Hat Container Catalog
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.", "title": "Topic" }, { "category": "general", "text": "Users of service-interconnect 1.4 LTS rhel9 container images are advised\nto upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. \nUsers of these images are also encouraged to rebuild all container images that depend on these images.\nYou can find images updated by this advisory the in Red Hat Container Catalog", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10135", "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "2263240", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263240" }, { "category": "external", "summary": "2321987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10135.json" } ], "title": "Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS", "tracking": { "current_release_date": "2024-12-11T03:46:46+00:00", "generator": { "date": "2024-12-11T03:46:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:10135", "initial_release_date": "2024-11-21T09:03:29+00:00", "revision_history": [ { "date": "2024-11-21T09:03:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-21T09:03:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-11T03:46:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "9Base-Service-Interconnect-1.4", "product": { "name": "9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9" } } } ], "category": "product_family", "name": "Red Hat Service Interconnect" }, { "branches": [ { "category": "product_version", "name": "service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "product": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.7-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "product": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.7-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "product": { "name": "service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "product_id": "service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.7-4" } } }, { "category": "product_version", "name": "service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "product": { "name": "service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "product_id": "service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-7" } } }, { "category": "product_version", "name": "service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "product": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.7-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64", "product": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64", "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.7-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64" }, "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64" }, "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64" }, "product_reference": "service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64" }, "product_reference": "service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64" }, "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" }, "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2398", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2024-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270498" } ], "notes": [ { "category": "description", "text": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HTTP/2 push headers memory-leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-2398" }, { "category": "external", "summary": "RHBZ#2270498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2024-2398.html", "url": "https://curl.se/docs/CVE-2024-2398.html" } ], "release_date": "2024-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HTTP/2 push headers memory-leak" }, { "cve": "CVE-2024-6119", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2024-08-20T17:50:04+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2306158" } ], "notes": [ { "category": "description", "text": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Possible denial of service in X.509 name checks", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as moderate severity rather than important because it primarily affects specific use cases involving certificate name checks against otherName subject alternative names, a scenario that is not commonly encountered. The issue only triggers a denial of service (DoS) by causing an abnormal application termination, without compromising the integrity, confidentiality, or availability of data at a broader scale. Additionally, TLS servers, which typically don\u0027t perform reference identity checks during client certificate validation, are largely unaffected. The impact is localized to certain TLS clients performing specific name comparisons, reducing the overall risk profile and justifying the moderate severity classification.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6119" }, { "category": "external", "summary": "RHBZ#2306158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306158" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6119", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6119" }, { "category": "external", "summary": "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", "url": "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj" } ], "release_date": "2024-09-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Possible denial of service in X.509 name checks" }, { "cve": "CVE-2024-6345", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2297771" } ], "notes": [ { "category": "description", "text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6345" }, { "category": "external", "summary": "RHBZ#2297771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345" }, { "category": "external", "summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0" }, { "category": "external", "summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5" } ], "release_date": "2024-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools" }, { "cve": "CVE-2024-6923", "discovery_date": "2024-08-01T14:30:06+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2302255" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the email module that uses Python language. The email module doesn\u0027t properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6923" }, { "category": "external", "summary": "RHBZ#2302255", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6923", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121650", "url": "https://github.com/python/cpython/issues/121650" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/122233", "url": "https://github.com/python/cpython/pull/122233" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/" } ], "release_date": "2024-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection" }, { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-940", "name": "Improper Verification of Source of a Communication Channel" }, "discovery_date": "2024-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279632" } ], "notes": [ { "category": "description", "text": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib2: Signal subscription vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34397" }, { "category": "external", "summary": "RHBZ#2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" } ], "release_date": "2024-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glib2: Signal subscription vulnerabilities" }, { "cve": "CVE-2024-37370", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294677" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by altering the token durning the transmission for authentication process. This has been rated as moderate by Redhat as the vulnerability cannot be exploited in a way that it leads to a loss of availability or integrity,when in transmission token count field can be changed making the token appear truncated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37370" }, { "category": "external", "summary": "RHBZ#2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37370", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" }, { "cve": "CVE-2024-37371", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294676" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as a moderate severity vulnerability because, while it allows an attacker to modify the plaintext \"Extra Count\" field of a GSS krb5 wrap token, the impact is primarily limited to token truncation at the application layer. This truncation can disrupt services but does not directly lead to a full compromise of confidentiality or integrity. The attack requires that the attacker already has access to a valid token transmission to modify, meaning it cannot be exploited remotely without first obtaining or intercepting a valid token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37371" }, { "category": "external", "summary": "RHBZ#2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37371", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" }, { "cve": "CVE-2024-45490", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2024-08-30T03:20:06.675968+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308615" } ], "notes": [ { "category": "description", "text": "A flaw was found in libexpat\u0027s xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "title": "Vulnerability description" }, { "category": "summary", "text": "libexpat: Negative Length Parsing Vulnerability in libexpat", "title": "Vulnerability summary" }, { "category": "other", "text": "The CVE-2024-45490 vulnerability is rated as moderate severity because while it allows for memory corruption through improper argument handling in XML_ParseBuffer, the exploitability is limited. Specifically, it requires an unlikely scenario where the input passed to the function has a negative length (len \u003c 0), which would typically not occur in well-formed applications. Moreover, while the impact includes denial of service (DoS), the conditions necessary for arbitrary code execution are non-trivial, requiring specific exploitation of memory corruption. Since it primarily leads to application crashes without an easily accessible attack vector for remote code execution, the risk is lower compared to higher-severity vulnerabilities that offer more direct pathways to exploitation.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45490" }, { "category": "external", "summary": "RHBZ#2308615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45490", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes", "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/887", "url": "https://github.com/libexpat/libexpat/issues/887" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/890", "url": "https://github.com/libexpat/libexpat/pull/890" } ], "release_date": "2024-08-30T03:15:03.757000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libexpat: Negative Length Parsing Vulnerability in libexpat" }, { "cve": "CVE-2024-45491", "discovery_date": "2024-08-30T03:20:09.474759+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308616" } ], "notes": [ { "category": "description", "text": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "title": "Vulnerability description" }, { "category": "summary", "text": "libexpat: Integer Overflow or Wraparound", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as Moderate severity rather than Important due to its reliance on specific conditions for exploitation. The integer overflow in dtdCopy affecting nDefaultAtts is limited to 32-bit platforms, reducing the attack surface as many modern systems operate on 64-bit architectures. Additionally, while the impact can lead to denial of service and potentially arbitrary code execution, the latter requires precise manipulation of the overflow condition, which may be non-trivial for attackers to achieve reliably. The constrained platform scope and the complexity of exploitation lower the overall severity, though it still poses a risk in environments where 32-bit systems are prevalent.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45491" }, { "category": "external", "summary": "RHBZ#2308616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45491", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes", "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/888", "url": "https://github.com/libexpat/libexpat/issues/888" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/891", "url": "https://github.com/libexpat/libexpat/pull/891" } ], "release_date": "2024-08-30T03:15:03.850000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libexpat: Integer Overflow or Wraparound" }, { "cve": "CVE-2024-45492", "discovery_date": "2024-08-30T03:20:11.638476+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308617" } ], "notes": [ { "category": "description", "text": "A flaw was found in libexpat\u0027s internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "title": "Vulnerability description" }, { "category": "summary", "text": "libexpat: integer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "CVE-2024-45492 is categorized as a Moderate severity issue rather than Important due to the specific conditions required for exploitation and the limited scope of impact. While an integer overflow in the nextScaffoldPart function on 32-bit platforms can potentially lead to denial of service (DoS) or, in rare cases, arbitrary code execution, the vulnerability is platform-specific, affecting only 32-bit architectures with particular handling of UINT_MAX and SIZE_MAX. Additionally, exploiting the overflow for arbitrary code execution would require precise manipulation of memory, making it a less likely attack vector. The primary risk of DoS, without guaranteed escalation to remote code execution, further justifies the moderate severity classification.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45492" }, { "category": "external", "summary": "RHBZ#2308617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45492", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes", "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/889", "url": "https://github.com/libexpat/libexpat/issues/889" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/892", "url": "https://github.com/libexpat/libexpat/pull/892" } ], "release_date": "2024-08-30T03:15:03.930000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-21T09:03:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:51c106e22bc98c6678dafc2f42e387f6e6158e686436e6f89747703dd9c1bbbc_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:58ec0e5cb8a9544153410867797e40055928dbd589e652e02bf4cddff083f5f6_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:32c03556f3eb7f87c0624b105e8d9aac7dcfaea71adf16e4e9825586829880c1_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:958ec2e1c85c49252d7b49a7b0073a0e73dffac31e46bad2b0a788114cb13c74_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:34ce86c11588f0c7b2ba40ff988a8b6ac7ae6d29182e94d3a65e5756c68578f8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:cce081bb2d5ae131770dfd095c2e8ad2fcc616d9b3fc487f9252c8f721f1b2ba_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libexpat: integer overflow" } ] }
rhsa-2024_9442
Vulnerability from csaf_redhat
Published
2024-11-12 08:59
Modified
2024-11-25 06:40
Summary
Red Hat Security Advisory: mingw-glib2 security update
Notes
Topic
An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
* glib2: Signal subscription vulnerabilities (CVE-2024-34397)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* glib2: Signal subscription vulnerabilities (CVE-2024-34397)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:9442", "url": "https://access.redhat.com/errata/RHSA-2024:9442" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index", "url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9442.json" } ], "title": "Red Hat Security Advisory: mingw-glib2 security update", "tracking": { "current_release_date": "2024-11-25T06:40:51+00:00", "generator": { "date": "2024-11-25T06:40:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:9442", "initial_release_date": "2024-11-12T08:59:14+00:00", "revision_history": [ { "date": "2024-11-12T08:59:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-12T08:59:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T06:40:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat CodeReady Linux Builder (v. 9)", "product": { "name": "Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::crb" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "mingw-glib2-0:2.78.6-1.el9.src", "product": { "name": "mingw-glib2-0:2.78.6-1.el9.src", "product_id": "mingw-glib2-0:2.78.6-1.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw-glib2@2.78.6-1.el9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "mingw32-glib2-0:2.78.6-1.el9.noarch", "product": { "name": "mingw32-glib2-0:2.78.6-1.el9.noarch", "product_id": "mingw32-glib2-0:2.78.6-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw32-glib2@2.78.6-1.el9?arch=noarch" } } }, { "category": "product_version", "name": "mingw32-glib2-static-0:2.78.6-1.el9.noarch", "product": { "name": "mingw32-glib2-static-0:2.78.6-1.el9.noarch", "product_id": "mingw32-glib2-static-0:2.78.6-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw32-glib2-static@2.78.6-1.el9?arch=noarch" } } }, { "category": "product_version", "name": "mingw64-glib2-0:2.78.6-1.el9.noarch", "product": { "name": "mingw64-glib2-0:2.78.6-1.el9.noarch", "product_id": "mingw64-glib2-0:2.78.6-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw64-glib2@2.78.6-1.el9?arch=noarch" } } }, { "category": "product_version", "name": "mingw64-glib2-static-0:2.78.6-1.el9.noarch", "product": { "name": "mingw64-glib2-static-0:2.78.6-1.el9.noarch", "product_id": "mingw64-glib2-static-0:2.78.6-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw64-glib2-static@2.78.6-1.el9?arch=noarch" } } }, { "category": "product_version", "name": "mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "product": { "name": "mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "product_id": "mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw32-glib2-debuginfo@2.78.6-1.el9?arch=noarch" } } }, { "category": "product_version", "name": "mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "product": { "name": "mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "product_id": "mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mingw64-glib2-debuginfo@2.78.6-1.el9?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mingw-glib2-0:2.78.6-1.el9.src as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw-glib2-0:2.78.6-1.el9.src" }, "product_reference": "mingw-glib2-0:2.78.6-1.el9.src", "relates_to_product_reference": "CRB-9.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "mingw32-glib2-0:2.78.6-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw32-glib2-0:2.78.6-1.el9.noarch" }, "product_reference": "mingw32-glib2-0:2.78.6-1.el9.noarch", "relates_to_product_reference": "CRB-9.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch" }, "product_reference": "mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "relates_to_product_reference": "CRB-9.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "mingw32-glib2-static-0:2.78.6-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw32-glib2-static-0:2.78.6-1.el9.noarch" }, "product_reference": "mingw32-glib2-static-0:2.78.6-1.el9.noarch", "relates_to_product_reference": "CRB-9.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "mingw64-glib2-0:2.78.6-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw64-glib2-0:2.78.6-1.el9.noarch" }, "product_reference": "mingw64-glib2-0:2.78.6-1.el9.noarch", "relates_to_product_reference": "CRB-9.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch" }, "product_reference": "mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "relates_to_product_reference": "CRB-9.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "mingw64-glib2-static-0:2.78.6-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.5.0.GA:mingw64-glib2-static-0:2.78.6-1.el9.noarch" }, "product_reference": "mingw64-glib2-static-0:2.78.6-1.el9.noarch", "relates_to_product_reference": "CRB-9.5.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-940", "name": "Improper Verification of Source of a Communication Channel" }, "discovery_date": "2024-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279632" } ], "notes": [ { "category": "description", "text": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib2: Signal subscription vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CRB-9.5.0.GA:mingw-glib2-0:2.78.6-1.el9.src", "CRB-9.5.0.GA:mingw32-glib2-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw32-glib2-static-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-static-0:2.78.6-1.el9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34397" }, { "category": "external", "summary": "RHBZ#2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" } ], "release_date": "2024-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-12T08:59:14+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "CRB-9.5.0.GA:mingw-glib2-0:2.78.6-1.el9.src", "CRB-9.5.0.GA:mingw32-glib2-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw32-glib2-static-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-static-0:2.78.6-1.el9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9442" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CRB-9.5.0.GA:mingw-glib2-0:2.78.6-1.el9.src", "CRB-9.5.0.GA:mingw32-glib2-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw32-glib2-debuginfo-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw32-glib2-static-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-debuginfo-0:2.78.6-1.el9.noarch", "CRB-9.5.0.GA:mingw64-glib2-static-0:2.78.6-1.el9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glib2: Signal subscription vulnerabilities" } ] }
rhsa-2024_7374
Vulnerability from csaf_redhat
Published
2024-09-30 14:30
Modified
2024-12-02 12:56
Summary
Red Hat Security Advisory: Security update for service-interconnect rhel9 container images
Notes
Topic
Updated service-interconnect container images are now available for Service Interconnect 1 for RHEL 9.
Details
Users of service-interconnect rhel9 container images are advised
to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs.
Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory the in Red Hat Container Catalog
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated service-interconnect container images are now available for Service Interconnect 1 for RHEL 9.", "title": "Topic" }, { "category": "general", "text": "Users of service-interconnect rhel9 container images are advised\nto upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. \nUsers of these images are also encouraged to rebuild all container images that depend on these images.\nYou can find images updated by this advisory the in Red Hat Container Catalog", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7374", "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "2270498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "category": "external", "summary": "2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "external", "summary": "2297771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771" }, { "category": "external", "summary": "2302255", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7374.json" } ], "title": "Red Hat Security Advisory: Security update for service-interconnect rhel9 container images", "tracking": { "current_release_date": "2024-12-02T12:56:04+00:00", "generator": { "date": "2024-12-02T12:56:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:7374", "initial_release_date": "2024-09-30T14:30:36+00:00", "revision_history": [ { "date": "2024-09-30T14:30:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-09-30T14:30:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-02T12:56:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Service Interconnect 1", "product": { "name": "Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_interconnect:1::el9" } } } ], "category": "product_family", "name": "Red Hat Service Interconnect" }, { "branches": [ { "category": "product_version", "name": "service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "product": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "product": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "product_id": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-container-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "product": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "product_id": "service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "product": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "product": { "name": "service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "product_id": "service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "product": { "name": "service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "product_id": "service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.5.3-5" } } }, { "category": "product_version", "name": "service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "product": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "product": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.5.5-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "product": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "product": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "product_id": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-container-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "product": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "product_id": "service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "product": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "product": { "name": "service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "product_id": "service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.5.3-5" } } }, { "category": "product_version", "name": "service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "product": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "product": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2?arch=ppc64le\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.5.5-3" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "product": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "product": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "product_id": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-container-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "product": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "product_id": "service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "product": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "product": { "name": "service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "product_id": "service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "product": { "name": "service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "product_id": "service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.5.3-5" } } }, { "category": "product_version", "name": "service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "product": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "product": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "product_identification_helper": { "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693?arch=arm64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.5.5-3" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "product": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "product": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "product_id": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-container-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "product": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "product_id": "service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "product": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "product": { "name": "service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "product_id": "service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.5.3-5" } } }, { "category": "product_version", "name": "service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "product": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.5.5-3" } } }, { "category": "product_version", "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x", "product": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x", "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x", "product_identification_helper": { "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f?arch=s390x\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.5.5-3" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64" }, "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le" }, "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64" }, "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x" }, "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64" }, "product_reference": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x" }, "product_reference": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64" }, "product_reference": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le" }, "product_reference": "service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64" }, "product_reference": "service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x" }, "product_reference": "service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64" }, "product_reference": "service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le" }, "product_reference": "service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64" }, "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64" }, "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le" }, "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x" }, "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64" }, "product_reference": "service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64" }, "product_reference": "service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64" }, "product_reference": "service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64" }, "product_reference": "service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x" }, "product_reference": "service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le" }, "product_reference": "service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le" }, "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64" }, "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x" }, "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64" }, "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le" }, "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64" }, "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64 as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64" }, "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "relates_to_product_reference": "9Base-Service-Interconnect-1" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x as a component of Red Hat Service Interconnect 1", "product_id": "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" }, "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x", "relates_to_product_reference": "9Base-Service-Interconnect-1" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2398", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2024-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270498" } ], "notes": [ { "category": "description", "text": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HTTP/2 push headers memory-leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-2398" }, { "category": "external", "summary": "RHBZ#2270498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2024-2398.html", "url": "https://curl.se/docs/CVE-2024-2398.html" } ], "release_date": "2024-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-30T14:30:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7374" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HTTP/2 push headers memory-leak" }, { "cve": "CVE-2024-6345", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2297771" } ], "notes": [ { "category": "description", "text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6345" }, { "category": "external", "summary": "RHBZ#2297771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345" }, { "category": "external", "summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0" }, { "category": "external", "summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5" } ], "release_date": "2024-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-30T14:30:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools" }, { "cve": "CVE-2024-6923", "discovery_date": "2024-08-01T14:30:06+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2302255" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the email module that uses Python language. The email module doesn\u0027t properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6923" }, { "category": "external", "summary": "RHBZ#2302255", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6923", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121650", "url": "https://github.com/python/cpython/issues/121650" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/122233", "url": "https://github.com/python/cpython/pull/122233" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/" } ], "release_date": "2024-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-30T14:30:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection" }, { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-940", "name": "Improper Verification of Source of a Communication Channel" }, "discovery_date": "2024-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279632" } ], "notes": [ { "category": "description", "text": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib2: Signal subscription vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34397" }, { "category": "external", "summary": "RHBZ#2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" } ], "release_date": "2024-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-30T14:30:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7374" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glib2: Signal subscription vulnerabilities" }, { "cve": "CVE-2024-37370", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294677" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by altering the token durning the transmission for authentication process. This has been rated as moderate by Redhat as the vulnerability cannot be exploited in a way that it leads to a loss of availability or integrity,when in transmission token count field can be changed making the token appear truncated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37370" }, { "category": "external", "summary": "RHBZ#2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37370", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-30T14:30:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" }, { "cve": "CVE-2024-37371", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294676" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as a moderate severity vulnerability because, while it allows an attacker to modify the plaintext \"Extra Count\" field of a GSS krb5 wrap token, the impact is primarily limited to token truncation at the application layer. This truncation can disrupt services but does not directly lead to a full compromise of confidentiality or integrity. The attack requires that the attacker already has access to a valid token transmission to modify, meaning it cannot be exploited remotely without first obtaining or intercepting a valid token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37371" }, { "category": "external", "summary": "RHBZ#2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37371", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-30T14:30:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1e51ccc87e6b809e6f510eafaebf9d7b6d9ac02d85d99a21f7c2b3546d95c993_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:1fa92e9dd6c8be900e19a56601239a5cd77c73926f5d1df486541a47fd82d48a_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:450bcad67cd3fb43bb1a1eee5a1b5c2fe30b35e5ee1733d49acaccbbcb3c01df_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha256:aa3f104a46c7d0a1cdbea484270196933d3d9ba831adf66a82ca9f4d5bf6c1c1_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-container-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:2e40acb1ece840bf75b32a7a5a1410ccb510f640f062e42b636efd2da57d8254_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:8ec1dd7c77d43c4fd85e34e9b57407616d41b297d207427b7cda3055edacf1fb_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:a267af3a4a7ac8bc1a95ab4668d38b78eb2b6ebb4c435725b28e0139994b1db8_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel9@sha256:b370e625537896ac976aea04fbfc08a1d8f49470ad86bcbf56f911612ace5705_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:5a2bbc2d6ff9877c92bb6f8f9e74b4d398af9a9d0c1c63614ad5221ae0f4387b_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:852c0d2e1fe3aa94340cafb34d3a1f30e5d60a2a13f4e1dcd05a2803fe3b1b94_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:a5d0feb9be612ee20a3aecb144338d34a05a92c0fd85c55f002303ea68a5456f_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@sha256:c61deb80251fd029d54f0e1c80e275931b5961e12c69032f53d810ea77ad878b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:1a2e41708c18de011215f3bb4332ec3616cbc7b7122908af1bc83e6b98ea7efd_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256:e639c7884894da448456e3a954e0d0e7fc4a70966892b10c8eaa12fdd5cc9d16_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:22ef901809e7f27ab1c0f8d0b16861ccd3aacf88c486a7849cf04be9ec937a34_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:4648a0c7c7f0c24de88e19e4575b61f0642e5f14d4f159adfc29aa02a2838958_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:cd60506a79c19cacf00b4d0ba7b480bd2ac581dd5dd940ea465aa2f26a87b69b_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:e46486ce27952590e7c4ed818c2ec357b90257881104bab09fb481f14124a322_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:09e450f2722b9750e07557885e833b640b38de0674c18d540bbe1d68ad81a429_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:23635d9021733243d00aeb79c67f574efeafad8811d6b5efabd1055f7d70807c_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5a37e9dda65c4dc3c98148ddaeb9d9d0775f135a5bceac2d965df59a6da6195e_s390x", "9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhel9@sha256:5ef5bb44d5b145edbab3251df66759b1b5ba7759df2393a695afe7499b496ac0_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:85cfc600b04354394bca458cd2e28c41355c71287e09ed800a1259d8c3d286d2_ppc64le", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:89b500b2f4b4a120fb3a408782759d3200702a61448c3d588663a2acd4259498_amd64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:c7de1b3a39ae8e4ea095b40fa697ac8678eb5903aff605e854b9bda36f9d1693_arm64", "9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@sha256:ee72aa47a10c33b3e20022ebc2f9dab4e000d195363cd702fb67f7c7c298759f_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" } ] }
rhsa-2024_6464
Vulnerability from csaf_redhat
Published
2024-09-09 02:30
Modified
2024-11-25 06:40
Summary
Red Hat Security Advisory: glib2 security update
Notes
Topic
An update for glib2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
* glib2: Signal subscription vulnerabilities (CVE-2024-34397)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for glib2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* glib2: Signal subscription vulnerabilities (CVE-2024-34397)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:6464", "url": "https://access.redhat.com/errata/RHSA-2024:6464" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6464.json" } ], "title": "Red Hat Security Advisory: glib2 security update", "tracking": { "current_release_date": "2024-11-25T06:40:20+00:00", "generator": { "date": "2024-11-25T06:40:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:6464", "initial_release_date": "2024-09-09T02:30:17+00:00", "revision_history": [ { "date": "2024-09-09T02:30:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-09-09T02:30:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T06:40:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 9)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:9::baseos" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux CRB (v. 9)", "product": { "name": "Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::crb" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.68.4-14.el9_4.1?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-14.el9_4.1.aarch64", "product": { "name": "glib2-static-0:2.68.4-14.el9_4.1.aarch64", "product_id": "glib2-static-0:2.68.4-14.el9_4.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.68.4-14.el9_4.1?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.68.4-14.el9_4.1?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "product": { "name": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "product_id": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.68.4-14.el9_4.1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-devel-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.68.4-14.el9_4.1?arch=i686" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.68.4-14.el9_4.1?arch=i686" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.68.4-14.el9_4.1?arch=i686" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.68.4-14.el9_4.1?arch=i686" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.68.4-14.el9_4.1?arch=i686" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.68.4-14.el9_4.1?arch=i686" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-14.el9_4.1.i686", "product": { "name": "glib2-static-0:2.68.4-14.el9_4.1.i686", "product_id": "glib2-static-0:2.68.4-14.el9_4.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.68.4-14.el9_4.1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.68.4-14.el9_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-14.el9_4.1.x86_64", "product": { "name": "glib2-static-0:2.68.4-14.el9_4.1.x86_64", "product_id": "glib2-static-0:2.68.4-14.el9_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.68.4-14.el9_4.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-devel-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-tests-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-tests-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.68.4-14.el9_4.1?arch=s390x" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-14.el9_4.1.s390x", "product": { "name": "glib2-static-0:2.68.4-14.el9_4.1.s390x", "product_id": "glib2-static-0:2.68.4-14.el9_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.68.4-14.el9_4.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "glib2-doc-0:2.68.4-14.el9_4.1.noarch", "product": { "name": "glib2-doc-0:2.68.4-14.el9_4.1.noarch", "product_id": "glib2-doc-0:2.68.4-14.el9_4.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-doc@2.68.4-14.el9_4.1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.68.4-14.el9_4.1.src", "product": { "name": "glib2-0:2.68.4-14.el9_4.1.src", "product_id": "glib2-0:2.68.4-14.el9_4.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.68.4-14.el9_4.1?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.src", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-doc-0:2.68.4-14.el9_4.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch" }, "product_reference": "glib2-doc-0:2.68.4-14.el9_4.1.noarch", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.src", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-doc-0:2.68.4-14.el9_4.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch" }, "product_reference": "glib2-doc-0:2.68.4-14.el9_4.1.noarch", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.src as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.src", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-doc-0:2.68.4-14.el9_4.1.noarch as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch" }, "product_reference": "glib2-doc-0:2.68.4-14.el9_4.1.noarch", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-static-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", "product_id": "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64" }, "product_reference": "glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-940", "name": "Improper Verification of Source of a Communication Channel" }, "discovery_date": "2024-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279632" } ], "notes": [ { "category": "description", "text": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib2: Signal subscription vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34397" }, { "category": "external", "summary": "RHBZ#2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" } ], "release_date": "2024-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-09T02:30:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "AppStream-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "AppStream-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.src", "CRB-9.4.0.Z.MAIN.EUS:glib2-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-debugsource-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-devel-debuginfo-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-doc-0:2.68.4-14.el9_4.1.noarch", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-static-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-0:2.68.4-14.el9_4.1.x86_64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.aarch64", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.i686", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.ppc64le", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.s390x", "CRB-9.4.0.Z.MAIN.EUS:glib2-tests-debuginfo-0:2.68.4-14.el9_4.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glib2: Signal subscription vulnerabilities" } ] }
rhsa-2024_7213
Vulnerability from csaf_redhat
Published
2024-09-26 13:26
Modified
2024-12-11 03:46
Summary
Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS
Notes
Topic
Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.
Details
Users of service-interconnect 1.4 LTS rhel9 container images are advised
to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs.
Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory the in Red Hat Container Catalog
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.", "title": "Topic" }, { "category": "general", "text": "Users of service-interconnect 1.4 LTS rhel9 container images are advised\nto upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. \nUsers of these images are also encouraged to rebuild all container images that depend on these images.\nYou can find images updated by this advisory the in Red Hat Container Catalog", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7213", "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "2270498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "category": "external", "summary": "2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "external", "summary": "2297771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771" }, { "category": "external", "summary": "2302255", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7213.json" } ], "title": "Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS", "tracking": { "current_release_date": "2024-12-11T03:46:21+00:00", "generator": { "date": "2024-12-11T03:46:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:7213", "initial_release_date": "2024-09-26T13:26:32+00:00", "revision_history": [ { "date": "2024-09-26T13:26:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-09-26T13:26:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-11T03:46:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "9Base-Service-Interconnect-1.4", "product": { "name": "9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9" } } } ], "category": "product_family", "name": "Red Hat Service Interconnect" }, { "branches": [ { "category": "product_version", "name": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "product": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.7-2" } } }, { "category": "product_version", "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "product": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.7-2" } } }, { "category": "product_version", "name": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "product": { "name": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "product_id": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.7-2" } } }, { "category": "product_version", "name": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "product": { "name": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "product_id": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-6" } } }, { "category": "product_version", "name": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "product": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.7-2" } } }, { "category": "product_version", "name": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64", "product": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64", "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64", "product_identification_helper": { "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.7-2" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64" }, "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64" }, "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64" }, "product_reference": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64" }, "product_reference": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64" }, "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64 as a component of 9Base-Service-Interconnect-1.4", "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" }, "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64", "relates_to_product_reference": "9Base-Service-Interconnect-1.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2398", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2024-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270498" } ], "notes": [ { "category": "description", "text": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HTTP/2 push headers memory-leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-2398" }, { "category": "external", "summary": "RHBZ#2270498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2024-2398.html", "url": "https://curl.se/docs/CVE-2024-2398.html" } ], "release_date": "2024-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HTTP/2 push headers memory-leak" }, { "cve": "CVE-2024-6119", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2024-08-20T17:50:04+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2306158" } ], "notes": [ { "category": "description", "text": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Possible denial of service in X.509 name checks", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as moderate severity rather than important because it primarily affects specific use cases involving certificate name checks against otherName subject alternative names, a scenario that is not commonly encountered. The issue only triggers a denial of service (DoS) by causing an abnormal application termination, without compromising the integrity, confidentiality, or availability of data at a broader scale. Additionally, TLS servers, which typically don\u0027t perform reference identity checks during client certificate validation, are largely unaffected. The impact is localized to certain TLS clients performing specific name comparisons, reducing the overall risk profile and justifying the moderate severity classification.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6119" }, { "category": "external", "summary": "RHBZ#2306158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306158" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6119", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6119" }, { "category": "external", "summary": "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", "url": "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj" } ], "release_date": "2024-09-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Possible denial of service in X.509 name checks" }, { "cve": "CVE-2024-6345", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2297771" } ], "notes": [ { "category": "description", "text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6345" }, { "category": "external", "summary": "RHBZ#2297771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345" }, { "category": "external", "summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0" }, { "category": "external", "summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5" } ], "release_date": "2024-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools" }, { "cve": "CVE-2024-6923", "discovery_date": "2024-08-01T14:30:06+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2302255" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the email module that uses Python language. The email module doesn\u0027t properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6923" }, { "category": "external", "summary": "RHBZ#2302255", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6923", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121650", "url": "https://github.com/python/cpython/issues/121650" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/122233", "url": "https://github.com/python/cpython/pull/122233" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/" } ], "release_date": "2024-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection" }, { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-940", "name": "Improper Verification of Source of a Communication Channel" }, "discovery_date": "2024-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279632" } ], "notes": [ { "category": "description", "text": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib2: Signal subscription vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34397" }, { "category": "external", "summary": "RHBZ#2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" } ], "release_date": "2024-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glib2: Signal subscription vulnerabilities" }, { "cve": "CVE-2024-37370", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294677" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by altering the token durning the transmission for authentication process. This has been rated as moderate by Redhat as the vulnerability cannot be exploited in a way that it leads to a loss of availability or integrity,when in transmission token count field can be changed making the token appear truncated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37370" }, { "category": "external", "summary": "RHBZ#2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37370", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" }, { "cve": "CVE-2024-37371", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294676" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as a moderate severity vulnerability because, while it allows an attacker to modify the plaintext \"Extra Count\" field of a GSS krb5 wrap token, the impact is primarily limited to token truncation at the application layer. This truncation can disrupt services but does not directly lead to a full compromise of confidentiality or integrity. The attack requires that the attacker already has access to a valid token transmission to modify, meaning it cannot be exploited remotely without first obtaining or intercepting a valid token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37371" }, { "category": "external", "summary": "RHBZ#2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37371", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" }, { "cve": "CVE-2024-45490", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2024-08-30T03:20:06.675968+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308615" } ], "notes": [ { "category": "description", "text": "A flaw was found in libexpat\u0027s xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "title": "Vulnerability description" }, { "category": "summary", "text": "libexpat: Negative Length Parsing Vulnerability in libexpat", "title": "Vulnerability summary" }, { "category": "other", "text": "The CVE-2024-45490 vulnerability is rated as moderate severity because while it allows for memory corruption through improper argument handling in XML_ParseBuffer, the exploitability is limited. Specifically, it requires an unlikely scenario where the input passed to the function has a negative length (len \u003c 0), which would typically not occur in well-formed applications. Moreover, while the impact includes denial of service (DoS), the conditions necessary for arbitrary code execution are non-trivial, requiring specific exploitation of memory corruption. Since it primarily leads to application crashes without an easily accessible attack vector for remote code execution, the risk is lower compared to higher-severity vulnerabilities that offer more direct pathways to exploitation.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45490" }, { "category": "external", "summary": "RHBZ#2308615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45490", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes", "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/887", "url": "https://github.com/libexpat/libexpat/issues/887" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/890", "url": "https://github.com/libexpat/libexpat/pull/890" } ], "release_date": "2024-08-30T03:15:03.757000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libexpat: Negative Length Parsing Vulnerability in libexpat" }, { "cve": "CVE-2024-45491", "discovery_date": "2024-08-30T03:20:09.474759+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308616" } ], "notes": [ { "category": "description", "text": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "title": "Vulnerability description" }, { "category": "summary", "text": "libexpat: Integer Overflow or Wraparound", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as Moderate severity rather than Important due to its reliance on specific conditions for exploitation. The integer overflow in dtdCopy affecting nDefaultAtts is limited to 32-bit platforms, reducing the attack surface as many modern systems operate on 64-bit architectures. Additionally, while the impact can lead to denial of service and potentially arbitrary code execution, the latter requires precise manipulation of the overflow condition, which may be non-trivial for attackers to achieve reliably. The constrained platform scope and the complexity of exploitation lower the overall severity, though it still poses a risk in environments where 32-bit systems are prevalent.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45491" }, { "category": "external", "summary": "RHBZ#2308616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45491", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes", "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/888", "url": "https://github.com/libexpat/libexpat/issues/888" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/891", "url": "https://github.com/libexpat/libexpat/pull/891" } ], "release_date": "2024-08-30T03:15:03.850000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libexpat: Integer Overflow or Wraparound" }, { "cve": "CVE-2024-45492", "discovery_date": "2024-08-30T03:20:11.638476+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308617" } ], "notes": [ { "category": "description", "text": "A flaw was found in libexpat\u0027s internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "title": "Vulnerability description" }, { "category": "summary", "text": "libexpat: integer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "CVE-2024-45492 is categorized as a Moderate severity issue rather than Important due to the specific conditions required for exploitation and the limited scope of impact. While an integer overflow in the nextScaffoldPart function on 32-bit platforms can potentially lead to denial of service (DoS) or, in rare cases, arbitrary code execution, the vulnerability is platform-specific, affecting only 32-bit architectures with particular handling of UINT_MAX and SIZE_MAX. Additionally, exploiting the overflow for arbitrary code execution would require precise manipulation of memory, making it a less likely attack vector. The primary risk of DoS, without guaranteed escalation to remote code execution, further justifies the moderate severity classification.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45492" }, { "category": "external", "summary": "RHBZ#2308617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45492", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes", "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/889", "url": "https://github.com/libexpat/libexpat/issues/889" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/892", "url": "https://github.com/libexpat/libexpat/pull/892" } ], "release_date": "2024-08-30T03:15:03.930000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T13:26:32+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64", "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libexpat: integer overflow" } ] }
wid-sec-w-2024-2074
Vulnerability from csaf_certbund
Published
2024-09-08 22:00
Modified
2024-11-11 23:00
Summary
Red Hat Enterprise Linux (glib2): Schwachstelle ermöglicht Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "niedrig" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-2074 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2074.json" }, { "category": "self", "summary": "WID-SEC-2024-2074 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2074" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-09-08", "url": "https://access.redhat.com/errata/RHSA-2024:6464" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-6464 vom 2024-09-09", "url": "https://linux.oracle.com/errata/ELSA-2024-6464.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3208-1 vom 2024-09-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019418.html" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:6464 vom 2024-09-17", "url": "https://errata.build.resf.org/RLSA-2024:6464" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7213 vom 2024-09-26", "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7374 vom 2024-09-30", "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7324 vom 2024-10-02", "url": "https://access.redhat.com/errata/RHSA-2024:7324" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7744 vom 2024-10-07", "url": "https://access.redhat.com/errata/RHSA-2024:7744" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8113 vom 2024-10-15", "url": "https://access.redhat.com/errata/RHSA-2024:8113" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8317 vom 2024-10-23", "url": "https://access.redhat.com/errata/RHSA-2024:8317" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8315 vom 2024-10-23", "url": "https://access.redhat.com/errata/RHSA-2024:8315" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:9442 vom 2024-11-12", "url": "https://access.redhat.com/errata/RHSA-2024:9442" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux (glib2): Schwachstelle erm\u00f6glicht Manipulation von Dateien", "tracking": { "current_release_date": "2024-11-11T23:00:00.000+00:00", "generator": { "date": "2024-11-12T12:16:32.118+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-2074", "initial_release_date": "2024-09-08T22:00:00.000+00:00", "revision_history": [ { "date": "2024-09-08T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-09-11T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-09-16T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-09-26T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-09-29T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-03T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-07T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-14T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-23T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-11-11T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "10" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "RESF Rocky Linux", "product": { "name": "RESF Rocky Linux", "product_id": "T032255", "product_identification_helper": { "cpe": "cpe:/o:resf:rocky_linux:-" } } } ], "category": "vendor", "name": "RESF" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "8", "product": { "name": "Red Hat Enterprise Linux 8", "product_id": "T037327", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8" } } }, { "category": "product_version", "name": "9", "product": { "name": "Red Hat Enterprise Linux 9", "product_id": "T037328", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:9" } } }, { "category": "product_version_range", "name": "glib2 \u003c2.78.5", "product": { "name": "Red Hat Enterprise Linux glib2 \u003c2.78.5", "product_id": "T037329" } }, { "category": "product_version", "name": "glib2 2.78.5", "product": { "name": "Red Hat Enterprise Linux glib2 2.78.5", "product_id": "T037329-fixed", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:glib2__2.78.5" } } }, { "category": "product_version_range", "name": "glib2 \u003c2.80.1", "product": { "name": "Red Hat Enterprise Linux glib2 \u003c2.80.1", "product_id": "T037330" } }, { "category": "product_version", "name": "glib2 2.80.1", "product": { "name": "Red Hat Enterprise Linux glib2 2.80.1", "product_id": "T037330-fixed", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:glib2__2.80.1" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "Logging Subsystem 5.9.7", "product": { "name": "Red Hat OpenShift Logging Subsystem 5.9.7", "product_id": "T037939", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:logging_subsystem_5.9.7" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-34397", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler existiert in der GNOME GLib und erm\u00f6glicht das Senden von gef\u00e4lschten D-Bus-Signalen, die so aussehen, als k\u00e4men sie aus einer vertrauensw\u00fcrdigen Quelle. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren." } ], "product_status": { "known_affected": [ "T037939", "T002207", "T037327", "67646", "T037329", "T004914", "T037330", "T032255" ] }, "release_date": "2024-09-08T22:00:00.000+00:00", "title": "CVE-2024-34397" } ] }
ghsa-f632-c3rh-r2v2
Vulnerability from github
Published
2024-05-07 18:30
Modified
2024-11-15 21:30
Severity ?
Details
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
{ "affected": [], "aliases": [ "CVE-2024-34397" ], "database_specific": { "cwe_ids": [ "CWE-290" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-07T18:15:08Z", "severity": "MODERATE" }, "details": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "id": "GHSA-f632-c3rh-r2v2", "modified": "2024-11-15T21:30:45Z", "published": "2024-05-07T18:30:34Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20240531-0008" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.