Merge branch 'main' into RHIDP-4345

Author: Gerry-Forde

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -5,7 +5,5 @@
 This section lists security issues fixed in {product} {product-version}.
 
 
-include::modules/release-notes/snip-cve---common-vulnerabilities-and-exposures-rhidp-3403.adoc[leveloffset=+1]
-
-
+include::modules/release-notes/snip-common-vulnerabilities-and-exposures.adoc[leveloffset=+1]
 

build/scripts/single-source-security-fixes.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Copyright (c) 2024 Red Hat, Inc.
+# This program, and the accompanying materials are made
+# available under the terms of the Apache Public License 2.0,
+# available at http://www.apache.org/licenses/
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Fail and stop on first error
+set -e
+destination=modules/release-notes/snip-common-vulnerabilities-and-exposures.adoc
+# Cleanup the destination files
+rm "$destination"
+# Send output to the destination file
+exec &>> "$destination"
+for cve in $(cat cve-list.txt)
+do
+  # Start the list.
+  echo "link:https://access.redhat.com/security/cve/$cve[$cve]::"
+  # Call the API to return a list of details.
+  # Red Hat is last if there is one.
+  # Red Hat details is single line.
+  # MITRE details are multiline.
+  # We keep Red Hat details if present.
+  # We keep only the first two lines on MITRE details.
+  curl -s "https://access.redhat.com/hydra/rest/securitydata/cve/$cve.json" | jq -r '.details[-1]' | head -n 2
+  # Add a separation
+  echo ""
+done

cve-list.txt

@@ -0,0 +1,26 @@
+CVE-2023-52439
+CVE-2023-52884
+CVE-2024-6119
+CVE-2024-26739
+CVE-2024-26929
+CVE-2024-26930
+CVE-2024-26931
+CVE-2024-26947
+CVE-2024-26991
+CVE-2024-27022
+CVE-2024-35895
+CVE-2024-36016
+CVE-2024-36899
+CVE-2024-38562
+CVE-2024-38570
+CVE-2024-38573
+CVE-2024-38601
+CVE-2024-38615
+CVE-2024-39331
+CVE-2024-40984
+CVE-2024-41071
+CVE-2024-42225
+CVE-2024-42246
+CVE-2024-45490
+CVE-2024-45491
+CVE-2024-45492

jira2asciidoc.yml

@@ -66,19 +66,6 @@ sections:
       AND (fixVersion ~ "{version_minor_glob}" OR fixVersion = "{version_patch}")
       ORDER BY key
     template: with-jira-link
-  - id: fixed-security-issues
-    title: Fixed security issues
-    description: |
-      This section lists security issues fixed in {product} {product-version}.
-    query: >
-      project = "Red Hat Internal Developer Platform"
-      AND "Release Note Status" = "Done"
-      AND level is EMPTY
-      AND status in (Closed, "Release Pending")
-      AND "Release Note Type" in ("CVE - Common Vulnerabilities and Exposures")
-      AND (fixVersion ~ "{version_minor_glob}" OR fixVersion = "{version_patch}")
-      ORDER BY key
-    template: security
   - id: fixed-issues
     title: Fixed issues
     description: |

modules/admin/proc-rbac-config-conditional-policy-file.adoc

@@ -7,7 +7,7 @@ You can configure and manage conditional policies that are defined in an externa
 * You are logged in to your {ocp-short} account using the {ocp-short} web console.
 * You have defined roles and associated policies in a CSV file that serves as a basis for creating roles and permissions. Ensure that you mount the CSV file to {product-short}.
 +
-For more information, see xref:ref-rbac-conditional-policy-definition_title-authorization[] and xref:con-rbac-config-permission-policies-external-file_title-authorization[].
+For more information, see xref:ref-rbac-conditional-policy-definition_title-authorization[Conditional policies definition] and xref:con-rbac-config-permission-policies-external-file_title-authorization[Configuration of permission policies defined in an external file].
 
 .Procedure
 

modules/admin/ref-rbac-rest-api-endpoints.adoc

@@ -31,7 +31,7 @@ Returns all roles in {product-short}.
 ----
 --
 
-[GET] /api/permission/roles/{kind}/{namespace}/{name}::
+[GET] /api/permission/roles/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Returns information for a single role in {product-short}.
@@ -51,7 +51,7 @@ Returns information for a single role in {product-short}.
 ----
 --
 
-[POST] /api/permission/roles/{kind}/{namespace}/{name}::
+[POST] /api/permission/roles/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Creates a role in {product-short}.
@@ -86,7 +86,7 @@ Creates a role in {product-short}.
 ----
 --
 
-[PUT] /api/permission/roles/{kind}/{namespace}/{name}::
+[PUT] /api/permission/roles/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Updates `memberReferences`, `kind`, `namespace`, or `name` for a role in {product-short}.
@@ -128,7 +128,7 @@ The request body contains the `oldRole` and `newRole` objects:
 ----
 --
 
-[DELETE] /api/permission/roles/{kind}/{namespace}/{name}?memberReferences=<VALUE>::
+[DELETE] /api/permission/roles/__<kind>__/__<namespace>__/__<name>__?memberReferences=<VALUE>::
 +
 --
 Deletes the specified user or group from a role in {product-short}.
@@ -169,7 +169,7 @@ Deletes the specified user or group from a role in {product-short}.
 ----
 --
 
-[DELETE] /api/permission/roles/{kind}/{namespace}/{name}::
+[DELETE] /api/permission/roles/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Deletes a specified role from {product-short}.
@@ -207,7 +207,7 @@ Deletes a specified role from {product-short}.
 
 == Permission policies
 
-The RBAC REST API supports the following endpoints for managing permission policies in the {product}. 
+The RBAC REST API supports the following endpoints for managing permission policies in the {product}.
 
 [GET] /api/permission/policies::
 +
@@ -240,7 +240,7 @@ Returns permission policies list for all users.
 ----
 --
 
-[GET] /api/permission/policies/{kind}/{namespace}/{name}::
+[GET] /api/permission/policies/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Returns permission policies related to the specified entity reference.
@@ -349,7 +349,7 @@ Creates a permission policy for a specified entity.
 ----
 --
 
-[PUT] /api/permission/policies/{kind}/{namespace}/{name}::
+[PUT] /api/permission/policies/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Updates a permission policy for a specified entity.
@@ -417,7 +417,7 @@ The request body contains the `oldPolicy` and `newPolicy` objects:
 ----
 --
 
-[DELETE] /api/permission/policies/{kind}/{namespace}/{name}?permission={value1}&policy={value2}&effect={value3}::
+[DELETE] /api/permission/policies/__<kind>__/__<namespace>__/__<name>__?permission={value1}&policy={value2}&effect={value3}::
 +
 --
 Deletes a permission policy added to the specified entity.
@@ -468,7 +468,7 @@ Deletes a permission policy added to the specified entity.
 ----
 --
 
-[DELETE] /api/permission/policies/{kind}/{namespace}/{name}::
+[DELETE] /api/permission/policies/__<kind>__/__<namespace>__/__<name>__::
 +
 --
 Deletes all permission policies added to the specified entity.

modules/dynamic-plugins/proc-using-topology-plugin.adoc

@@ -18,7 +18,7 @@ p, role:default/topology-viewer, topology.view.read, read, allow grants the user
 
 .Procedure
 
-. Open your {product-very-hort} application and select a component from the *Catalog* page.
+. Open your {product-very-short} application and select a component from the *Catalog* page.
 . Go to the *TOPOLOGY* tab and you can view the workloads such as deployments or pods as nodes.
 +
 image::rhdh-plugins-reference/topology-tab-user1.png[topology-user-1]

modules/getting-started/proc-customize-rhdh-homepage.adoc

@@ -6,7 +6,7 @@ To access the Home page in {product}, the base URL must include the `/developer-
 * JSON files hosted on GitHub or GitLab.
 * A dedicated service that provides the Home page data in JSON format using an API.
 
-== Using hosted JSON files to provide data to the Learning Paths
+== Using hosted JSON files to provide data to the Home page
 
 .Prerequisites
 
@@ -38,7 +38,7 @@ proxy:
 	<HEADER_KEY>: <HEADER_VALUE> # optional and can be passed as needed i.e Authorization can be passed for private GitHub repo and PRIVATE-TOKEN can be passed for private GitLab repo
 ----
 
-== Using a dedicated service to provide data to the Learning Paths
+== Using a dedicated service to provide data to the Home page
 
 When using a dedicated service, you can do the following:
 

modules/release-notes/snip-common-vulnerabilities-and-exposures.adoc

@@ -0,0 +1,91 @@
+link:https://access.redhat.com/security/cve/CVE-2023-52439[CVE-2023-52439]::
+A flaw was found in the Linux kernel’s uio subsystem. A use-after-free memory flaw in the uio_open functionality allows a local user to crash or escalate their privileges on the system.
+
+link:https://access.redhat.com/security/cve/CVE-2023-52884[CVE-2023-52884]::
+In the Linux kernel, the following vulnerability has been resolved:
+Input: cyapa - add missing input core locking to suspend/resume functions
+
+link:https://access.redhat.com/security/cve/CVE-2024-6119[CVE-2024-6119]::
+A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.
+
+link:https://access.redhat.com/security/cve/CVE-2024-26739[CVE-2024-26739]::
+A use-after-free flaw was found in net/sched/act_mirred.c in the Linux kernel. This may result in a crash.
+
+link:https://access.redhat.com/security/cve/CVE-2024-26929[CVE-2024-26929]::
+In the Linux kernel, the following vulnerability has been resolved:
+scsi: qla2xxx: Fix double free of fcport
+
+link:https://access.redhat.com/security/cve/CVE-2024-26930[CVE-2024-26930]::
+A vulnerability was found in the Linux kernel. A potential double-free in the pointer ha->vp_map exists in the Linux kernel in drivers/scsi/qla2xxx/qla_os.c.
+
+link:https://access.redhat.com/security/cve/CVE-2024-26931[CVE-2024-26931]::
+In the Linux kernel, the following vulnerability has been resolved:
+scsi: qla2xxx: Fix command flush on cable pull
+
+link:https://access.redhat.com/security/cve/CVE-2024-26947[CVE-2024-26947]::
+A flaw was found in the Linux kernel’s ARM memory management functionality, where certain memory layouts cause a kernel panic. This flaw allows an attacker who can specify or alter memory layouts to cause a denial of service.
+
+link:https://access.redhat.com/security/cve/CVE-2024-26991[CVE-2024-26991]::
+A flaw was found in the Linux Kernel. A lpage_info overflow can occur when checking attributes. This may lead to a crash.
+
+link:https://access.redhat.com/security/cve/CVE-2024-27022[CVE-2024-27022]::
+In the Linux kernel, the following vulnerability has been resolved:
+fork: defer linking file vma until vma is fully initialized
+
+link:https://access.redhat.com/security/cve/CVE-2024-35895[CVE-2024-35895]::
+In the Linux kernel, the following vulnerability has been resolved:
+bpf, sockmap: Prevent lock inversion deadlock in map delete elem
+
+link:https://access.redhat.com/security/cve/CVE-2024-36016[CVE-2024-36016]::
+In the Linux kernel, the following vulnerability has been resolved:
+tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
+
+link:https://access.redhat.com/security/cve/CVE-2024-36899[CVE-2024-36899]::
+In the Linux kernel, the following vulnerability has been resolved:
+gpiolib: cdev: Fix use after free in lineinfo_changed_notify
+
+link:https://access.redhat.com/security/cve/CVE-2024-38562[CVE-2024-38562]::
+In the Linux kernel, the following vulnerability has been resolved:
+wifi: nl80211: Avoid address calculations via out of bounds array indexing
+
+link:https://access.redhat.com/security/cve/CVE-2024-38570[CVE-2024-38570]::
+In the Linux kernel, the following vulnerability has been resolved:
+gfs2: Fix potential glock use-after-free on unmount
+
+link:https://access.redhat.com/security/cve/CVE-2024-38573[CVE-2024-38573]::
+A NULL pointer dereference flaw was found in cppc_cpufreq_get_rate() in the Linux kernel. This issue may result in a crash.
+
+link:https://access.redhat.com/security/cve/CVE-2024-38601[CVE-2024-38601]::
+In the Linux kernel, the following vulnerability has been resolved:
+ring-buffer: Fix a race between readers and resize checks
+
+link:https://access.redhat.com/security/cve/CVE-2024-38615[CVE-2024-38615]::
+In the Linux kernel, the following vulnerability has been resolved:
+cpufreq: exit() callback is optional
+
+link:https://access.redhat.com/security/cve/CVE-2024-39331[CVE-2024-39331]::
+A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.
+
+link:https://access.redhat.com/security/cve/CVE-2024-40984[CVE-2024-40984]::
+In the Linux kernel, the following vulnerability has been resolved:
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+link:https://access.redhat.com/security/cve/CVE-2024-41071[CVE-2024-41071]::
+An out-of-bounds buffer overflow has been found in the Linux kernel’s mac80211 subsystem when scanning for SSIDs. Address calculation using out-of-bounds array indexing could result in an attacker crafting an exploit, resulting in the complete compromise of a system.
+
+link:https://access.redhat.com/security/cve/CVE-2024-42225[CVE-2024-42225]::
+A potential flaw was found in the Linux kernel’s MediaTek WiFi, where it was reusing uninitialized data. This flaw allows a local user to gain unauthorized access to some data potentially.
+
+link:https://access.redhat.com/security/cve/CVE-2024-42246[CVE-2024-42246]::
+In the Linux kernel, the following vulnerability has been resolved:
+net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
+
+link:https://access.redhat.com/security/cve/CVE-2024-45490[CVE-2024-45490]::
+A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.
+
+link:https://access.redhat.com/security/cve/CVE-2024-45491[CVE-2024-45491]::
+An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.
+
+link:https://access.redhat.com/security/cve/CVE-2024-45492[CVE-2024-45492]::
+A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.
+

modules/release-notes/snip-cve---common-vulnerabilities-and-exposures-rhidp-3403.adoc

@@ -1,46 +0,0 @@
- link:https://access.redhat.com/security/cve/CVE-2024-37891[CVE-2024-37891]::
-A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.
-	
-
-link:https://access.redhat.com/security/cve/CVE-2024-35255[CVE-2024-35255]::
-A flaw was found in the Azure identity library at github.com/Azure/azure-sdk-for-go/sdk/azidentity. This issue allows an elevation of privileges.
-	
-
-link:https://access.redhat.com/security/cve/CVE-2024-24790[CVE-2024-24790]::
-A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-39008[CVE-2024-39008]::
-A flaw was found in the fast-loops Node.js package. This flaw allows an attacker to alter the behavior of all objects inheriting from the affected prototype by passing arguments to the objectMergeDeep function crafted with the built-in property: proto. This issue can potentially lead to a denial of service, remote code execution, or Cross-site scripting.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-39249[CVE-2024-39249]::
-A flaw was found in the async Node.js package. A Regular expression Denial of Service (ReDoS) attack can potentially be triggered via the autoinject function while parsing specially crafted input.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-24791[CVE-2024-24791]::
-A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-37891[CVE-2024-37891]::
-A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-41818[CVE-2024-41818]::
-A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-39338[CVE-2024-39338]::
-A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-43788[CVE-2024-43788]::
-A DOM Clobbering vulnerability was found in Webpack via AutoPublicPathRuntimeModule. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-45590[CVE-2024-45590]::
-A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
-	
-	
-link:https://access.redhat.com/security/cve/CVE-2024-21529[CVE-2024-21529]::
-A flaw was found in the dset package. Affected versions of this package are vulnerable to Prototype Pollution via the dset function due to improper user input sanitization. This vulnerability allows the attacker to inject a malicious object property using the built-in Object property proto, which is recursively assigned to all the objects in the program.