diff --git a/assemblies/assembly-release-notes-fixed-security-issues.adoc b/assemblies/assembly-release-notes-fixed-security-issues.adoc index 9cbb17abb4..68e8cbb7e6 100644 --- a/assemblies/assembly-release-notes-fixed-security-issues.adoc +++ b/assemblies/assembly-release-notes-fixed-security-issues.adoc @@ -8,11 +8,12 @@ This section lists security issues fixed in {product} {product-version}. include::./modules/release-notes/snip-fixed-security-issues-in-product-1.4.1.adoc[leveloffset=+2] -// nothing yet so don't include this +// nothing yet so don't include this // include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.1.adoc[leveloffset=+2] == {product} 1.4.0 -include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2] +include::./modules/release-notes/snip-fixed-security-issues-in-product-1.4.0.adoc[leveloffset=+2] -include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2] +// nothing yet so don't include this +//include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.0.adoc[leveloffset=+2] diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.3.0.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.3.0.txt deleted file mode 100644 index 36e91d9a09..0000000000 --- a/modules/release-notes/list-fixed-security-issues-in-product-1.3.0.txt +++ /dev/null @@ -1,6 +0,0 @@ -CVE-2024-24790 -CVE-2024-24791 -CVE-2024-35255 -CVE-2024-37891 -CVE-2024-39008 -CVE-2024-39249 diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.4.0.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.4.0.txt new file mode 100644 index 0000000000..a1fee59722 --- /dev/null +++ b/modules/release-notes/list-fixed-security-issues-in-product-1.4.0.txt @@ -0,0 +1,8 @@ +CVE-2024-21536 +CVE-2024-21538 +CVE-2024-45296 +CVE-2024-45590 +CVE-2024-45815 +CVE-2024-45816 +CVE-2024-46976 +CVE-2024-47762 diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.0.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.0.txt deleted file mode 100644 index bbd5596eeb..0000000000 --- a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.0.txt +++ /dev/null @@ -1,26 +0,0 @@ -CVE-2023-52439 -CVE-2023-52884 -CVE-2024-6119 -CVE-2024-26739 -CVE-2024-26929 -CVE-2024-26930 -CVE-2024-26931 -CVE-2024-26947 -CVE-2024-26991 -CVE-2024-27022 -CVE-2024-35895 -CVE-2024-36016 -CVE-2024-36899 -CVE-2024-38562 -CVE-2024-38570 -CVE-2024-38573 -CVE-2024-38601 -CVE-2024-38615 -CVE-2024-39331 -CVE-2024-40984 -CVE-2024-41071 -CVE-2024-42225 -CVE-2024-42246 -CVE-2024-45490 -CVE-2024-45491 -CVE-2024-45492 diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.4.0.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.4.0.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc deleted file mode 100644 index 9de02ac2b4..0000000000 --- a/modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc +++ /dev/null @@ -1,19 +0,0 @@ -= {product} dependency updates -link:https://access.redhat.com/security/cve/CVE-2024-24790[CVE-2024-24790]:: -A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data. - -link:https://access.redhat.com/security/cve/CVE-2024-24791[CVE-2024-24791]:: -A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service. - -link:https://access.redhat.com/security/cve/CVE-2024-35255[CVE-2024-35255]:: -A flaw was found in the Azure identity library at github.com/Azure/azure-sdk-for-go/sdk/azidentity. This issue allows an elevation of privileges. - -link:https://access.redhat.com/security/cve/CVE-2024-37891[CVE-2024-37891]:: -A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects. - -link:https://access.redhat.com/security/cve/CVE-2024-39008[CVE-2024-39008]:: -A flaw was found in the fast-loops Node.js package. This flaw allows an attacker to alter the behavior of all objects inheriting from the affected prototype by passing arguments to the objectMergeDeep function crafted with the built-in property: __proto__. This issue can potentially lead to a denial of service, remote code execution, or Cross-site scripting. - -link:https://access.redhat.com/security/cve/CVE-2024-39249[CVE-2024-39249]:: -A flaw was found in the async Node.js package. A Regular expression Denial of Service (ReDoS) attack can potentially be triggered via the autoinject function while parsing specially crafted input. - diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.4.0.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.4.0.adoc new file mode 100644 index 0000000000..59735b49e5 --- /dev/null +++ b/modules/release-notes/snip-fixed-security-issues-in-product-1.4.0.adoc @@ -0,0 +1,25 @@ += {product} dependency updates + +link:https://access.redhat.com/security/cve/CVE-2024-21536[CVE-2024-21536]:: +A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths. + +link:https://access.redhat.com/security/cve/CVE-2024-21538[CVE-2024-21538]:: +A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string. + +link:https://access.redhat.com/security/cve/CVE-2024-45296[CVE-2024-45296]:: +A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS). + +link:https://access.redhat.com/security/cve/CVE-2024-45590[CVE-2024-45590]:: +A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled. + +link:https://access.redhat.com/security/cve/CVE-2024-45815[CVE-2024-45815]:: +A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. + +link:https://access.redhat.com/security/cve/CVE-2024-45816[CVE-2024-45816]:: +A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. + +link:https://access.redhat.com/security/cve/CVE-2024-46976[CVE-2024-46976]:: +A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. + +link:https://access.redhat.com/security/cve/CVE-2024-47762[CVE-2024-47762]:: +A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APP_CONFIG_* environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc deleted file mode 100644 index cf700007bc..0000000000 --- a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc +++ /dev/null @@ -1,92 +0,0 @@ -= RHEL 9 platform RPM updates -link:https://access.redhat.com/security/cve/CVE-2023-52439[CVE-2023-52439]:: -A flaw was found in the Linux kernel’s uio subsystem. A use-after-free memory flaw in the uio_open functionality allows a local user to crash or escalate their privileges on the system. - -link:https://access.redhat.com/security/cve/CVE-2023-52884[CVE-2023-52884]:: -In the Linux kernel, the following vulnerability has been resolved: -Input: cyapa - add missing input core locking to suspend/resume functions - -link:https://access.redhat.com/security/cve/CVE-2024-26739[CVE-2024-26739]:: -A use-after-free flaw was found in net/sched/act_mirred.c in the Linux kernel. This may result in a crash. - -link:https://access.redhat.com/security/cve/CVE-2024-26929[CVE-2024-26929]:: -In the Linux kernel, the following vulnerability has been resolved: -scsi: qla2xxx: Fix double free of fcport - -link:https://access.redhat.com/security/cve/CVE-2024-26930[CVE-2024-26930]:: -A vulnerability was found in the Linux kernel. A potential double-free in the pointer ha->vp_map exists in the Linux kernel in drivers/scsi/qla2xxx/qla_os.c. - -link:https://access.redhat.com/security/cve/CVE-2024-26931[CVE-2024-26931]:: -In the Linux kernel, the following vulnerability has been resolved: -scsi: qla2xxx: Fix command flush on cable pull - -link:https://access.redhat.com/security/cve/CVE-2024-26947[CVE-2024-26947]:: -A flaw was found in the Linux kernel’s ARM memory management functionality, where certain memory layouts cause a kernel panic. This flaw allows an attacker who can specify or alter memory layouts to cause a denial of service. - -link:https://access.redhat.com/security/cve/CVE-2024-26991[CVE-2024-26991]:: -A flaw was found in the Linux Kernel. A lpage_info overflow can occur when checking attributes. This may lead to a crash. - -link:https://access.redhat.com/security/cve/CVE-2024-27022[CVE-2024-27022]:: -In the Linux kernel, the following vulnerability has been resolved: -fork: defer linking file vma until vma is fully initialized - -link:https://access.redhat.com/security/cve/CVE-2024-35895[CVE-2024-35895]:: -In the Linux kernel, the following vulnerability has been resolved: -bpf, sockmap: Prevent lock inversion deadlock in map delete elem - -link:https://access.redhat.com/security/cve/CVE-2024-36016[CVE-2024-36016]:: -In the Linux kernel, the following vulnerability has been resolved: -tty: n_gsm: fix possible out-of-bounds in gsm0_receive() - -link:https://access.redhat.com/security/cve/CVE-2024-36899[CVE-2024-36899]:: -In the Linux kernel, the following vulnerability has been resolved: -gpiolib: cdev: Fix use after free in lineinfo_changed_notify - -link:https://access.redhat.com/security/cve/CVE-2024-38562[CVE-2024-38562]:: -In the Linux kernel, the following vulnerability has been resolved: -wifi: nl80211: Avoid address calculations via out of bounds array indexing - -link:https://access.redhat.com/security/cve/CVE-2024-38570[CVE-2024-38570]:: -In the Linux kernel, the following vulnerability has been resolved: -gfs2: Fix potential glock use-after-free on unmount - -link:https://access.redhat.com/security/cve/CVE-2024-38573[CVE-2024-38573]:: -A NULL pointer dereference flaw was found in cppc_cpufreq_get_rate() in the Linux kernel. This issue may result in a crash. - -link:https://access.redhat.com/security/cve/CVE-2024-38601[CVE-2024-38601]:: -In the Linux kernel, the following vulnerability has been resolved: -ring-buffer: Fix a race between readers and resize checks - -link:https://access.redhat.com/security/cve/CVE-2024-38615[CVE-2024-38615]:: -In the Linux kernel, the following vulnerability has been resolved: -cpufreq: exit() callback is optional - -link:https://access.redhat.com/security/cve/CVE-2024-39331[CVE-2024-39331]:: -A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. - -link:https://access.redhat.com/security/cve/CVE-2024-40984[CVE-2024-40984]:: -In the Linux kernel, the following vulnerability has been resolved: -ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." - -link:https://access.redhat.com/security/cve/CVE-2024-41071[CVE-2024-41071]:: -An out-of-bounds buffer overflow has been found in the Linux kernel’s mac80211 subsystem when scanning for SSIDs. Address calculation using out-of-bounds array indexing could result in an attacker crafting an exploit, resulting in the complete compromise of a system. - -link:https://access.redhat.com/security/cve/CVE-2024-42225[CVE-2024-42225]:: -A potential flaw was found in the Linux kernel’s MediaTek WiFi, where it was reusing uninitialized data. This flaw allows a local user to gain unauthorized access to some data potentially. - -link:https://access.redhat.com/security/cve/CVE-2024-42246[CVE-2024-42246]:: -In the Linux kernel, the following vulnerability has been resolved: -net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket - -link:https://access.redhat.com/security/cve/CVE-2024-45490[CVE-2024-45490]:: -A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function. - -link:https://access.redhat.com/security/cve/CVE-2024-45491[CVE-2024-45491]:: -An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX. - -link:https://access.redhat.com/security/cve/CVE-2024-45492[CVE-2024-45492]:: -A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX. - -link:https://access.redhat.com/security/cve/CVE-2024-6119[CVE-2024-6119]:: -A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. - diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.0.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.0.adoc new file mode 100644 index 0000000000..e4930e95c6 --- /dev/null +++ b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.0.adoc @@ -0,0 +1 @@ += RHEL 9 platform RPM updates