RHSA-2024:11109LowCVSS 8.8
Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.5
🔗 CVE IDs covered (10)
📋 Description
CVE-2024-2398 — curl: HTTP/2 push headers memory-leak CVE-2024-6119 — openssl: Possible denial of service in X.509 name checks CVE-2024-6345 — pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools CVE-2024-6923 — cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-34397 — glib2: Signal subscription vulnerabilities CVE-2024-37370 — krb5: GSS message token handling CVE-2024-37371 — krb5: GSS message token handling CVE-2024-45490 — libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45491 — libexpat: Integer Overflow or Wraparound CVE-2024-45492 — libexpat: integer overflow
🔗 References (5)
- selfhttps://access.redhat.com/errata/RHSA-2024:11109
- externalhttps://access.redhat.com/security/updates/classification/#low
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2263240
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2321987
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11109.json