SB2024042982 - Red Hat Enterprise Linux 8.8 Extended Update Support update for the container-tools:rhel8 module

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024042982

SB2024042982 - Red Hat Enterprise Linux 8.8 Extended Update Support update for the container-tools:rhel8 module

Published: April 29, 2024

Security Bulletin ID SB2024042982
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2022-32149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.


2) UNIX symbolic link following (CVE-ID: CVE-2022-4122)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a symlink following issue while reading .containerignore and .dockerignore. A remote attacker can gain access to sensitive information.


3) Improper Privilege Management (CVE-ID: CVE-2024-1753)

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to the affected application allows containers to mount arbitrary locations on the host filesystem into build containers. A remote attacker can escalate privileges.


Remediation

Install update from vendor's website.

References