- 発行日:
- 2024-04-18
- 更新日:
- 2024-04-18
RHSA-2024:1874 - Security Advisory
概要
Moderate: rhc-worker-script security and enhancement update
タイプ/重大度
Security Advisory: Moderate
Red Hat Insights パッチ分析
このアドバイザリーの影響を受けるシステムを特定し、修正します。
トピック
An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.
Security Fix(es):
- golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhc-worker-script] (CVE-2024-24786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Enhancement(s):
- Allow users to specify environment variables through the rhc-worker-script configuration file to be passed down to the scripts being executed (HMS-3843)
解決策
For details on how to apply this update, which includes the changes described in this advisory, refer to:
影響を受ける製品
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
修正
- BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
- HMS-3843 - Allow users to specify environment variables through the rhc-worker-script configuration file to be passed down to the scripts being executed
CVE
Red Hat Enterprise Linux Server 7
SRPM | |
---|---|
rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
x86_64 | |
rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
SRPM | |
---|---|
rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
x86_64 | |
rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux Workstation 7
SRPM | |
---|---|
rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
x86_64 | |
rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux Desktop 7
SRPM | |
---|---|
rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
x86_64 | |
rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat Enterprise Linux for Scientific Computing 7
SRPM | |
---|---|
rhc-worker-script-0.7-1.el7_9.src.rpm | SHA-256: cab76b92a4c68710fe2ec4c865c70d33afc0af9845337796dbecd4e9d6350139 |
x86_64 | |
rhc-worker-script-0.7-1.el7_9.x86_64.rpm | SHA-256: ca2959c08343680f4d3d66e036fb5b377fbbfa4b240f63c425188e0aef89db15 |
Red Hat のセキュリティーに関する連絡先は secalert@redhat.com です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。