Action not permitted
Modal body text goes here.
CVE-2024-2905
Vulnerability from cvelistv5
Published
2024-04-25 17:44
Modified
2024-09-16 18:54
Severity
Summary
Rpm-ostree: world-readable /etc/shadow file
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T19:10:45.667596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:28.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"name": "RHSA-2024:3823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3823"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"name": "RHBZ#2271585",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "rpm-ostree",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2024.3-3.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "rpm-ostree",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2023.3-2.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "rpm-ostree",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rpm-ostree",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2024-04-09T11:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:54:59.741Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"name": "RHSA-2024:3823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3823"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"name": "RHBZ#2271585",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-09T11:00:00+00:00",
"value": "Made public."
}
],
"title": "Rpm-ostree: world-readable /etc/shadow file",
"workarounds": [
{
"lang": "en",
"value": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files."
}
],
"x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-2905",
"datePublished": "2024-04-25T17:44:15.985Z",
"dateReserved": "2024-03-26T11:53:25.040Z",
"dateUpdated": "2024-09-16T18:54:59.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-2905\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-04-25T18:15:08.037\",\"lastModified\":\"2024-06-12T09:15:17.483\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una vulnerabilidad de seguridad en rpm-ostree, relacionada con el archivo /etc/shadow en compilaciones predeterminadas que tienen habilitado el bit de lectura mundial. Este problema surge porque los permisos predeterminados se establecen en un nivel superior al recomendado, lo que potencialmente expone los datos de autenticaci\u00f3n confidenciales a un acceso no autorizado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3401\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3823\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-2905\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2271585\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
rhsa-2024_3401
Vulnerability from csaf_redhat
Published
2024-05-28 14:37
Modified
2024-09-16 18:55
Summary
Red Hat Security Advisory: rpm-ostree security update
Notes
Topic
An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and rollbacks.
Security Fix(es):
* rpm-ostree: world-readable /etc/shadow file (CVE-2024-2905)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and rollbacks.\n\nSecurity Fix(es):\n\n* rpm-ostree: world-readable /etc/shadow file (CVE-2024-2905)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3401",
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2271585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3401.json"
}
],
"title": "Red Hat Security Advisory: rpm-ostree security update",
"tracking": {
"current_release_date": "2024-09-16T18:55:01+00:00",
"generator": {
"date": "2024-09-16T18:55:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:3401",
"initial_release_date": "2024-05-28T14:37:48+00:00",
"revision_history": [
{
"date": "2024-05-28T14:37:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-28T14:37:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T18:55:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.src",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.src",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2905",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2024-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271585"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rpm-ostree: world-readable /etc/shadow file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability lets local, unconfined applications read the hashed password for all users of the system from those files. To gain further access to the system, those hashed passwords need to be brute-forced to discover the real passwords that may be used to authenticate as a more privileged user on the system, for example over SSH.\n\nOn systems with SELinux enabled and in enforcing mode, access to those files is limited to unconfined (usually interactive) users, unconfined systemd services and privileged containers. Confined daemons, users and containers are not able to access them.\n\n\nOnly OpenShift clusters installed on OCP version 4.14 and later are affected.\nOpenShift Clusters installed on previous OCP releases or updated to 4.14 and later are not affected, because /etc/shadow is usually \u201clocally modified\u201d and the local version remains.\nClusters with no passwords set for any users (i.e. only SSH keys were used; the OpenShift default) are not impacted by this vulnerability even though it is present on the node.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"category": "external",
"summary": "RHBZ#2271585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2905"
},
{
"category": "external",
"summary": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6",
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
],
"release_date": "2024-04-09T11:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"category": "workaround",
"details": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rpm-ostree: world-readable /etc/shadow file"
}
]
}
rhsa-2024_3823
Vulnerability from csaf_redhat
Published
2024-06-11 19:50
Modified
2024-09-16 18:55
Summary
Red Hat Security Advisory: rpm-ostree security update
Notes
Topic
An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.4
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and rollbacks.
Security Fix(es):
* rpm-ostree: world-readable /etc/shadow file [9.4.z] (JIRA:RHEL-31852)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.4\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and rollbacks.\n\nSecurity Fix(es):\n\n* rpm-ostree: world-readable /etc/shadow file [9.4.z] (JIRA:RHEL-31852)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3823",
"url": "https://access.redhat.com/errata/RHSA-2024:3823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2271585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3823.json"
}
],
"title": "Red Hat Security Advisory: rpm-ostree security update",
"tracking": {
"current_release_date": "2024-09-16T18:55:11+00:00",
"generator": {
"date": "2024-09-16T18:55:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:3823",
"initial_release_date": "2024-06-11T19:50:32+00:00",
"revision_history": [
{
"date": "2024-06-11T19:50:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-11T19:50:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T18:55:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2024.3-3.el9_4.src",
"product": {
"name": "rpm-ostree-0:2024.3-3.el9_4.src",
"product_id": "rpm-ostree-0:2024.3-3.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2024.3-3.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2024.3-3.el9_4.aarch64",
"product": {
"name": "rpm-ostree-0:2024.3-3.el9_4.aarch64",
"product_id": "rpm-ostree-0:2024.3-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2024.3-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"product": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"product_id": "rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2024.3-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"product": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"product_id": "rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2024.3-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"product": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"product_id": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2024.3-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"product_id": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2024.3-3.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"product": {
"name": "rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"product_id": "rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2024.3-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"product": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"product_id": "rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2024.3-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"product": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"product_id": "rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2024.3-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"product": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"product_id": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2024.3-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"product_id": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2024.3-3.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2024.3-3.el9_4.x86_64",
"product": {
"name": "rpm-ostree-0:2024.3-3.el9_4.x86_64",
"product_id": "rpm-ostree-0:2024.3-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2024.3-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"product": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"product_id": "rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2024.3-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"product": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"product_id": "rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2024.3-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"product": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"product_id": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2024.3-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64",
"product_id": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2024.3-3.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"product": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"product_id": "rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2024.3-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"product": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"product_id": "rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2024.3-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"product": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"product_id": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2024.3-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"product_id": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2024.3-3.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2024.3-3.el9_4.s390x",
"product": {
"name": "rpm-ostree-0:2024.3-3.el9_4.s390x",
"product_id": "rpm-ostree-0:2024.3-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2024.3-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"product": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"product_id": "rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2024.3-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"product": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"product_id": "rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2024.3-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"product": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"product_id": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2024.3-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"product_id": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2024.3-3.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2024.3-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.aarch64"
},
"product_reference": "rpm-ostree-0:2024.3-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2024.3-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.ppc64le"
},
"product_reference": "rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2024.3-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.s390x"
},
"product_reference": "rpm-ostree-0:2024.3-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2024.3-3.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.src"
},
"product_reference": "rpm-ostree-0:2024.3-3.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2024.3-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.x86_64"
},
"product_reference": "rpm-ostree-0:2024.3-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64"
},
"product_reference": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686"
},
"product_reference": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le"
},
"product_reference": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x"
},
"product_reference": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64"
},
"product_reference": "rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64"
},
"product_reference": "rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.i686"
},
"product_reference": "rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le"
},
"product_reference": "rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x"
},
"product_reference": "rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64"
},
"product_reference": "rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.aarch64"
},
"product_reference": "rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.i686"
},
"product_reference": "rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le"
},
"product_reference": "rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.s390x"
},
"product_reference": "rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2024.3-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.x86_64"
},
"product_reference": "rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2905",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2024-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271585"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rpm-ostree: world-readable /etc/shadow file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability lets local, unconfined applications read the hashed password for all users of the system from those files. To gain further access to the system, those hashed passwords need to be brute-forced to discover the real passwords that may be used to authenticate as a more privileged user on the system, for example over SSH.\n\nOn systems with SELinux enabled and in enforcing mode, access to those files is limited to unconfined (usually interactive) users, unconfined systemd services and privileged containers. Confined daemons, users and containers are not able to access them.\n\n\nOnly OpenShift clusters installed on OCP version 4.14 and later are affected.\nOpenShift Clusters installed on previous OCP releases or updated to 4.14 and later are not affected, because /etc/shadow is usually \u201clocally modified\u201d and the local version remains.\nClusters with no passwords set for any users (i.e. only SSH keys were used; the OpenShift default) are not impacted by this vulnerability even though it is present on the node.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"category": "external",
"summary": "RHBZ#2271585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2905"
},
{
"category": "external",
"summary": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6",
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
],
"release_date": "2024-04-09T11:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3823"
},
{
"category": "workaround",
"details": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debuginfo-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-debugsource-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-0:2024.3-3.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:rpm-ostree-libs-debuginfo-0:2024.3-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rpm-ostree: world-readable /etc/shadow file"
}
]
}
wid-sec-w-2024-1242
Vulnerability from csaf_certbund
Published
2024-05-28 22:00
Modified
2024-06-13 22:00
Summary
Red Hat Enterprise Linux (rpm-ostree): Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1242 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1242.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1242 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1242"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3401 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3823 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3823"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3823 vom 2024-06-13",
"url": "http://linux.oracle.com/errata/ELSA-2024-3823.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (rpm-ostree): Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2024-06-13T22:00:00.000+00:00",
"generator": {
"date": "2024-06-14T08:08:20.830+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-1242",
"initial_release_date": "2024-05-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2",
"product": {
"name": "Red Hat Enterprise Linux \u003c9.2",
"product_id": "T035086",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.2"
}
}
},
{
"category": "product_version_range",
"name": "rpm-ostree \u003c2024.4",
"product": {
"name": "Red Hat Enterprise Linux rpm-ostree \u003c2024.4",
"product_id": "T035087",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rpm-ostree__2024.4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2905",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler besteht in der Komponente rpm-ostree, wenn die Standardberechtigungen auf eine h\u00f6here Stufe als empfohlen gesetzt werden, wodurch die Datei /etc/shadow lesbar wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"67646",
"T004914"
]
},
"release_date": "2024-05-28T22:00:00Z",
"title": "CVE-2024-2905"
}
]
}
gsd-2024-2905
Vulnerability from gsd
Modified
2024-04-03 05:02
Details
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-2905"
],
"details": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.",
"id": "GSD-2024-2905",
"modified": "2024-04-03T05:02:26.143005Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2024-2905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-732",
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/CVE-2024-2905",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"name": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6",
"refsource": "MISC",
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
]
},
"work_around": [
{
"lang": "en",
"value": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files."
}
]
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de seguridad en rpm-ostree, relacionada con el archivo /etc/shadow en compilaciones predeterminadas que tienen habilitado el bit de lectura mundial. Este problema surge porque los permisos predeterminados se establecen en un nivel superior al recomendado, lo que potencialmente expone los datos de autenticaci\u00f3n confidenciales a un acceso no autorizado."
}
],
"id": "CVE-2024-2905",
"lastModified": "2024-04-26T12:58:17.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2024-04-25T18:15:08.037",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
}
}
}
Loading...