rhsa-2024_3401
Vulnerability from csaf_redhat
Published
2024-05-28 14:37
Modified
2024-09-16 18:55
Summary
Red Hat Security Advisory: rpm-ostree security update
Notes
Topic
An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and rollbacks.
Security Fix(es):
* rpm-ostree: world-readable /etc/shadow file (CVE-2024-2905)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and rollbacks.\n\nSecurity Fix(es):\n\n* rpm-ostree: world-readable /etc/shadow file (CVE-2024-2905)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3401",
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2271585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3401.json"
}
],
"title": "Red Hat Security Advisory: rpm-ostree security update",
"tracking": {
"current_release_date": "2024-09-16T18:55:01+00:00",
"generator": {
"date": "2024-09-16T18:55:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:3401",
"initial_release_date": "2024-05-28T14:37:48+00:00",
"revision_history": [
{
"date": "2024-05-28T14:37:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-28T14:37:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T18:55:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.src",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.src",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debugsource@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-debuginfo@2023.3-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"product": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"product_id": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rpm-ostree-libs-debuginfo@2023.3-2.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
},
"product_reference": "rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2905",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2024-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271585"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rpm-ostree: world-readable /etc/shadow file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability lets local, unconfined applications read the hashed password for all users of the system from those files. To gain further access to the system, those hashed passwords need to be brute-forced to discover the real passwords that may be used to authenticate as a more privileged user on the system, for example over SSH.\n\nOn systems with SELinux enabled and in enforcing mode, access to those files is limited to unconfined (usually interactive) users, unconfined systemd services and privileged containers. Confined daemons, users and containers are not able to access them.\n\n\nOnly OpenShift clusters installed on OCP version 4.14 and later are affected.\nOpenShift Clusters installed on previous OCP releases or updated to 4.14 and later are not affected, because /etc/shadow is usually \u201clocally modified\u201d and the local version remains.\nClusters with no passwords set for any users (i.e. only SSH keys were used; the OpenShift default) are not impacted by this vulnerability even though it is present on the node.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2905"
},
{
"category": "external",
"summary": "RHBZ#2271585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2905"
},
{
"category": "external",
"summary": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6",
"url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6"
}
],
"release_date": "2024-04-09T11:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3401"
},
{
"category": "workaround",
"details": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.src",
"AppStream-9.2.0.Z.EUS:rpm-ostree-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debuginfo-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-debugsource-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-0:2023.3-2.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.i686",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:rpm-ostree-libs-debuginfo-0:2023.3-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rpm-ostree: world-readable /etc/shadow file"
}
]
}
Loading...