Lucene search

K
redhatRedHatRHSA-2024:1874
HistoryApr 18, 2024 - 12:58 a.m.

(RHSA-2024:1874) Moderate: rhc-worker-script security and enhancement update

2024-04-1800:58:18
access.redhat.com
26
rhsa-2024-1874
moderate
rhc-worker-script
security update
enhancement
golang-protobuf
infinite loop
cve-2024-24786
environment variables
configuration file
hms-3843
unix

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

15.5%

The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.

Security Fix(es):

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhc-worker-script] (CVE-2024-24786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Enhancement(s):

  • Allow users to specify environment variables through the rhc-worker-script configuration file to be passed down to the scripts being executed (HMS-3843)
OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rhc-worker-script< 0.7-1.el7_9rhc-worker-script-0.7-1.el7_9.x86_64.rpm

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

15.5%