Update CVE content for release-1.3 (#909)

Signed-off-by: Fabrice Flore-Thébault <ffloreth@redhat.com>

modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc

@@ -1,14 +1,14 @@
 = {product} dependency updates
 
+link:https://access.redhat.com/security/cve/CVE-2024-21529[CVE-2024-21529]::
+A flaw was found in the dset package. Affected versions of this package are vulnerable to Prototype Pollution via the dset function due to improper user input sanitization. This vulnerability allows the attacker to inject a malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
+
 link:https://access.redhat.com/security/cve/CVE-2024-24790[CVE-2024-24790]::
 A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
 
 link:https://access.redhat.com/security/cve/CVE-2024-24791[CVE-2024-24791]::
 A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.
 
-link:https://access.redhat.com/security/cve/CVE-2024-35255[CVE-2024-35255]::
-A flaw was found in the Azure identity library at github.com/Azure/azure-sdk-for-go/sdk/azidentity. This issue allows an elevation of privileges.
-
 link:https://access.redhat.com/security/cve/CVE-2024-37891[CVE-2024-37891]::
 A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.
 
@@ -17,3 +17,15 @@ A flaw was found in the fast-loops Node.js package. This flaw allows an attacker
 
 link:https://access.redhat.com/security/cve/CVE-2024-39249[CVE-2024-39249]::
 A flaw was found in the async Node.js package. A Regular expression Denial of Service (ReDoS) attack can potentially be triggered via the autoinject function while parsing specially crafted input.
+
+link:https://access.redhat.com/security/cve/CVE-2024-41818[CVE-2024-41818]::
+A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.
+
+link:https://access.redhat.com/security/cve/CVE-2024-43788[CVE-2024-43788]::
+A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.
+
+link:https://access.redhat.com/security/cve/CVE-2024-43799[CVE-2024-43799]::
+A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
+
+link:https://access.redhat.com/security/cve/CVE-2024-43800[CVE-2024-43800]::
+A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().

modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc

@@ -14,15 +14,13 @@ link:https://access.redhat.com/security/cve/CVE-2024-26739[CVE-2024-26739]::
 A use-after-free flaw was found in net/sched/act_mirred.c in the Linux kernel. This may result in a crash.
 
 link:https://access.redhat.com/security/cve/CVE-2024-26929[CVE-2024-26929]::
-In the Linux kernel, the following vulnerability has been resolved:
-scsi: qla2xxx: Fix double free of fcport
+A flaw was found in the qla2xxx module in the Linux kernel. Under some conditions, the fcport can be freed twice due to a missing check of whether fcport is allocated, causing a double free and a system crash, resulting in a denial of service.
 
 link:https://access.redhat.com/security/cve/CVE-2024-26930[CVE-2024-26930]::
 A vulnerability was found in the Linux kernel. A potential double-free in the pointer ha->vp_map exists in the Linux kernel in drivers/scsi/qla2xxx/qla_os.c.
 
 link:https://access.redhat.com/security/cve/CVE-2024-26931[CVE-2024-26931]::
-In the Linux kernel, the following vulnerability has been resolved:
-scsi: qla2xxx: Fix command flush on cable pull
+A flaw was found in the qla2xxx module in the Linux kernel. A NULL pointer dereference can be triggered when the system is under memory stress and the driver cannot allocate memory to handle the error recovery of cable pull, causing a system crash and a denial of service.
 
 link:https://access.redhat.com/security/cve/CVE-2024-26947[CVE-2024-26947]::
 A flaw was found in the Linux kernel’s ARM memory management functionality, where certain memory layouts cause a kernel panic. This flaw allows an attacker who can specify or alter memory layouts to cause a denial of service.
@@ -31,16 +29,14 @@ link:https://access.redhat.com/security/cve/CVE-2024-26991[CVE-2024-26991]::
 A flaw was found in the Linux Kernel. A lpage_info overflow can occur when checking attributes. This may lead to a crash.
 
 link:https://access.redhat.com/security/cve/CVE-2024-27022[CVE-2024-27022]::
-In the Linux kernel, the following vulnerability has been resolved:
-fork: defer linking file vma until vma is fully initialized
+A flaw was found in the Linux kernel. A race condition can occur when the fork system call is called due to improper locking, triggering a warning, impacting system stability, and resulting in a denial of service.
 
 link:https://access.redhat.com/security/cve/CVE-2024-35895[CVE-2024-35895]::
-In the Linux kernel, the following vulnerability has been resolved:
-bpf, sockmap: Prevent lock inversion deadlock in map delete elem
+CVE-2024-35895 addresses a vulnerability in the Linux kernel's Berkeley Packet Filter (BPF) subsystem, specifically within the sockmap feature. The issue arises when BPF tracing programs, which can execute in various interrupt contexts, attempt to delete elements from sockmap or sockhash maps. This operation involves acquiring locks that are not safe for use in hard interrupt contexts, leading to potential deadlocks due to lock inversion.
+BPF tracing programs may delete elements from sockmap/sockhash maps while running in interrupt contexts where the required locks are not hardirq-safe, causing possible deadlocks.
 
 link:https://access.redhat.com/security/cve/CVE-2024-36016[CVE-2024-36016]::
-In the Linux kernel, the following vulnerability has been resolved:
-tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
+A vulnerability was found in the Linux kernel's `n_gsm` driver, affecting the `tty` subsystem. It occurs when switching between basic and advanced option modes in GSM multiplexing, leading to potential out-of-bounds memory writes. This happens because certain state variables, like `gsm->len` and `gsm->state`, are not properly reset during mode changes. The issue could result in memory corruption.
 
 link:https://access.redhat.com/security/cve/CVE-2024-36899[CVE-2024-36899]::
 In the Linux kernel, the following vulnerability has been resolved:

modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.1.adoc

@@ -8,8 +8,7 @@ link:https://access.redhat.com/security/cve/CVE-2023-28746[CVE-2023-28746]::
 A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system.
 
 link:https://access.redhat.com/security/cve/CVE-2023-52658[CVE-2023-52658]::
-In the Linux kernel, the following vulnerability has been resolved:
-Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
+CVE-2023-52658 is a vulnerability in the Linux kernel's Mellanox MLX5 driver, specifically related to the switchdev mode. A previous commit intended to block entering switchdev mode due to namespace inconsistencies inadvertently caused system crashes. To address this, the problematic commit was reverted, restoring stability. Users should update their Linux kernel to a version that includes this reversion to ensure reliable operation.
 
 link:https://access.redhat.com/security/cve/CVE-2024-6232[CVE-2024-6232]::
 A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.
@@ -25,16 +24,14 @@ link:https://access.redhat.com/security/cve/CVE-2024-34156[CVE-2024-34156]::
 A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
 
 link:https://access.redhat.com/security/cve/CVE-2024-35989[CVE-2024-35989]::
-In the Linux kernel, the following vulnerability has been resolved:
-dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
+This is a vulnerability in the Linux kernel's Data Movement Accelerator (DMA) engine, specifically affecting the Intel Data Streaming Accelerator (IDXD) driver. The issue arises during the removal (rmmod) of the idxd driver on systems with only one active CPU. In such scenarios, the driver's cleanup process attempts to migrate performance monitoring unit (PMU) contexts to another CPU. However, with no other CPUs available, this leads to a kernel oops—a serious error causing the system to crash.
 
 link:https://access.redhat.com/security/cve/CVE-2024-36889[CVE-2024-36889]::
 In the Linux kernel, the following vulnerability has been resolved:
 mptcp: ensure snd_nxt is properly initialized on connect
 
 link:https://access.redhat.com/security/cve/CVE-2024-36978[CVE-2024-36978]::
-In the Linux kernel, the following vulnerability has been resolved:
-net: sched: sch_multiq: fix possible OOB write in multiq_tune()
+An out-of-bounds write flaw was found in the Linux kernel's multiq qdisc functionality. This vulnerability allows a local user to crash or potentially escalate their privileges on the system.
 
 link:https://access.redhat.com/security/cve/CVE-2024-38556[CVE-2024-38556]::
 In the Linux kernel, the following vulnerability has been resolved:
@@ -61,5 +58,4 @@ In the Linux kernel, the following vulnerability has been resolved:
 sched: act_ct: take care of padding in struct zones_ht_key
 
 link:https://access.redhat.com/security/cve/CVE-2024-42284[CVE-2024-42284]::
-In the Linux kernel, the following vulnerability has been resolved:
-tipc: Return non-zero value from tipc_udp_addr2str() on error
+A flaw was found in Linux kernel tipc. tipc_udp_addr2str() does not return a nonzero value when UDP media address is invalid, which can result in a buffer overflow in tipc_media_addr_printf().