Rocky Linux Updates in ASCG 3.3.0

Brocade ASC-Gateway OVA

0 more products

35948

15 July 2025

15 July 2025

CLOSED

MEDIUM

Varies

Multiple

Brocade Security Advisory ID

 BSA-2025-3051

Component

 Rocky Linux

 

 

Summary

Multiple Rocky Linux updates applied to Brocade ASCG 3.3.0

RockyLinux 8: bzip2 [RLSA-2025:0733]

  • bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail). (CVE-2019-12900)

RockyLinux 8: pam [RLSA-2024:10379]

  • pam: libpam: Libpam vulnerable to read hashed password (CVE-2024-10041)
  • pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass (CVE-2024-10963)

RockyLinux 8: cups [RLSA-2025:0083]

  • cups: libppd: remote command injection via attacker controlled data in PPD file (CVE-2024-47175)

RockyLinux 8: libsoup [RLSA-2025:0838]

  • libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (CVE-2024-52531)

RockyLinux 8: unbound [RLSA-2025:0837]

  • unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation (CVE-2024-1488)
  • Unbounded name compression could lead to Denial of Service (CVE-2024-8508)

RockyLinux 8: glibc [RLSA-2024:3269]

  • glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)

RockyLinux 8: bind [RLSA-2025:1675]

  • bind: bind9: Many records in the additional section cause CPU exhaustion (CVE-2024-11187)

RockyLinux 8: libxml2 [RLSA-2025:1517]

  • libxml: use-after-free in xmlXIncludeAddNode (CVE-2022-49043)

RockyLinux 8: python3-requests [RLSA-2025:0012]

  • requests: subsequent requests to the same host ignore cert verification (CVE-2024-35195)

RockyLinux 8: gcc [RLSA-2025:1301]

  • jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)

RockyLinux 8: kernel [RLSA-2025:0065]

  • kernel: i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088)
  • kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)

RockyLinux 8: kernel [RLSA-2025:1266]

  • kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104)

RockyLinux 8: kernel [RLSA-2025:1068]

  • kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)
  • kernel: arm64/sve: Discard stale CPU state when handling SVE traps (CVE-2024-50275)

RockyLinux 8: python3-idna [RLSA-2024:4260]

  • python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651)

RockyLinux 8: NetworkManager [RLSA-2025:0288]

  • NetworkManager: DHCP routing options can manipulate interface-based VPN traffic (CVE-2024-3661)
  • Route to VPN server not stored in routing table that is specified by ipv4.route-table (JIRA:Rocky Linux-73051)
  • VPN connections do not support ipv4.routing-rules settings (JIRA:Rocky Linux-73052)

RockyLinux 8: container-tools [RLSA-2024:6969]

  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
  • golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
  • golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
  • net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

RockyLinux 8: container-tools [RLSA-2024:4246]

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

RockyLinux 8: container-tools [RLSA-2024:2988]

  • urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect (CVE-2018-25091)
  • golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
  • golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
  • golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
  • golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
  • golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
  • golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
  • golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
  • golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
  • golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
  • golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
  • golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
  • urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
  • moby/buildkit: Possible race condition with accessing subpaths from cache mounts (CVE-2024-23650)

RockyLinux 8: openldap [RLSA-2024:4264]

  • openldap: null pointer dereference in ber_memalloc_x function (CVE-2023-2953)

RockyLinux 8: linux-firmware [RLSA-2024:7481]

  • kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity (CVE-2023-20584)
  • kernel: hw: amd:Incomplete system memory cleanup in SEV firmware corrupt guest private memory (CVE-2023-31356)

RockyLinux 8: linux-firmware [RLSA-2024:4262]

  • kernel: Reserved fields in guest message responses may not be zero initialized (CVE-2023-31346)

RockyLinux 8: krb5 [RLSA-2025:2722]

  • CVE-2025-24528 krb5: overflow when calculating ulog block size

RockyLinux 8: curl [RLSA-2024:5654]

  • curl: HTTP/2 push headers memory-leak (CVE-2024-2398)

RockyLinux 8: libxml2 [RLSA-2025:2686]

  • libxml2: Use-After-Free in libxml2 (CVE-2024-56171)
  • libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 (CVE-2025-24928)

RockyLinux 8: nghttp2 [RLSA-2024:4252]

  • nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

RockyLinux 8: tuned [RLSA-2024:11161]

  • tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method (CVE-2024-52337)

RockyLinux 8: jose [RLSA-2024:5294]

  • jose: resource exhaustion (CVE-2024-28176)
  • jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967)

RockyLinux 8: python3-urllib3 [RLSA-2024:5309]

  • urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)

 

Solution

  • Security update provided in Brocade ASCG base OS (OVA deployment) 3.3.0

 

Revision History

Version

Change

Date

1.0

Initial Publication

 July 15, 2025

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.