[ALSA-2024:10384] Important: tuned security update
Type:
security
Severity:
important
Release date:
2024-12-02
Description:
The tuned packages provide a service that tunes system settings according to a selected profile. Security Fix(es): * tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root (CVE-2024-52336) * tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method (CVE-2024-52337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tuned-utils-2.24.0-2.el9_5.alma.1.noarch.rpm 09b59391e3473513e1addac366c878caeeb4bd06a0a57fbe916b8cc72ef13685
noarch tuned-profiles-oracle-2.24.0-2.el9_5.alma.1.noarch.rpm 1806d907006a2d77f2dabb6a981d347c46708ec1c580c2a47a91445d9e7fb2bf
noarch tuned-profiles-realtime-2.24.0-2.el9_5.alma.1.noarch.rpm 3da522cd5b375c06df9a4fa8297226b17d3f192806176a2ee4382e169d4c473f
noarch tuned-profiles-postgresql-2.24.0-2.el9_5.alma.1.noarch.rpm 4cdcf3d82ed9f90b61c15e1310f3dbf79203c07fa3ab8716cf87158345d6ba0c
noarch tuned-profiles-spectrumscale-2.24.0-2.el9_5.alma.1.noarch.rpm 643c091463125f5caa6792f17f2a68f9460ccd82f467a1a4fb0a8804276ecedf
noarch tuned-gtk-2.24.0-2.el9_5.alma.1.noarch.rpm 75bfc56b8e81c72d66a913b653e73517ba2e299863613d0c0d2b6d78e1558829
noarch tuned-ppd-2.24.0-2.el9_5.alma.1.noarch.rpm 7640e7338f26ada7da9161c634dbc048bfd86b4bd9f42b1f4f740ed80137ef7e
noarch tuned-profiles-atomic-2.24.0-2.el9_5.alma.1.noarch.rpm 84fb648623a1324a3119d642f3fd8f478ff3b15a635c83ca3b3561e32f2d00ec
noarch tuned-profiles-cpu-partitioning-2.24.0-2.el9_5.alma.1.noarch.rpm 9662c799e8afb9456a6ae87280a7d8704c0afedfc6811f6dc0c64f8959655bc3
noarch tuned-profiles-mssql-2.24.0-2.el9_5.alma.1.noarch.rpm 97c9546dba5c8b4ed1da440303ec668f2e7b8f73ebaf3cd35159eab6cbc2b7d2
noarch tuned-2.24.0-2.el9_5.alma.1.noarch.rpm ca29a8e23a29740e54208ed8a3464161c12a39e92a0325471b77322465e6bcab
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.