{"id":"RHSA-2024:1878","summary":"Red Hat Security Advisory: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements","modified":"2026-04-02T10:07:43Z","published":"2024-09-28T04:02:33Z","upstream":["CVE-2023-36053","CVE-2023-37276","CVE-2023-41164","CVE-2023-43665","CVE-2023-47627","CVE-2023-49081","CVE-2023-49082","CVE-2023-49083","CVE-2024-22195","CVE-2024-23334","CVE-2024-23342","CVE-2024-23829","CVE-2024-24680","CVE-2024-27351"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218004"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224185"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2227307"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237258"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241046"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249825"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252235"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252248"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255331"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257854"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259780"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261856"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261887"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261909"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266045"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHUI-434"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHUI-514"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHUI-516"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1878.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-36053"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-36053"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36053"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37276"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-37276"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37276"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-41164"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-41164"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-43665"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-43665"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-47627"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-47627"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47627"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-49081"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-49081"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49081"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-49082"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-49082"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49082"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-49083"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-49083"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49083"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/pull/9926"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-22195"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-22195"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22195"},{"type":"ARTICLE","url":"https://github.com/pallets/jinja/releases/tag/3.1.3"},{"type":"ARTICLE","url":"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-23334"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-23334"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23334"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-23342"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-23342"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23342"},{"type":"ARTICLE","url":"https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md"},{"type":"ARTICLE","url":"https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp"},{"type":"ARTICLE","url":"https://minerva.crocs.fi.muni.cz/"},{"type":"ARTICLE","url":"https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-23829"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-23829"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23829"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-24680"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-24680"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-27351"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-27351"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/"}],"affected":[{"package":{"name":"python-django","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.11-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-django","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.11-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python-aiohttp","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.2-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python-aiohttp-debugsource","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-aiohttp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.2-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-aiohttp-debuginfo","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-aiohttp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.2-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-aiohttp","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.2-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python-cryptography","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:41.0.6-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python-cryptography-debugsource","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-cryptography-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:41.0.6-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-cryptography","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:41.0.6-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-cryptography-debuginfo","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-cryptography-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:41.0.6-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python-jinja2","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-jinja2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.3-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-jinja2","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-jinja2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.3-1.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python-ecdsa","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python-ecdsa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.18.0-4.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}},{"package":{"name":"python3.11-ecdsa","ecosystem":"Red Hat:rhui:4::el8","purl":"pkg:rpm/redhat/python3.11-ecdsa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.18.0-4.el8ui"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1878.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}