#js

Red Hat Security Advisory 2024-3958-03 - An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3955-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3954-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3953-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3952-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3951-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3950-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3949-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3943-03 - Red Hat OpenShift distributed tracing 3.2.1. Issues addressed include a denial of service vulnerability.

### Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for `RoleTemplate`objects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a `ClusterRole` for external `RoleTemplates` when its context is set to either `project` or is left empty. The fix introduces a new field to the `RoleTemplate` CRD named `ExternalRules`. The new field will be used to resolve rules directly from the `RoleTemplate`. Additionally, rules from the backing `ClusterRole` will be used if `ExternalRules` is not provided. The new field will always take precedence when it is set, and serve as the source of truth for rules used when creating Rancher resources on the local cluster. Please note that this is a breaking change for external `RoleTemplates`, when context is set to `project` or empty and the backing `ClusterRole` does not exist, as this was not previously required. *...