CoreOS Security Update (MINDBREEZE30572)

ID: MINDBREEZE30572 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 8.8 High  
Status: Final 
First published: July 31, 2024 
CVEs: CVE-2024-2961, CVE-2024-1048 

Summary

• glibc: Out of bounds write in iconv may lead to remote code execution
• grub2: grub2-set-bootflag can be abused by local (pseudo-)users

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.4 Release 
• Mindbreeze InSpire SaaS 24.4 Release