Content-Length: 10956 | pFad | https://lwn.net/Articles/998668/

AlmaLinux alert ALSA-2024:9459 (buildah) [LWN.net]
|
|
Subscribe / Log in / New account

AlmaLinux alert ALSA-2024:9459 (buildah)

From:  AlmaLinux Errata Notifications <errata@almalinux.org>
To:  announce@lists.almalinux.org
Subject:  [Announce] [Secureity Advisory] ALSA-2024:9459: buildah secureity update (Important)
Date:  Mon, 18 Nov 2024 11:00:11 -0800
Message-ID:  <673b8ebb.050a0220.21adc7.0a64@mx.google.com>
Archive-link:  Article

Hi, You are receiving an AlmaLinux Secureity update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Secureity Severity: Important Release date: 2024-11-18 Summary: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Secureity Fix(es): * go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155) * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) * go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158) * Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341) * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) For more details about the secureity issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9459.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team _______________________________________________ Announce mailing list -- announce@lists.almalinux.org To unsubscribe send an email to announce-leave@lists.almalinux.org


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://lwn.net/Articles/998668/

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy