Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: 2024-5a61a2fa45 moderate: buildah DoS and mount issues

fedora
Calendar Grey October 19, 2024
Dist Fedora Esm H88
New enhancements for buildah tackle various security risks, such as issues with directory mounting and denial-of-service vulnerabilities affecting Fedora.
Automatic update for buildah-1.37.5-1.fc41

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Update Information:

Automatic update for buildah-1.37.5-1.fc41. Changelog for buildah * Fri Oct 18 2024 Packit - 2:1.37.5-1 - Update to 1.37.5 upstream release Fixes CVE-2024-9341, CVE-2024-9675 and CVE-2024-9676. bugfix

Topics%20covered

Topics Covered

security advisory Fedora bug fix DoS buildah directory mount

Change Log

* Fri Oct 18 2024 Packit - 2:1.37.5-1 - Update to 1.37.5 upstream release

References


[ 1 ] Bug #2317462 - CVE-2024-9675 buildah: Buildah allows arbitrary directory mount [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2317462 [ 2 ] Bug #2317464 - CVE-2024-9675 podman: Buildah allows arbitrary directory mount [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2317464 [ 3 ] Bug #2318511 - CVE-2024-9341 podman: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2318511 [ 4 ] Bug #2318514 - CVE-2024-9341 buildah: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2318514 [ 5 ] Bug #2319017 - CVE-2024-9676 buildah: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2319017 [ 6 ] Bug #2319019 - CVE-2024-9676 podman: symlink traversal...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5a61a2fa45' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: buildah
Product: Fedora 41
Version: 1.37.5
Release: 1.fc41
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory Fedora bug fix DoS buildah directory mount

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here