Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: Critical Advisory for buildah 1.38.1 - CVE-2024-11218 Threat

fedora
Calendar Grey January 25, 2025
Dist Fedora Esm H88
This Debian announcement outlines the security patch for podman addressing severe concerns linked to container operations.
Security fix for CVE-2024-11218 - fixed in buildah 1.38.1, podman 5.3.2 Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41, podman-5.3.2-1.fc41

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Update Information:

Security fix for CVE-2024-11218 - fixed in buildah 1.38.1, podman 5.3.2 Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41, podman-5.3.2-1.fc41. Changelog for buildah * Tue Jan 21 2025 Packit - 2:1.38.1-1 - Update to 1.38.1 upstream release Changelog for containers-common * Thu Jan 16 2025 Packit - 5:0.61.1-1 - Update to 0.61.1 upstream release Changelog for podman * Wed Jan 22 2025 Packit - 5:5.3.2-1 - Update to 5.3.2 upstream release * Wed Jan 22 2025 Lokesh Mandvekar - 5:5.3.1-4 - remove patch merged in upcoming upstream release * Fri Jan 17 2025 Mikhail Gavrilov - 5:5.3.1-3 - apply MR https://github.com/containers/storage/pull/2193 * Wed Nov 27 2024 Lokesh Mandvekar - 5:5.3.1-2 - remove unused patch apply MR https://github.com/containers/storage/pull/2193

Topics%20covered

Topics Covered

security advisory critical issue Fedora update information buildah podman container breakout

Change Log

* Tue Jan 21 2025 Packit - 2:1.38.1-1 - Update to 1.38.1 upstream release

References


[ 1 ] Bug #2326231 - CVE-2024-11218 podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile https://bugzilla.redhat.com/show_bug.cgi?id=2326231

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-908dfe95f6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: buildah
Product: Fedora 41
Version: 1.38.1
Release: 1.fc41
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory critical issue Fedora update information buildah podman container breakout

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here