Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: Critical Issues with Containers-Common Directory Mounts

fedora
Calendar Grey October 19, 2024
Dist Fedora Esm H88
This patch for containers-tools resolves significant vulnerabilities in podman for Fedora 41, guaranteeing reliable functionality.
Automatic update for buildah-1.37.5-1.fc41

Summary

This package contains common configuration files and documentation for container

tools ecosystem, such as Podman, Buildah and Skopeo.

It is required because the most of configuration files and docs come from projects

which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged

separately.

Update Information:

Automatic update for buildah-1.37.5-1.fc41. Changelog for buildah * Fri Oct 18 2024 Packit - 2:1.37.5-1 - Update to 1.37.5 upstream release Fixes CVE-2024-9341, CVE-2024-9675 and CVE-2024-9676. bugfix

Topics%20covered

Topics Covered

security advisory Fedora DoS buildah containers-common directory mount

Change Log

* Thu Oct 17 2024 Debarshi Ray - 5:0.60.4-4 - Revert "Move fuse-overlayfs to suggests" for all Fedoras * Wed Oct 16 2024 Debarshi Ray - 5:0.60.4-3 - Revert "Move fuse-overlayfs to suggests" for Fedora 40 and older * Tue Oct 15 2024 Lokesh Mandvekar - 5:0.60.4-2 - disable zstd chunked on fedora

References


[ 1 ] Bug #2317462 - CVE-2024-9675 buildah: Buildah allows arbitrary directory mount [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2317462 [ 2 ] Bug #2317464 - CVE-2024-9675 podman: Buildah allows arbitrary directory mount [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2317464 [ 3 ] Bug #2318511 - CVE-2024-9341 podman: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2318511 [ 4 ] Bug #2318514 - CVE-2024-9341 buildah: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2318514 [ 5 ] Bug #2319017 - CVE-2024-9676 buildah: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2319017 [ 6 ] Bug #2319019 - CVE-2024-9676 podman: symlink traversal...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5a61a2fa45' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: containers-common
Product: Fedora 41
Version: 0.60.4
Release: 4.fc41
URL: https://github.com/containers/common
Summary: Common configuration and documentation for containers

Topics%20covered

Topics Covered

security advisory Fedora DoS buildah containers-common directory mount

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here