Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2024:7184-5 Important Security Update for Container Systems

suse
Calendar Grey September 10, 2024
Dist Suse Esm H88
Recent improvements for Buildah address several concerns within SUSE offerings, particularly eliminating vulnerabilities related to container breaches and system settings.
* bsc#1221243 * bsc#1221677 * bsc#1224117 Cross-References:

Summary

## This update for buildah fixes the following issues: Update to version 1.35.4: * CVE-2024-3727 updates (bsc#1224117) * Bump go-jose CVE-2024-28180 * Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: * correctly configure /etc/hosts and resolv.conf * buildah: refactor resolv/hosts setup. * rename the hostFile var to reflect * CVE-2024-24786 protobuf to 1.33 Update to version 1.35.1: * CVE-2024-1753 container escape fix (bsc#1221677) * Buildah dropped cni support, require netavark instead (bsc#1221243) * Remove obsolete requires libcontainers-image & libcontainers-storage * Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) Update to version 1.35.0:

Topics%20covered

Topics Covered

security advisory software patch SUSE important update issue fix buildah container escape

References

* bsc#1221243

* bsc#1221677

* bsc#1224117

Cross-

* CVE-2024-1753

* CVE-2024-24786

* CVE-2024-28180

* CVE-2024-3727

CVSS scores:

* CVE-2024-1753 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

* SUSE Linux Enterprise Server 15 SP4

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities can now be installed.

##

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3186-1
Rating: important

Topics%20covered

Topics Covered

security advisory software patch SUSE important update issue fix buildah container escape

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here