Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

SUSE 15 SP3: 2024:4303-1 moderate: buildah input validation fix

suse
Calendar Grey December 12, 2024
Dist Suse Esm H88
Critical patches for buildah address input verification and denial-of-service vulnerabilities. Ensure your security by implementing these essential updates.
* bsc#1231208 * bsc#1231230 * bsc#1231499 * bsc#1231698 * bsc#1232522

Summary

## This update for buildah fixes the following issues: Security issues fixed: * CVE-2024-9675: cache arbitrary directory mount (bsc#1231499) * CVE-2024-9407: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208) * CVE-2024-9676: symlink traversal vulnerability in the containers/storage library can cause denial of service (bsc#1231698) * CVE-2024-9341: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) Non-security issue fixed: * default to slirp4netns on SLE instead of pasta (bsc#1232522) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory moderate denial of service input validation SUSE storage buildah

References

* bsc#1231208

* bsc#1231230

* bsc#1231499

* bsc#1231698

* bsc#1232522

Cross-

* CVE-2024-9341

* CVE-2024-9407

* CVE-2024-9675

* CVE-2024-9676

CVSS scores:

* CVE-2024-9341 ( SUSE ): 5.8

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-9341 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

* CVE-2024-9341 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

* CVE-2024-9341 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

* CVE-2024-9407 ( SUSE ): 5.6

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

* CVE-2024-9407 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

* CVE-2024-9675 ( SUSE ): 4.8

Announcement ID: SUSE-SU-2024:4303-1
Release Date: 2024-12-12T12:50:24Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service input validation SUSE storage buildah

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here