## This update for buildkit fixes the following issues: * Update to version 0.12.5: * update runc to v1.1.12 * exec: add extra validation for submount sources (fixes CVE-2024-23651, bsc#1219267) * oci: fix error handling on submount calls * executor: recheck mount stub path within root after container run (fixes CVE-2024-23652, bsc#1219268) * llbsolver: make sure interactive container API validates entitlements (fixes CVE-2024-23653, bsc#1219438) * gateway: pass executor with build and not access worker directly * pb: add extra validation to protobuf types * sourcepolicy: add validations for nil values * exporter: add validation for platforms key value * exporter: add validation for invalid platorm * exporter: validate null config metadata from gateway * ci: disable push if not upstream repo
* bsc#1219267
* bsc#1219268
* bsc#1219438
Cross-
* CVE-2024-23651
* CVE-2024-23652
* CVE-2024-23653
CVSS scores:
* CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23651 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23652 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23653 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23653 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Micro 6.0
An update that solves three vulnerabilities can now be installed.
##
* https://www.suse.com/security/cve/CVE-2024-23651.html
Get the latest Linux and open source security news straight to your inbox.