Explore top 10 tips to secure your open-source projects now. Read More
×
Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7f8de90b74 2026-05-23 00:56:16.173313+00:00 -------------------------------------------------------------------------------- Name : docker-buildx Product : Fedora 44 Version : 0.34.0 Release : 1.fc44 URL : https://github.com/docker/buildx Summary : Docker CLI plugin for extended build capabilities with BuildKit Description : Docker CLI plugin for extended build capabilities with BuildKit. -------------------------------------------------------------------------------- Update Information: Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Bradley G Smith - 0.34.0-1 - Update to release v0.34.0 - Resolves: rhbz#2467576 - Resolves CVE-2026-39984: rhbz#2458930 - Upstream new features and fixes * Thu Apr 2 2026 Bradley G Smith - 0.33.0-2 - Update to new spec file - Regenerate spec file using go2rpm - Use gocheck2. Current v0.33.0 release will sometimes fail during check phase with an https related test. No obvious pattern related to architecture. gocheck2 will allow for test to be skipped if needed -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458930 - CVE-2026-39984 docker-buildx: improper certificate validation in verifier [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458930 [ 2 ] Bug #2467576 - docker-buildx-0.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2467576 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2026-7f8de90b74' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves five vulnerabilities can now be installed.. # Security update for podman Announcement ID: SUSE-SU-2026:21291-1 Release Date: 2026-04-23T12:24:25Z Rating: important References: * bsc#1252376 * bsc#1253542 * bsc#1253993 Cross-References: * CVE-2025-31133 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-52565 * CVE-2025-52881 CVSS scores: * CVE-2025-31133 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31133 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31133 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-52565 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52565 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52565 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H *CVE-2025-52881 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376). * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-506=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * podmansh-5.4.2-slfo.1.1_4.1 * podman-debuginfo-5.4.2-slfo.1.1_4.1 * podman-5.4.2-slfo.1.1_4.1 * podman-remote-5.4.2-slfo.1.1_4.1 * podman-remote-debuginfo-5.4.2-slfo.1.1_4.1 * SUSE Linux Micro 6.1 (noarch) * podman-docker-5.4.2-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31133.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-52565.html * https://www.suse.com/security/cve/CVE-2025-52881.html * https://bugzilla.suse.com/show_bug.cgi?id=1252376 * https://bugzilla.suse.com/show_bug.cgi?id=1253542 *https://bugzilla.suse.com/show_bug.cgi?id=1253993 . An important update for SUSE enhancing podman security against five key exploits effectively.. SUSE podman vulnerabilities important update threats patches. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2026:0479-1 Release Date: 2026-02-12T15:34:12Z Rating: important References: * bsc#1253189 * bsc#1257128 * bsc#1257422 Cross-References: * CVE-2024-45310 * CVE-2025-64435 CVSS scores: * CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2025-64435 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-64435 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-64435 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container, virt-synchronization-controller-container fixes the following issues: Update to version 1.7.0. (bsc#1257128) Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.7.0 * CVE-2025-64435: Fixes logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS (bsc#1253189 ) * CVE-2024-45310: Fixes kubevirt vendored github.com/opencontainers/runc/libcontainer/utils: runc can betricked into creating empty files/directories on host bsc#1257422 * Upstream now uses stateless firmware for CoCo VMs. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-479=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-virtctl-1.7.0-150700.3.16.2 * kubevirt-virtctl-debuginfo-1.7.0-150700.3.16.2 * kubevirt-manifests-1.7.0-150700.3.16.2 ## References: * https://www.suse.com/security/cve/CVE-2024-45310.html * https://www.suse.com/security/cve/CVE-2025-64435.html * https://bugzilla.suse.com/show_bug.cgi?id=1253189 * https://bugzilla.suse.com/show_bug.cgi?id=1257128 * https://bugzilla.suse.com/show_bug.cgi?id=1257422 . An important security update for kubevirt addresses two flaws that could enhance system stability and security.. Kubevirt Update, SUSE Security, Container Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
cifs.upcall makes an upcall to the wrong namespace in containerized environments. (CVE-2025-2312) References: - https://bugs.mageia.org/show_bug.cgi?id=34315 . MGASA-2025-0176 - Updated cifs-utils packages fix security vulnerability Publication date: 05 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0176.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments. (CVE-2025-2312) References: - https://bugs.mageia.org/show_bug.cgi?id=34315 - https://ubuntu.com/security/notices/USN-7536-1 - https://www.cve.org/CVERecord?id=CVE-2025-2312 SRPMS: - 9/core/cifs-utils-7.0-1.1.mga9 . The CIFS-utils upgrade for Mageia 9 addresses a namespace problem impacting container environments with a critical severity level.. CIFS-utils, Mageia security, container security, namespace issue, vulnerability fix. . Severity: Critical. LinuxSecurity.com Team
Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-76012a9a99 2025-02-09 01:30:07.778474+00:00 -------------------------------------------------------------------------------- Name : golang-github-nvidia-container-toolkit Product : Fedora 40 Version : 1.17.3 Release : 1.fc40 URL : https://github.com/NVIDIA/nvidia-container-toolkit Summary : Build and run containers leveraging NVIDIA GPUs Description : The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs. -------------------------------------------------------------------------------- Update Information: Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2025 Debarshi Ray - 1.17.3-1 - Update to 1.17.3 * Wed Jan 29 2025 Debarshi Ray - 1.17.2-1 - Update to 1.17.2 * Tue Jan 28 2025 Debarshi Ray - 1.17.1-1 - Update to 1.17.1 * Fri Jan 24 2025 Debarshi Ray - 1.17.0-1 - Update to 1.17.0 * Fri Jan 24 2025 Debarshi Ray - 1.16.2-2 - Synchronize linker flags with upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324082 - CVE-2024-0134 golang-github-nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2324082 [ 2 ] Bug #2342483 - CVE-2024-0135golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342483 [ 3 ] Bug #2342487 - CVE-2024-0137 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342487 [ 4 ] Bug #2342491 - CVE-2024-0136 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342491 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-76012a9a99' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that contains one feature and has one security fix can now be installed.. # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2025:0215-1 Release Date: 2025-01-22T02:52:54Z Rating: moderate References: * bsc#1232762 * jsc#PED-10545 Affected Products: * Containers Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that contains one feature and has one security fix can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: Update to version 1.4.0 * Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.4.0 * Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545) * Drop packages: iptables, lsscsi, and socat * Fix ovmf firmware path for SEV(ES) VMs (bsc#1232762) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-215=1 openSUSE-SLE-15.6-2025-215=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-215=1 ## Package List: * openSUSE Leap 15.6 (aarch64 x86_64) * kubevirt-virt-controller-1.4.0-150600.5.12.1 * kubevirt-container-disk-1.4.0-150600.5.12.1 * kubevirt-virt-exportproxy-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-handler-debuginfo-1.4.0-150600.5.12.1 *kubevirt-virt-operator-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-exportproxy-1.4.0-150600.5.12.1 * kubevirt-virt-launcher-1.4.0-150600.5.12.1 * kubevirt-virt-api-1.4.0-150600.5.12.1 * kubevirt-virt-controller-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-launcher-debuginfo-1.4.0-150600.5.12.1 * obs-service-kubevirt_containers_meta-1.4.0-150600.5.12.1 * kubevirt-tests-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virtctl-1.4.0-150600.5.12.1 * kubevirt-virtctl-debuginfo-1.4.0-150600.5.12.1 * kubevirt-pr-helper-conf-1.4.0-150600.5.12.1 * kubevirt-virt-api-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-operator-1.4.0-150600.5.12.1 * kubevirt-tests-1.4.0-150600.5.12.1 * kubevirt-virt-exportserver-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-exportserver-1.4.0-150600.5.12.1 * kubevirt-virt-handler-1.4.0-150600.5.12.1 * kubevirt-manifests-1.4.0-150600.5.12.1 * kubevirt-container-disk-debuginfo-1.4.0-150600.5.12.1 * Containers Module 15-SP6 (aarch64 x86_64) * kubevirt-manifests-1.4.0-150600.5.12.1 * kubevirt-virtctl-1.4.0-150600.5.12.1 * kubevirt-virtctl-debuginfo-1.4.0-150600.5.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1232762 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10545&page_caps=&user_role= . An upgrade to kubevirt and its related containers improves resilience and addresses significant vulnerabilities.. kubevirt security update, openSUSE container update, software resilience. . Severity: moderate. LinuxSecurity.com Team
An update that can now be installed.. # Security update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont Announcement ID: SUSE-SU-2025:0216-1 Release Date: 2025-01-22T02:53:22Z Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: * Install nbdkit-server to avoid pulling unneeded dependencies * rebuild against current GO ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-216=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-216=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-216=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-216=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-216=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP5-2025-216=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * containerized-data-importer-controller-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-operator-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-cloner-1.59.0-150500.6.21.1 * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * containerized-data-importer-uploadserver-1.59.0-150500.6.21.1 * containerized-data-importer-importer-1.59.0-150500.6.21.1 * containerized-data-importer-operator-1.59.0-150500.6.21.1 * containerized-data-importer-api-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-uploadserver-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-importer-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-uploadproxy-debuginfo-1.59.0-150500.6.21.1 * obs-service-cdi_containers_meta-1.59.0-150500.6.21.1 * containerized-data-importer-controller-1.59.0-150500.6.21.1 * containerized-data-importer-uploadproxy-1.59.0-150500.6.21.1 * containerized-data-importer-api-1.59.0-150500.6.21.1 * containerized-data-importer-cloner-debuginfo-1.59.0-150500.6.21.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 . Download the most recent security patch for openSUSE that resolves vulnerabilities in cdi-containers. Critical for maintaining system stability.. openSUSE Update, CDI Container Security, Linux Patch Management,Container Vulnerability Fix. . Severity: moderate. LinuxSecurity.com Team
runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start . MGASA-2025-0004 - Updated opencontainers-runc packages fix security vulnerability Publication date: 10 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0004.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-45310 runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. References: - https://bugs.mageia.org/show_bug.cgi?id=33519 - https://www.openwall.com/lists/oss-security/2024/09/03/1 - https://www.cve.org/CVERecord?id=CVE-2024-45310 SRPMS: - 9/core/opencontainers-runc-1.1.14-1.mga9 . New patches for opencontainers-runc packages have been issued to mitigate severe filesystem security vulnerabilities in Mageia.. opencontainers-runc security, Mageia security updates, container filesystem issue, software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.