Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorycriticalFedoraFedora 40: FEDORA-2024-77a0ab280f Critical: Buildah Security Update
Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc40. Changelog for buildah * Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstream release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-77a0ab280f 2024-05-26 01:25:15.719391 -------------------------------------------------------------------------------- Name : buildah Product : Fedora 40 Version : 1.35.4 Release : 1.fc40 URL : https://buildah.io Summary : A command line tool used for creating OCI Images Description : The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to create a new image * delete a working container or an image -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc40. Changelog for buildah * Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstream release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-77a0ab280f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 26, 2024
•Critical
Fedora
89
security advisorysecurity updatefedoraFedora 39: FEDORA-2024-c56e6ff1b5 Critical: Buildah CVE-2024-3727
Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc39. Changelog for buildah * Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstream release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c56e6ff1b5 2024-05-19 02:46:05.072735 -------------------------------------------------------------------------------- Name : buildah Product : Fedora 39 Version : 1.35.4 Release : 1.fc39 URL : https://buildah.io Summary : A command line tool used for creating OCI Images Description : The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to create a new image * delete a working container or an image -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc39. Changelog for buildah * Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstream release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c56e6ff1b5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 19, 2024
•Critical
Fedora
89
security advisoryupdatecriticalFedora 36: 2022-d1f55f8fd0 Moderate: runc Critical Fixes Overview
- Update to 1.1.2. Fixes rhbz#2085287. - Mitigate CVE-2022-29162 / GHSA-f3fp- gc8g-vw66.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-d1f55f8fd0 2022-05-31 15:44:33.185157 --------------------------------------------------------------------------------Name : golang-github-opencontainers-runc Product : Fedora 36 Version : 1.1.2 Release : 1.fc36 URL : https://github.com/opencontainers/runc Summary : CLI tool for spawning and running containers Description : Runc is a CLI tool for spawning and running containers according to the OCI specification. --------------------------------------------------------------------------------Update Information: - Update to 1.1.2. Fixes rhbz#2085287. - Mitigate CVE-2022-29162 / GHSA-f3fp-gc8g-vw66. --------------------------------------------------------------------------------ChangeLog: * Sun May 22 2022 Maxwell G 1.1.2-1 - Update to 1.1.2. Fixes rhbz#2085287. - Mitigate CVE-2022-29162 / GHSA-f3fp-gc8g-vw66. --------------------------------------------------------------------------------References: [ 1 ] Bug #2085287 - golang-github-opencontainers-runc-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2085287 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-d1f55f8fd0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 31, 2022
•Critical
Fedora
89
security advisoryfedoraFedoraFedora 34: 2021-83b3740389 Moderate: Buildah DoS Incident
crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-83b3740389 2021-04-24 20:00:51.081124 --------------------------------------------------------------------------------Name : buildah Product : Fedora 34 Version : 1.20.1 Release : 4.fc34 URL : https://buildah.io Summary : A command line tool used for creating OCI Images Description : The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to create a new image * delete a working container or an image --------------------------------------------------------------------------------Update Information: crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1 --------------------------------------------------------------------------------ChangeLog: * Thu Apr 22 2021 Lokesh Mandvekar - 1.20.1-4 - fix gating tests * Tue Apr 20 2021 Lokesh Mandvekar - 1.20.1-3 - adjust deps and stay ahead of f33 * Fri Apr 16 2021 Lokesh Mandvekar - 1.20.1-2 - rebuild for buildah-tests * Wed Apr 14 2021 RH Container Bot - 1.20.1-1 - autobuilt v1.20.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1939485 - CVE-2021-20291 containers/storage: DoS via malicious image https://bugzilla.redhat.com/show_bug.cgi?id=1939485 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-83b3740389' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 24, 2021
Fedora
98
security advisoryred hatimportantRed Hat Enterprise Linux 7 Extras: Podman Update RHSA-2020-2117-01 Critical
An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: podman security update Advisory ID: RHSA-2020:2117-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2020:2117 Issue date: 2020-05-12 CVE Names: CVE-2020-8945 CVE-2020-10696 ==================================================================== 1. Summary: An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - noarch, ppc64le, s390x, x86_64 3. Description: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1795838 - CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull 1817651 - CVE-2020-10696 buildah: Crafted input tar file may lead to local file overwrite during image build process 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: podman-1.6.4-18.el7_8.src.rpm noarch: podman-docker-1.6.4-18.el7_8.noarch.rpm ppc64le: podman-1.6.4-18.el7_8.ppc64le.rpm podman-debuginfo-1.6.4-18.el7_8.ppc64le.rpm s390x: podman-1.6.4-18.el7_8.s390x.rpm podman-debuginfo-1.6.4-18.el7_8.s390x.rpm x86_64: podman-1.6.4-18.el7_8.x86_64.rpm podman-debuginfo-1.6.4-18.el7_8.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: podman-1.6.4-18.el7_8.src.rpm noarch: podman-docker-1.6.4-18.el7_8.noarch.rpm x86_64: podman-1.6.4-18.el7_8.x86_64.rpm podman-debuginfo-1.6.4-18.el7_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8945 https://access.redhat.com/security/cve/CVE-2020-10696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXrr+ZNzjgjWX9erEAQiSqhAAlYqZcvuO01y9wZxbsnZBwZYOurO01tOZ vz2T/5C5qilCkwamf6+Rn5MOKlhRlMhE2BiASs9OMvbsGzD86nOVI1/uBZ9LcIaQ flnSQ/p2RT6C67YL97Ne1hucXDJBue6pHBgtcUt8vRB1flVRUI1DU1dK2CnuTs9Z Mp14DJSY2HNIKYWyDJ6FovSozPTc2z3BtZQM5wa/suSdRKmrpJzC0Xky1u7tfk6W l9HhDypUqS7h901xtE91aom/KxXnVoG3B2Notc0II3aq97kShakrICFK0CK80cNV vMCMbXsItEekNyP+wXlfyOY1ef8XV45Tjpm6Nmx8o/oCLcjF/56FslykbZKCDOUA Qch+FMVRJV0vFcv9cIXNNmkCFxF+s3RY7VmgBTbNJE8rmMJb5KAtJ/DJZf4li8XC WytedOlgZrpPiHWl4Zy8AhasleXGVJP9oxfdBu7uBFclF2lQIWgjBQaQwuRU2NO2 IQ7fETbdVEkFnLVGn7F0vxtlp1F7va0NxXwHQAIMQknyfxmuhNX+rPI6Cl2id5Yb Rs/GEFTI+qbtfWJSGKAEPFvPvfiucRCRpSG8S6aKKNYvRhLxmVFkWp6n8iMSpJrr qjnxko7/hoR+azWLB/1uKlrcav7/Lew72iKQXOf7GelLmM2DA1ixdMpVn+ck1N13 1mdoJoJHKyk=43Fw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 12, 2020
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat OpenShift 4.3: RHSA-2020-1396-01 Low: Podman Security Issue
An update for podman is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.3.12 podman security update Advisory ID: RHSA-2020:1396-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:1396 Issue date: 2020-04-14 CVE Names: CVE-2020-10696 ==================================================================== 1. Summary: An update for podman is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.3 - noarch, x86_64 3. Description: The podman tool manages Pods, container images, and containers. It is part of the libpod library, which is for applications that use container Pods. Container Pods is a concept in Kubernetes. Security Fix(es): * buildah: a crafted input tar file could overwrite local files during the image build process (CVE-2020-10696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.12, for important instructions on how to upgrade your cluster and fully apply this asynchronouserrata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.3/html/release_notes/ocp-4-3-release-notes Details on how to access this content are available at - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1817651 - CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process 6. Package List: Red Hat OpenShift Container Platform 4.3: Source: podman-1.6.4-10.rhaos4.3.el8.src.rpm noarch: podman-docker-1.6.4-10.rhaos4.3.el8.noarch.rpm podman-manpages-1.6.4-10.rhaos4.3.el8.noarch.rpm x86_64: podman-1.6.4-10.rhaos4.3.el8.x86_64.rpm podman-debuginfo-1.6.4-10.rhaos4.3.el8.x86_64.rpm podman-debugsource-1.6.4-10.rhaos4.3.el8.x86_64.rpm podman-remote-1.6.4-10.rhaos4.3.el8.x86_64.rpm podman-remote-debuginfo-1.6.4-10.rhaos4.3.el8.x86_64.rpm podman-tests-1.6.4-10.rhaos4.3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10696 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXpXZF9zjgjWX9erEAQi51w//eQezohYwMzlBMkOwGhC2EFNCCxafu6a6 Jq/vBiLcWW4eXWBvRPZNX8nt4eI3JtXEx0fGish48IYbK44m0frKy8LrsQxVUcY/ +TsVeFUmCB469rHmNEkfw42IiQsu6nwgs7WKNRfX76Y6w2pTDS6mctkgz/s4rTL2 rEDx3fTR2vmngec+BEM/7fk4aKKp3nNzOomPxSXvXsEuDm1yl0ZBjI94PzwvXHAl EVX6RP14Uz2NMsSP+KrUaQlwV8tI4jIHRVYs1bv3t4gTLblUx9JrXdj+IuMZyT24 95em0yxnsuljc3sq4sfMxJ/uY6qyRUxZZ6XuDj+6JzuQRhA1Z/B1+20ktpKvL+eb ECMhd1oxDn96oLLQIjqttFlg4S0p/5SUXcTgDyg8KlCu0GEETEXQ3klzwjcfHYaj cxQUi9cYEiiHe04rqWOKOzUr3BZePO9M0R9sE8KSPonYUdx8LFyH91rmoX2SAYsi 0KeH3G5zTerpDrFX0wQmQHqX8H6T4BBJw4yCLfeFMRwTOyihpDmLzTUIOevgWdAS gKQSvs0N7BuTxntM9vbKN/QYA3/AWmomKlsU9EHdd2KNT1rGUPl1eyxbN5yi4mj2 9x/tFM+f5u1koMShWhED/X2C5HmK/8eif55WH2ORzBJMX/iRnUnFirjHug25Ej22 vSPrSAit8nI=/rvK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2020
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!