Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-2245

Опубликовано: 03 мая 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-2245: buildah security update (MODERATE)

[1.33.6-2.0.1]

  • Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.33.6-2]

  • update tags for systemd libsubid
  • Resolves: RHEL-26594

[2:1.33.6-1]

[2:1.33.5-1]

[2:1.33.4-1]

  • revert back to 1.33.4
  • Related: Jira:RHEL-2112

[1:1.34.0-1]

[1:1.33.2-1]

  • Bump to v1.33.2
  • Related: Jira:RHEL-2112

[1:1.33.1-3]

  • Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322
  • Related: Jira:RHEL-2779

[1:1.33.1-2]

  • Fix gating issues in tests/tests.yml
  • Related: RHEL-2112

[1:1.33.1-1]

[1:1.32.2-1]

[1:1.32.1-1]

[1:1.32.0-1]

[1:1.31.3-1]

[1:1.31.2-1]

[1:1.31.1-2]

  • build buildah off main branch for early testing of zstd compression
  • Related: #2176063

[1:1.31.1-1]

[1:1.31.0-1]

[1:1.30.0-2]

  • rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400
  • Resolves: #2175073
  • Resolves: #2179958
  • Resolves: #2187332
  • Resolves: #2187375
  • Resolves: #2203696
  • Resolves: #2207518

[1:1.30.0-1]

  • update to 1.30.0
  • Related: #2176063

[1:1.29.1-2]

[1:1.29.1-1]

[1:1.29.0-3]

[1:1.29.0-2]

[1:1.29.0-1]

[1:1.29.0-0.4]

[1:1.29.0-0.3]

[1:1.29.0-0.2]

[1:1.29.0-0.1]

[1:1.28.2-3]

[1:1.28.2-2]

[1:1.28.2-1]

[1:1.28.0-2]

  • pull in crun by default
  • Resolves: #2142494

[1:1.28.0-1]

[1:1.27.0-2]

  • fix CVE-2022-2990
  • Related: #2061316

[1:1.27.0-1]

[1:1.26.4-2]

  • add buildah-tutorial to test subpackage
  • Related: #2061316

[1:1.26.4-1]

[1:1.26.3-1]

[1:1.26.2-1]

[1:1.26.1-4]

  • Re-enable LTO and debuginfo
  • Related: #2061316

[1:1.26.1-3]

  • BuildRequires: /usr/bin/go-md2man
  • Related: #2061316

[1:1.26.1-2]

  • Add missing container networking dependencies (thanks to Neal Gompa)
  • Related: #2061316

[1:1.26.1-1]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

buildah

1.33.6-2.0.1.el9

buildah-tests

1.33.6-2.0.1.el9

Oracle Linux x86_64

buildah

1.33.6-2.0.1.el9

buildah-tests

1.33.6-2.0.1.el9

Связанные CVE

CVE-2023-45287
CVE-2023-39326

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-2272

oracle-oval
около 1 года назад

ELSA-2024-2272: containernetworking-plugins security update (MODERATE)

oracle-oval логотип

ELSA-2024-2193

oracle-oval
около 1 года назад

ELSA-2024-2193: podman security update (MODERATE)

ubuntu логотип

CVE-2023-45287

CVSS3: 7.5
ubuntu
больше 1 года назад

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

nvd логотип

CVE-2023-45287

CVSS3: 7.5
nvd
больше 1 года назад

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

debian логотип

CVE-2023-45287

CVSS3: 7.5
debian
больше 1 года назад

Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...

Уязвимость ELSA-2024-2245