Описание
ELSA-2024-9097: buildah security update (MODERATE)
[1.37.2-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]
[2:1.37.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.37.2
- Related: RHEL-27608
[2:1.37.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.37.1
- Related: RHEL-27608
[2:1.37.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.37.0
- Resolves: RHEL-47164 RHEL-40808
[2:1.36.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.36.0
- Related: RHEL-27608
[2:1.35.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.35.2
- Related: RHEL-27608
[2:1.35.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.35.1
- Related: RHEL-27608
[2:1.35.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.35.0
- Resolves: RHEL-29278
[2:1.33.6-2]
- update tags for systemd libsubid
- Resolves: RHEL-26594
[2:1.33.6-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/f843563)
- Related: RHEL-2112
[2:1.33.5-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/70b792d)
- Related: RHEL-2112
[2:1.33.4-1]
- revert back to 1.33.4
- Related: Jira:RHEL-2112
[1:1.34.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.34.0
- Related: RHEL-2112
[1:1.33.2-1]
- Bump to v1.33.2
- Related: Jira:RHEL-2112
[1:1.33.1-3]
- Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322
- Related: Jira:RHEL-2779
[1:1.33.1-2]
- Fix gating issues in tests/tests.yml
- Related: RHEL-2112
[1:1.33.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.33.1
- Related: RHEL-2112
[1:1.32.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.32.2
- Related: RHEL-2112
[1:1.32.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.32.1
- Related: RHEL-2112
[1:1.32.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.32.0
- Related: Jira:RHEL-2112
[1:1.31.3-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.3
- Related: #2176063
[1:1.31.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.2
- Related: #2176063
[1:1.31.1-2]
- build buildah off main branch for early testing of zstd compression
- Related: #2176063
[1:1.31.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.1
- Related: #2176063
[1:1.31.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.0
- Related: #2176063
[1:1.30.0-2]
- rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400
- Resolves: #2175073
- Resolves: #2179958
- Resolves: #2187332
- Resolves: #2187375
- Resolves: #2203696
- Resolves: #2207518
[1:1.30.0-1]
- update to 1.30.0
- Related: #2176063
[1:1.29.1-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/f07d2c9)
- Resolves: #2178263
[1:1.29.1-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/7fa17a8)
- Related: #2124478
[1:1.29.0-3]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/c822cc6)
- Related: #2124478
[1:1.29.0-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/94b723c)
- Related: #2124478
[1:1.29.0-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29.0 (https://github.com/containers/buildah/commit/94b723c)
- Related: #2124478
[1:1.29.0-0.4]
- update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/078a7ff)
- Related: #2124478
[1:1.29.0-0.3]
- update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b72f05)
- Related: #2124478
[1:1.29.0-0.2]
- update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c541c35)
- Related: #2124478
[1:1.29.0-0.1]
- update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8ca903b)
- Related: #2124478
[1:1.28.2-3]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/cfefbb6)
- fixes segmentation fault on s390x
- Resolves: #2150429
[1:1.28.2-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/7e4d9dd)
- Resolves: #2151247
[1:1.28.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.28.2
- Related: #2124478
[1:1.28.0-2]
- pull in crun by default
- Resolves: #2142494
[1:1.28.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.28.0
- Related: #2124478
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
buildah
1.37.2-1.0.1.el9
buildah-tests
1.37.2-1.0.1.el9
Oracle Linux x86_64
buildah
1.37.2-1.0.1.el9
buildah-tests
1.37.2-1.0.1.el9
Связанные CVE
Связанные уязвимости
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.