Описание
ELSA-2025-9148: buildah security update (MODERATE)
[2:1.39.4-2.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]
[2:1.39.4-2]
- Rebuild on new golang to fix CVE-2025-22871
[2:1.39.4-1]
- update to https://github.com/containers/buildah/releases/tag/v1.39.4
- Related: RHEL-80817
[2:1.39.3-1]
- update to https://github.com/containers/buildah/releases/tag/v1.39.3
- Related: RHEL-80817
[2:1.39.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.39.2
- Related: RHEL-80817
[2:1.39.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.39.1
- Resolves: RHEL-81133
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
buildah
1.39.4-2.0.1.el10_0
buildah-tests
1.39.4-2.0.1.el10_0
Oracle Linux x86_64
buildah
1.39.4-2.0.1.el10_0
buildah-tests
1.39.4-2.0.1.el10_0
Связанные CVE
Связанные уязвимости
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator ...