Описание
ELSA-2026-0437: buildah security update (IMPORTANT)
[1.41.8-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]
[2:1.41.8-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41 (https://github.com/containers/buildah/commit/f85ff89)
- fixes 'CVE-2025-47913 buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-9.7.z]'
- Resolves: RHEL-134792
[2:1.41.7-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41 (https://github.com/containers/buildah/commit/e363f79)
- fixes 'Bump to runc v1.2.9 or v1.3.4 to get CVE and regression fixes - Buildah [rhel-9.7.z]'
- Resolves: RHEL-132846
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
buildah
1.41.8-1.0.1.el9_7
buildah-tests
1.41.8-1.0.1.el9_7
Oracle Linux x86_64
buildah
1.41.8-1.0.1.el9_7
buildah-tests
1.41.8-1.0.1.el9_7
Связанные CVE
Связанные уязвимости
CVSS3: 7.5
ubuntu
2 месяца назад
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
CVSS3: 7.5
nvd
2 месяца назад
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
CVSS3: 7.5
msrc
2 месяца назад
Potential denial of service in golang.org/x/crypto/ssh/agent
CVSS3: 7.5
debian
2 месяца назад
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed respons ...
