Описание
Security update for buildah
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
buildah-1.25.1-150100.3.23.1
SUSE Linux Enterprise Server 15 SP2-LTSS
buildah-1.25.1-150100.3.23.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
buildah-1.25.1-150100.3.23.1
Ссылки
- Link for SUSE-SU-2024:1142-1
- E-Mail link for SUSE-SU-2024:1142-1
- SUSE Security Ratings
- SUSE Bug 1221677
- SUSE CVE CVE-2024-1753 page
Описание
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.23.1
SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.23.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.23.1
Ссылки
- CVE-2024-1753
- SUSE Bug 1221677