SUSE-SU-2024:1144-1

Опубликовано: 08 апр. 2024

Источник: suse-cvrf

Описание

Security update for buildah

This update for buildah fixes the following issues:

CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes:
Require cni-plugins (bsc#1220568)

Список пакетов

Container rancher/elemental-teal-rt/5.4:latest

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

Container rancher/elemental-teal/5.4:latest

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Enterprise Storage 7.1

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

buildah-1.34.1-150400.3.27.1

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

buildah-1.34.1-150400.3.27.1

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Micro 5.1

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Micro 5.2

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Micro 5.3

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Micro 5.4

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Module for Public Cloud 15 SP2

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Server 15 SP2-LTSS

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Server 15 SP3-LTSS

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Server 15 SP4-LTSS

buildah-1.34.1-150400.3.27.1

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Server for SAP Applications 15 SP2

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Server for SAP Applications 15 SP3

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

buildah-1.34.1-150400.3.27.1

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

openSUSE Leap Micro 5.3

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

openSUSE Leap Micro 5.4

cni-0.7.1-150100.3.18.1

cni-plugins-0.8.6-150100.3.22.3

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241144-1/
Link for SUSE-SU-2024:1144-1
https://lists.suse.com/pipermail/sle-updates/2024-April/034878.html
E-Mail link for SUSE-SU-2024:1144-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1219563
SUSE Bug 1219563
https://bugzilla.suse.com/1220568
SUSE Bug 1220568
https://bugzilla.suse.com/1221677
SUSE Bug 1221677
https://www.suse.com/security/cve/CVE-2024-1753/
SUSE CVE CVE-2024-1753 page

Описание

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

Затронутые продукты

Container rancher/elemental-teal-rt/5.4:latest:cni-0.7.1-150100.3.18.1

Container rancher/elemental-teal-rt/5.4:latest:cni-plugins-0.8.6-150100.3.22.3

Container rancher/elemental-teal/5.4:latest:cni-0.7.1-150100.3.18.1

Container rancher/elemental-teal/5.4:latest:cni-plugins-0.8.6-150100.3.22.3

Ссылки

https://www.suse.com/security/cve/CVE-2024-1753.html
CVE-2024-1753
https://bugzilla.suse.com/1221677
SUSE Bug 1221677

SUSE-SU-2024:1144-1

Описание

Список пакетов

Container rancher/elemental-teal-rt/5.4:latest

Container rancher/elemental-teal/5.4:latest

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Module for Public Cloud 15 SP2

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

openSUSE Leap Micro 5.3

openSUSE Leap Micro 5.4

Ссылки

Уязвимость: CVE-2024-1753

Описание

Затронутые продукты

Ссылки