SUSE-SU-2024:1988-1

Опубликовано: 11 июн. 2024

Источник: suse-cvrf

Описание

Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:

Rebuild against current updated packages and go compiler.

Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)
Add LABEL with source URL

Список пакетов

SUSE Linux Enterprise Micro 5.5

containerized-data-importer-manifests-1.58.0-150500.6.15.1

SUSE Linux Enterprise Module for Containers 15 SP5

containerized-data-importer-manifests-1.58.0-150500.6.15.1

openSUSE Leap 15.5

containerized-data-importer-api-1.58.0-150500.6.15.1

containerized-data-importer-cloner-1.58.0-150500.6.15.1

containerized-data-importer-controller-1.58.0-150500.6.15.1

containerized-data-importer-importer-1.58.0-150500.6.15.1

containerized-data-importer-manifests-1.58.0-150500.6.15.1

containerized-data-importer-operator-1.58.0-150500.6.15.1

containerized-data-importer-uploadproxy-1.58.0-150500.6.15.1

containerized-data-importer-uploadserver-1.58.0-150500.6.15.1

obs-service-cdi_containers_meta-1.58.0-150500.6.15.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241988-1/
Link for SUSE-SU-2024:1988-1
https://lists.suse.com/pipermail/sle-updates/2024-June/035547.html
E-Mail link for SUSE-SU-2024:1988-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1224119
SUSE Bug 1224119
https://www.suse.com/security/cve/CVE-2024-3727/
SUSE CVE CVE-2024-3727 page

Описание

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Затронутые продукты

SUSE Linux Enterprise Micro 5.5:containerized-data-importer-manifests-1.58.0-150500.6.15.1

SUSE Linux Enterprise Module for Containers 15 SP5:containerized-data-importer-manifests-1.58.0-150500.6.15.1

openSUSE Leap 15.5:containerized-data-importer-api-1.58.0-150500.6.15.1

openSUSE Leap 15.5:containerized-data-importer-cloner-1.58.0-150500.6.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3727.html
CVE-2024-3727
https://bugzilla.suse.com/1224112
SUSE Bug 1224112

SUSE-SU-2024:1988-1

Описание

Список пакетов

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Containers 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-3727

Описание

Затронутые продукты

Ссылки