Описание
Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)
- Remove SLE15 SP4 from the distro check (end of general support)
- Add LABEL with source URL
Список пакетов
SUSE Linux Enterprise Module for Containers 15 SP6
containerized-data-importer-manifests-1.58.0-150600.3.3.2
openSUSE Leap 15.6
containerized-data-importer-api-1.58.0-150600.3.3.2
containerized-data-importer-cloner-1.58.0-150600.3.3.2
containerized-data-importer-controller-1.58.0-150600.3.3.2
containerized-data-importer-importer-1.58.0-150600.3.3.2
containerized-data-importer-manifests-1.58.0-150600.3.3.2
containerized-data-importer-operator-1.58.0-150600.3.3.2
containerized-data-importer-uploadproxy-1.58.0-150600.3.3.2
containerized-data-importer-uploadserver-1.58.0-150600.3.3.2
obs-service-cdi_containers_meta-1.58.0-150600.3.3.2
Ссылки
- Link for SUSE-SU-2024:1989-1
- E-Mail link for SUSE-SU-2024:1989-1
- SUSE Security Ratings
- SUSE Bug 1224119
- SUSE CVE CVE-2024-3727 page
Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Затронутые продукты
SUSE Linux Enterprise Module for Containers 15 SP6:containerized-data-importer-manifests-1.58.0-150600.3.3.2
openSUSE Leap 15.6:containerized-data-importer-api-1.58.0-150600.3.3.2
openSUSE Leap 15.6:containerized-data-importer-cloner-1.58.0-150600.3.3.2
openSUSE Leap 15.6:containerized-data-importer-controller-1.58.0-150600.3.3.2
Ссылки
- CVE-2024-3727
- SUSE Bug 1224112