Lucene search
RedHatRHSA-2024:1150HistoryMar 05, 2024 - 3:32 p.m.
(RHSA-2024:1150) Moderate: buildah security update
2024-03-0515:32:31
access.redhat.com
13
buildah
oci container
security update
prefix truncation attack
cve-2023-48795
cvss score
references section
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
- ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | s390x | buildah | <Â 1.31.4-1.el9_3 | buildah-1.31.4-1.el9_3.s390x.rpm |
| RedHat | 9 | s390x | buildah-debugsource | <Â 1.31.4-1.el9_3 | buildah-debugsource-1.31.4-1.el9_3.s390x.rpm |
| RedHat | 9 | s390x | buildah-tests | <Â 1.31.4-1.el9_3 | buildah-tests-1.31.4-1.el9_3.s390x.rpm |
| RedHat | 9 | ppc64le | buildah-debuginfo | <Â 1.31.4-1.el9_3 | buildah-debuginfo-1.31.4-1.el9_3.ppc64le.rpm |
| RedHat | 9 | s390x | buildah-debuginfo | <Â 1.31.4-1.el9_3 | buildah-debuginfo-1.31.4-1.el9_3.s390x.rpm |
| RedHat | 9 | aarch64 | buildah-tests | <Â 1.31.4-1.el9_3 | buildah-tests-1.31.4-1.el9_3.aarch64.rpm |
| RedHat | 9 | ppc64le | buildah-debugsource | <Â 1.31.4-1.el9_3 | buildah-debugsource-1.31.4-1.el9_3.ppc64le.rpm |
| RedHat | 9 | s390x | buildah-tests-debuginfo | <Â 1.31.4-1.el9_3 | buildah-tests-debuginfo-1.31.4-1.el9_3.s390x.rpm |
| RedHat | 9 | x86_64 | buildah-debuginfo | <Â 1.31.4-1.el9_3 | buildah-debuginfo-1.31.4-1.el9_3.x86_64.rpm |
| RedHat | 9 | x86_64 | buildah | <Â 1.31.4-1.el9_3 | buildah-1.31.4-1.el9_3.x86_64.rpm |
Related
nessus
nessus
EulerOS 2.0 SP10 : libssh2 (EulerOS-SA-2024-1339)
2024-03-12 00:00:00
openSUSE 15 Security Update : jbcrypt, trilead-ssh2 (SUSE-SU-2024:0972-1)
2024-03-23 00:00:00
Oracle Linux 8 : libssh (ELSA-2024-0628)
2024-02-01 00:00:00
debian
debian
[SECURITY] [DLA 3718-1] php-phpseclib security update
2024-01-25 02:26:31
[SECURITY] [DSA 5600-1] php-phpseclib security update
2024-01-12 07:13:37
[SECURITY] [DLA 3730-1] python-asyncssh security update
2024-02-01 00:22:40
osv
osv
CVE-2023-48795
2023-12-18 16:15:10
putty - security update
2023-12-24 00:00:00
lxd vulnerability
2024-04-22 09:47:43
ibm
ibm
Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2023-48795
2024-03-22 16:29:44
fedora
fedora
[SECURITY] Fedora 38 Update: putty-0.80-1.fc38
2024-01-11 02:17:03
[SECURITY] Fedora 38 Update: podman-tui-0.15.0-1.fc38
2023-12-29 01:05:34
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.7.0-1.fc39
2024-01-29 06:26:11
almalinux
almalinux
Moderate: libssh security update
2024-01-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0210-1)
2024-01-25 00:00:00
Ubuntu: Security Advisory (USN-6589-1)
2024-01-19 00:00:00
Fedora: Security Advisory for python-paramiko (FEDORA-2024-39a8c72ea9)
2024-01-18 00:00:00
ubuntu
ubuntu
Paramiko vulnerability
2024-01-25 00:00:00
FileZilla vulnerability
2024-01-18 00:00:00
libssh2 vulnerability
2024-01-15 00:00:00
amazon
amazon
Medium: openssh
2023-12-18 09:20:00
Medium: openssh
2023-12-18 09:20:00
cbl_mariner
cbl_mariner
CVE-2023-48795 affecting package openssh for versions less than 8.9p1-4
2024-01-19 03:54:24
CVE-2023-48795 affecting package kubevirt for versions less than null
2024-01-10 08:19:37
CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1
2024-01-14 22:46:30
mageia
mageia
Updated dropbear package fixes a security vulnerability
2024-01-08 22:01:05
Updated putty package fixes a security vulnerability (Terrapin attack)
2024-01-08 13:12:44
Updated erlang packages fix a security vulnerability (Terrapin Attack)
2024-01-20 01:43:32
github
github
oraclelinux
oraclelinux
openssh security update
2024-03-19 00:00:00
buildah security update
2024-03-07 00:00:00
openssh security update
2024-03-18 00:00:00
ubuntucve
ubuntucve
CVE-2023-48795
2023-12-18 00:00:00
cloudfoundry
cloudfoundry
USN-6561-1: libssh vulnerability | Cloud Foundry
2024-04-04 00:00:00
freebsd
freebsd
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
2024-04-17 00:00:00
FreeBSD -- Prefix Truncation Attack in the SSH protocol
2023-12-19 00:00:00
putty -- add protocol extension against 'Terrapin attack'
2023-10-16 00:00:00
redos
redos
ROS-20240408-15
2024-04-08 00:00:00
ROS-20240409-04
2024-04-09 00:00:00
atlassian
atlassian
CVE-2023-48795 vulnerability on SSH
2024-01-04 17:19:13
redhat
redhat
(RHSA-2024:0625) Moderate: libssh security update
2024-01-31 08:08:23
(RHSA-2024:1196) Moderate: Red Hat JBoss Enterprise Application Platform 7.4 security update
2024-03-06 17:50:02
(RHSA-2024:0499) Moderate: libssh security update
2024-01-25 15:19:29
alpinelinux
alpinelinux
CVE-2023-48795
2023-12-18 16:15:10
thn
thn
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
2024-01-01 09:37:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:19.openssh
2023-12-19 00:00:00
debiancve
debiancve
CVE-2023-48795
2023-12-18 16:15:10
f5
f5
K000138264 : SSH vulnerability CVE-2023-48795
2024-01-17 00:00:00
cgr
cgr
CVE-2023-48795 vulnerabilities
2024-05-18 03:08:02
rosalinux
rosalinux
Advisory ROSA-SA-2024-2382
2024-03-26 11:47:18
veracode
veracode
Rogue Session Attack (Terrapin)
2023-12-19 06:46:15
Prefix Truncation Attack (Terrapin Attack)
2023-12-19 09:12:16
paloalto
paloalto
Impact of Terrapin SSH Attack
2024-01-09 01:30:00