Lucene search

K
redhatRedHatRHSA-2024:3254
HistoryMay 22, 2024 - 10:41 a.m.

(RHSA-2024:3254) Important: container-tools:rhel8 security update

2024-05-2210:41:20
access.redhat.com
7
container-tools
rhel8
security update
podman
buildah
skopeo
runc
cve-2024-1753
cve-2022-2880
cve-2022-41715
cve-2024-24786
cve-2024-28180

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.1%

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • buildah: full container escape at build time (CVE-2024-1753)

  • golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)

  • golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

  • jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.