RockyLinux 9 : buildah (RLSA-2026:19186)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19186 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

RHEL 9 : buildah (RHSA-2026:19186)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19186 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working...

CVE-2025-47913 affecting package buildah for versions less than 1.43.1-1

CVE-2025-47913 affecting package buildah for versions less than 1.43.1-1. An upgraded version of the package is available that resolves this issue...

RHCOS 4 : OpenShift Container Platform 4.1.41 (RHSA-2020:1449)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1449 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 Note that Nessus has not tested...

RHCOS 4 : OpenShift Container Platform 4.2.28 (RHSA-2020:1401)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1401 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 Note that Nessus has not tested...

RHCOS 4 : OpenShift Container Platform 4.14.40 (RHSA-2024:8700)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8700 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

RHCOS 4 : OpenShift Container Platform 4.15.38 (RHSA-2024:8994)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8994 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 Note that Nessus has not tested for this issue but has instead relied only ...

RHCOS 4 : OpenShift Container Platform 4.13.53 (RHSA-2024:8690)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8690 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - buildah: Build...

RHCOS 4 : OpenShift Container Platform 4.16.20 (RHSA-2024:8686)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8686 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

MiracleLinux 9 : buildah-1.41.8-2.el9_7 (AXSA:2026-232:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-232:02 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustio...

MiracleLinux 9 : buildah-1.31.5-1.el9_3 (AXSA:2024-7725:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7725:02 advisory. buildah: full container escape at build time CVE-2024-1753 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : podman-5.2.2-9.el9 (AXSA:2024-9333:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9333:11 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-4425:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4425:01 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access...

MiracleLinux 9 : podman-4.2.0-7.el9 (AXSA:2023-5062:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5062:01 advisory. podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 Tenab...

AlmaLinux 9 : buildah (ALSA-2026:0437)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0437 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the preceding...

MiracleLinux 8 : container-tools:2.0 (AXSA:2022-3170:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3170:01 advisory. podman: Default inheritable capabilities for linux container should be empty CVE-2022-27649 buildah: Default inheritable capabilities for linux...

MiracleLinux 9 : buildah-1.37.6-1.el9_5 (AXSA:2025-9650:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9650:01 advisory. podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Tenable has extracted the...

SUSE SLES15 / openSUSE 15 Security Update : buildah (SUSE-SU-2025:4245-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4245-1 advisory. - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key...

Oracle Linux 9 : buildah (ELSA-2025-22011)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22011 advisory. - fixes 'Minor Incident CVE-2025-52881 buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...

AZL-68999 CVE-2025-58183 affecting package buildah 1.41.4-6

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...