MiracleLinux 8 : osbuild-composer-100-1.el8.ML.1, osbuild-110-1.el8.ML.1 (AXSA:2024-8384:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8384:02 advisory. osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 Tenable has extracted the preceding description block...

RLSA-2024:2961 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

RHEL 8 : Image builder components (RHSA-2024:2961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2961 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security...

Moderate: Red Hat Security Advisory: Image builder components bug fix, enhancement and security update

An update for osbuild and osbuild-composer is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 8 : Image builder components bug fix, enhancement and (CESA-2024:2961)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:2961 advisory. - A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase t...

Moderate: Red Hat Security Advisory: Image builder components bug fix, enhancement and security update

An update for osbuild and osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

osbuild-composer < 94 Race Condition

The version of osbuild-composer installed on the remote host is prior to 94. It may, therefore, be affected by a race condition. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted...

CVE-2024-2307

creationtimestamp| type| source ---|---|--- 2024-03-19 17:21:27+00:00| seen| https://t.me/ctinow/211724 2024-03-19 18:27:06+00:00| seen| https://t.me/ctinow/211814 2024-04-09 18:56:17+00:00| seen| https://t.me/arpsyndicate/4398...

CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...