2670 matches found
RLSA-2024:8039 Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: go/parser: golang: Calling any of the Parse functions containing deeply nested literals c...
Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
Security update for buildah
This update for buildah fixes the following issues: CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service DoS bsc1231698 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2024:3754-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service DoS bsc1231698...
Security update for podman
This update for podman fixes the following issues: CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service DoS bsc1231698 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2024:3753-1 Security update for podman
This update for podman fixes the following issues: - CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service DoS bsc1231698...
SUSE CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
containers/image: digest type does not guarantee valid type
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...
CVE-2024-9858
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the...
CVE-2024-9858
CVE-2024-9858 affects Google Cloud Migrate to Containers for Windows (versions 1.1.0–1.2.2). The root cause is an insecure default local user, m2cuser, created with administrator privileges. If the analyze or generate workflow is interrupted or the local user is not deleted, this user could be ex...
CVE-2024-9858 Insecure user permissions in Google Cloud Migrate to Containers for Windows
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the...
Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
AZL-50620 CVE-2024-9676 affecting package cri-o 1.30.1-1
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
AZL-50601 CVE-2024-9676 affecting package podman 4.1.1-26
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
AZL-50623 CVE-2024-9676 affecting package podman for versions less than 5.6.1-2
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
AZL-50614 CVE-2024-9676 affecting package buildah for versions less than 1.41.4-2
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
AZL-50598 CVE-2024-9676 affecting package buildah 1.18.0-29
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...
AZL-50609 CVE-2024-9676 affecting package cri-o for versions less than 1.22.3-14
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...