Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update

The Migration Toolkit for Containers MTC 1.8.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

NVIDIA Container Toolkit 安全漏洞

NVIDIA Container Toolkit is a container toolkit from NVIDIA, Inc. Allows users to build and run GPU-accelerated containers. A security vulnerability exists in NVIDIA Container Toolkit 1.16.1 and prior versions, which stems from the inclusion of a Time to Check Time of Use TOCTOU vulnerability whe...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from the user authorization deactivation mechanism not...

Moderate: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 7.2.2 product release [security update]

The components for Red Hat OpenShift for Windows Containers 7.2.2 are now available.This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update a...

RLSA-2024:6422 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

bubblewrap and flatpak security update

An update is available for flatpak, bubblewrap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bubblewrap /usr/bin/bwrap is a core execution engine for...

Moderate: Red Hat Security Advisory: ACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

[SECURITY] Fedora 39 Update: bubblewrap-0.10.0-1.fc39

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

SUSE-SU-2024:3186-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: correctly configure /etc/hosts and resolv.conf buildah: refactor resolv/hosts setup. rename...

Moderate: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 8.1.3 product release & security update

The components for Red Hat OpenShift for Windows Containers 8.1.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update ...

RHEL 8 : bubblewrap and flatpak (RHSA-2024:6421)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6421 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

SUSE-SU-2024:3151-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: Bump to Buildah v1.35.4 CVE-2024-3727 updates bsc1224117 integration test: handle new labels in 'bud and test --unsetlabel' Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3:...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

RHEL 9 : bubblewrap and flatpak (RHSA-2024:6355)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6355 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

ALSA-2024:6422 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

RHEL 9 : bubblewrap and flatpak (RHSA-2024:6356)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6356 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

Amazon Linux 2 : docker (ALASECS-2024-041)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-041 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read man...