MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-9011:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9011:01 advisory. Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 Buildah: Podman: Improper Input...

Security update for podman

This update for podman fixes the following issues: CVE-2024-9675: Fixed cache arbitrary directory mount bsc1231499. CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208. The following non-security bug was fixed: rootless ipv6...

Security update for buildah

This update for buildah fixes the following issues: CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208. CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library in cri-o nsc1231230. Pat...

UBUNTU-CVE-2024-23652

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the...