EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-2571)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-2545)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2545)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2520)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-2520)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...

Security update for buildah

This update for buildah fixes the following issues: CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208. CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library in cri-o nsc1231230. Pat...

Security update for cups-filters

This update for cups-filters fixes the following issues: cups-browsed would bind on UDP INADDRANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocolsbsc1230939,...

Advisory ROSA-SA-2024-2491

Software: dhcp 4.2.5 OS: rosa-server79 packageevrstring: dhcp-4.2.5-83.res7.2 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and...

Advisory ROSA-SA-2024-2490

Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...

Advisory ROSA-SA-2024-2489

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...

SUSE CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

AZL-50268 CVE-2024-9407 affecting package podman 4.1.1-26

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

AZL-50262 CVE-2024-9407 affecting package podman for versions less than 5.6.1-2

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

CVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

CVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

CVE-2024-9407

CVE-2024-9407 is a local-privilege vulnerability in the bind-propagation option of Dockerfile RUN --mount as implemented by buildah/podman. The root cause is improper input validation, allowing an attacker to pass arbitrary parameters to the mount operation and potentially mount host directories ...

PT-2024-7952

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Podman affected versions not specified Buildah affected versions not specified Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction, where the system...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...