MiracleLinux 9 : buildah-1.37.2-1.el9 (AXSA:2024-9390:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9390:11 advisory. containers/image: digest type does not guarantee valid type CVE-2024-3727 net/http: Denial of service due to improper 100-continue handling in...

MiracleLinux 9 : buildah-1.33.7-4.el9_4 (AXSA:2024-8769:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8769:07 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block...

CVE-2021-41190 affecting package buildah for versions less than 1.41.4-2

CVE-2021-41190 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...

AZL-44952 CVE-2021-38561 affecting package buildah for versions less than 1.41.4-2

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...

SUSE-SU-2022:3766-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host bsc1181961. - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process bsc116786...

AZL-43909 CVE-2021-44716 affecting package buildah 1.18.0-29

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-44838 CVE-2021-20206 affecting package buildah for versions less than 1.41.4-2

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

OPENSUSE-SU-2021:0310-1 Security update for buildah, libcontainers-common, podman

This update for buildah, libcontainers-common, podman fixes the following issues: Changes in libcontainers-common: - Update common to 0.33.0 - Update image to 5.9.0 - Update podman to 2.2.1 - Update storage to 1.24.5 - Switch to seccomp profile provided by common instead of podman - Update...

AZL-44808 CVE-2019-11254 affecting package buildah for versions less than 1.41.4-2

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...