PT-2026-24651

Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...

SUSE SLES15 Security Update : buildah (SUSE-SU-2024:3186-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3186-1 advisory. Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180...

SUSE-SU-2024:3151-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: Bump to Buildah v1.35.4 CVE-2024-3727 updates bsc1224117 integration test: handle new labels in 'bud and test --unsetlabel' Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3:...

SUSE SLES15 / openSUSE 15 Security Update : buildah, docker (SUSE-SU-2024:3120-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3120-1 advisory. Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 -...

SUSE-SU-2024:1803-1 Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issues: - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal bsc1223110...

RLSA-2024:2084 Important: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: full container escape at build time CVE-2024-1753 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

SUSE-SU-2024:1145-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

SUSE-SU-2024:1144-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

SUSE-SU-2024:1142-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677...

openSUSE: Security Advisory for podman (SUSE-SU-2024:1059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: rh-python36-python-jinja2 security update

An update for rh-python36-python-jinja2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OPENSUSE-SU-2019:1395-1 Security update for python-Jinja2

This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in fromstring bsc1125815. - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. This update was imported from t...

RLSA-2019:1152 Important: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: str.formatmap allows sandbox escape CVE-2019-10906 For more...

SUSE-SU-2019:1156-1 Security update for python-Jinja2

This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in fromstring bsc1125815. - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2017:2598-1)

This update for libvirt fixes several issues. This security issue was fixed : - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution The update package also includes non-security fixes. See advisory for details. Note that Tenab...