MiracleLinux 8 : osbuild-composer-101-1.el8.ML.1 (AXSA:2024-8449:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8449:02 advisory. osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 Tenable has extracted the preceding description block...

MiracleLinux 8 : osbuild-composer-100-1.el8.ML.1, osbuild-110-1.el8.ML.1 (AXSA:2024-8384:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8384:02 advisory. osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 Tenable has extracted the preceding description block...

EUVD-2024-27262

Malicious code in bioql PyPI...

TencentOS Server 3: Image builder components bug fix, enhancement and (TSSA-2024:0430)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0430 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Oracle Linux 8 : perl-CPAN (ELSA-2025-8432)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-8432 advisory. 2.18-402 - Resolves: RHEL-9605 - Add 2022 PAUSE public key. - Change default value for urllist to https://www.cpan.org - Use gpg --verify --output ... to...

perl-CPAN security update

2.18-402 - Resolves: RHEL-9605 - Add 2022 PAUSE public key. - Change default value for urllist to https://www.cpan.org - Use gpg --verify --output ... to disentangle data and signature...

CVE-2022-29220

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...

Alibaba Cloud Linux 3 : 0144: osbuild-composer bug fix, enhancement and (ALINUX3-SA-2024:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-2307: A flaw was found in osbuild-composer...

Ensure That GPG Verification Is Configured for the Yum Repositories

Software packages may be tampered with by attackers during network transmission or local storage. If the integrity verification is not performed on the software packages, software tampered with by attackers may be installed. As a result, the server or even the entire network cluster is attacked. ...

RLSA-2024:2961 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

RHEL 8 : Image builder components (RHSA-2024:2961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2961 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security...

osbuild-composer: race condition may disable GPG verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

CentOS 8 : Image builder components bug fix, enhancement and (CESA-2024:2961)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:2961 advisory. - A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase t...

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

Oracle Linux 9 : Image / builder / components (ELSA-2024-2119)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2119 advisory. osbuild 110-1 - New upstream release 109-1 - New upstream release 106-1 - New upstream release 105-1 - New upstream release 104-2 - Fix unit tests in RHEL CI by...

osbuild-composer: race condition may disable GPG verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

RHEL 9 : Image builder components (RHSA-2024:2119)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2119 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security...

ALSA-2024:2119 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

CVE-2024-2307

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...