30 matches found
OPENSUSE-SU-2026:20676-1 Security update for build, product-composer
This update for build, product-composer fixes the following issues: Changes in build: - Support a new "IgnoreRebuild" config. - build-recipe-kiwi: Add support for oci containers Avoid needlessly compressing container images Detect container images based on build result file name - Fix queryrecipe...
podman: Multiple Vulnerabilities
Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...
BIT-COSIGN-2023-46737 Possible endless data attack from attacker-controlled registry in cosign
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2023:4870-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4870-1 advisory. - Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by a...
CVE-2023-46737 Possible endless data attack from attacker-controlled registry in cosign
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
CVE-2023-46737
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
CVE-2023-46737
CVE-2023-46737 affects Cosign, a sigstore signing tool for OCI containers. The root cause is that Cosign loops through all attestations fetched from a remote registry in pkg/cosign.FetchAttestations, allowing an attacker-controlled registry to return a high number of attestations or signatures an...
CVE-2023-46737 Possible endless data attack from attacker-controlled registry in cosign
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
crun bug fix and enhancement update
An update is available for crun. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The crun packages contain a runtime for running Open Container Initiative OCI...
crun bug fix and enhancement update
An update is available for crun. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The crun packages contain a runtime for running Open Container Initiative OCI...
Podman publishes a malicious image to public registries
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman...
GHSA-66VW-V2X9-HW75 Podman publishes a malicious image to public registries
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman...
Podman lifting vulnerability
Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...
Fedora: Security Advisory for crun (FEDORA-2022-10fd054d40)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: crun-1.4.4-1.fc34
crun is a runtime for running OCI containers...
Fedora: Security Advisory for crun (FEDORA-2021-0c53d8738d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: crun-0.20.1-1.fc33
crun is a runtime for running OCI containers...
Fedora: Security Advisory for crun (FEDORA-2021-ec00da7faa)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for crun (FEDORA-2021-83b3740389)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for crun (FEDORA-2020-3a4b8fca5e)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...