Updated buildah, podman, skopeo packages fix security vulnerabilities

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

SUSE-SU-2024:2754-1 Security update for skopeo

This update for skopeo fixes the following issues: Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. bsc1224123...

CBL Mariner 2.0 Security Update: containerized-data-importer / cri-o / ig / libcontainers-common / skopeo (CVE-2024-3727)

The version of containerized-data-importer / cri-o / ig / libcontainers-common / skopeo installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3727 advisory. - A flaw was found in the...

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...

SUSE-SU-2024:1987-1 Security update for skopeo

This update for skopeo fixes the following issues: - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. bsc1224123...

SUSE-SU-2024:1987-2 Security update for skopeo

This update for skopeo fixes the following issues: - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. bsc1224123...

Fedora 39 : buildah (2024-c56e6ff1b5)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c56e6ff1b5 advisory. Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc39. Changelog for buildah Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstrea...

Fedora 40 : podman (2024-20393c122f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-20393c122f advisory. Security fix for CVE-2024-3727 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Improper Digest Validation

github.com/containers/image is vulnerable to Improper Digest Validation. The vulnerability is due to improper validation of digest values, which allows an attacker to trigger authenticated registry accesses when pulling untrusted images...

CVE-2024-3727 Containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...