AZL-71473 CVE-2025-65637 affecting package umoci 0.4.7-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

AZL-71506 CVE-2025-65637 affecting package umoci 0.4.7-18

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

EUVD-2022-0942

Malicious code in bioql PyPI...

openSUSE Security Advisory (SUSE-SU-2025:02282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

SUSE-SU-2025:02282-1 Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : umoci (SUSE-SU-2025:02282-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02282-1 advisory. Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the...

umoci-0.5.0-1.1 on GA media (moderate)

umoci-0.5.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15166-1 Rating: moderate Cross-References: CVE-2021-41190 CVSS scores: CVE-2021-41190 SUSE : 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2025:15166-1 umoci-0.5.0-1.1 on GA media

These are all security issues fixed in the umoci-0.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

GO-2022-0815 Improper input validation in umoci in github.com/opencontainers/umoci

Improper input validation in umoci in github.com/opencontainers/umoci...

OPENSUSE-SU-2024:11482-1 umoci-0.4.7-2.3 on GA media

These are all security issues fixed in the umoci-0.4.7-2.3 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

AZL-43729 CVE-2022-29526 affecting package umoci 0.4.7-18

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-44289 CVE-2022-29526 affecting package umoci 0.4.7-13

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

Improper input validation in umoci

Impact umoci 0.4.6 and earlier can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/". Because umoci deletes inodes if they change types, this results in the rootfs directory being replaced with an attacker-controlled symlink. Subsequent...

GHSA-9M95-8HX6-7P9V Improper input validation in umoci

Impact umoci 0.4.6 and earlier can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/". Because umoci deletes inodes if they change types, this results in the rootfs directory being replaced with an attacker-controlled symlink. Subsequent...

openSUSE 15 Security Update : umoci (openSUSE-SU-2021:1863-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1863-1 advisory. - Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal...

SUSE: Security Advisory (SUSE-SU-2021:1863-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for umoci (openSUSE-SU-2021:1863-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...