AZL-71506 CVE-2025-65637 affecting package umoci 0.4.7-18

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

AZL-71473 CVE-2025-65637 affecting package umoci 0.4.7-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

EUVD-2022-0942

Malicious code in bioql PyPI...

openSUSE Security Advisory (SUSE-SU-2025:02282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

SUSE-SU-2025:02282-1 Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : umoci (SUSE-SU-2025:02282-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02282-1 advisory. Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the...

umoci-0.5.0-1.1 on GA media (moderate)

umoci-0.5.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15166-1 Rating: moderate Cross-References: CVE-2021-41190 CVSS scores: CVE-2021-41190 SUSE : 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2025:15166-1 umoci-0.5.0-1.1 on GA media

These are all security issues fixed in the umoci-0.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

GO-2022-0815 Improper input validation in umoci in github.com/opencontainers/umoci

Improper input validation in umoci in github.com/opencontainers/umoci...

OPENSUSE-SU-2024:11482-1 umoci-0.4.7-2.3 on GA media

These are all security issues fixed in the umoci-0.4.7-2.3 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

AZL-44289 CVE-2022-29526 affecting package umoci 0.4.7-13

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-43729 CVE-2022-29526 affecting package umoci 0.4.7-18

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

GHSA-9M95-8HX6-7P9V Improper input validation in umoci

Impact umoci 0.4.6 and earlier can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/". Because umoci deletes inodes if they change types, this results in the rootfs directory being replaced with an attacker-controlled symlink. Subsequent...

Improper input validation in umoci

Impact umoci 0.4.6 and earlier can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/". Because umoci deletes inodes if they change types, this results in the rootfs directory being replaced with an attacker-controlled symlink. Subsequent...

openSUSE: Security Advisory for umoci (openSUSE-SU-2021:1863-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE 15 Security Update : umoci (openSUSE-SU-2021:1863-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1863-1 advisory. - Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal...

SUSE: Security Advisory (SUSE-SU-2021:1863-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...