buildah-1.33.10-1.el9_4

エラータID: AXSA:2024-8952:09

Release date: 
Wednesday, October 30, 2024 - 11:12
Subject: 
buildah-1.33.10-1.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

Security Fix(es):

* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. buildah-1.33.10-1.el9_4.src.rpm
    MD5: 1a4e072fbf66b7e68ecd1523148f28a6
    SHA-256: f98c949fb88762c399e2d308e6ac09be4d0c5c07507375987d4fcc450900a419
    Size: 17.44 MB

Asianux Server 9 for x86_64
  1. buildah-1.33.10-1.el9_4.x86_64.rpm
    MD5: c2235206370b3c804a940dff159cf870
    SHA-256: ec0db75fe4733e4adf616a06212b84cef1f3d5e501775d99fc8e3de3846a1e82
    Size: 9.41 MB
  2. buildah-tests-1.33.10-1.el9_4.x86_64.rpm
    MD5: 8b56c774b0ea3c7c0ee28bd62bbc7a9b
    SHA-256: bf6042ab5c681f6307e56cf0fac336f3700c03de0a1dd671f4fc6566285a2113
    Size: 30.31 MB