buildah-1.41.6-1.el9_7
エラータID: AXSA:2025-11528:07
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-52881
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Update packages.
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
N/A
SRPMS
- buildah-1.41.6-1.el9_7.src.rpm
MD5: dabeeedac1329f8670104d05b2aa1b2d
SHA-256: 2c953e29e25fbcc631a4799bf98a9e59eda7e8b073409bd5387cc1c3b29a3de7
Size: 11.35 MB
Asianux Server 9 for x86_64
- buildah-1.41.6-1.el9_7.x86_64.rpm
MD5: eb6756f269940e41e20adedd177bd579
SHA-256: 0b6dc152a60a6d26967ebad2c1c3cc2d3bcc7651d394ab93fc11551c40b3e749
Size: 10.40 MB - buildah-tests-1.41.6-1.el9_7.x86_64.rpm
MD5: 56124683504789aaf558b7b9f76bb924
SHA-256: 39ff3b884fce7d327001e19f1f21baf2367fedfcc5d9d90422dcef7397478d5f
Size: 29.17 MB
日本語