buildah-1.31.5-1.el9_3
エラータID: AXSA:2024-7725:02
リリース日:
2024/04/26 Friday - 13:35
題名:
buildah-1.31.5-1.el9_3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Buildah には、コンテナ内部からホストマシン上の任意
のディレクトリをマウントできてしまう問題があるため、
ローカルの攻撃者により、細工された Containerfile を
介して、ホストマシン上のファイルの不正な操作を可能
とする脆弱性が存在します。(CVE-2024-1753)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-1753
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
追加情報:
N/A
ダウンロード:
SRPMS
- buildah-1.31.5-1.el9_3.src.rpm
MD5: 8af1f50f4e6d79d55d917f1e1c496e30
SHA-256: c1d4dd8db4c097393f7831f3200065f625752f021fa96a2343ea4a3162574205
Size: 14.83 MB
Asianux Server 9 for x86_64
- buildah-1.31.5-1.el9_3.x86_64.rpm
MD5: 0b0cac25a364d2148476ba6d29f1f22d
SHA-256: d59401badac1d60b5f7b670e0bb87b12171d0c7710954ca45a8bd48458f72dd1
Size: 8.67 MB - buildah-tests-1.31.5-1.el9_3.x86_64.rpm
MD5: 350b98cada742bf99f57d80b3d508c31
SHA-256: 2ccb5eb65d170fb31274049fe09f00965f4096cee17b3e6a8b2ea074f1fd7ab3
Size: 28.42 MB
English