buildah-1.41.6-1.el9_7
エラータID: AXSA:2025-11528:07
リリース日:
2025/12/15 Monday - 14:42
題名:
buildah-1.41.6-1.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- runc には、ローカルの攻撃者により、情報の漏洩、データ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-52881)
- Go の tar.Reader ライブラリには、GNU tar PAX 1.0 形式のスパース
ファイル内のスパース領域データブロック数に最大サイズを設定しない
不備に起因してアーカイブの読み取り時に制限なくメモリを割り当てて
しまう問題があるため、リモートの攻撃者により、細工された GNU tar
PAX 1.0 形式のアーカイブファイルの処理を介して、サービス拒否攻撃
(メモリ枯渇) を可能とする脆弱性が存在します。(CVE-2025-58183)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-52881
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
追加情報:
N/A
ダウンロード:
SRPMS
- buildah-1.41.6-1.el9_7.src.rpm
MD5: dabeeedac1329f8670104d05b2aa1b2d
SHA-256: 2c953e29e25fbcc631a4799bf98a9e59eda7e8b073409bd5387cc1c3b29a3de7
Size: 11.35 MB
Asianux Server 9 for x86_64
- buildah-1.41.6-1.el9_7.x86_64.rpm
MD5: eb6756f269940e41e20adedd177bd579
SHA-256: 0b6dc152a60a6d26967ebad2c1c3cc2d3bcc7651d394ab93fc11551c40b3e749
Size: 10.40 MB - buildah-tests-1.41.6-1.el9_7.x86_64.rpm
MD5: 56124683504789aaf558b7b9f76bb924
SHA-256: 39ff3b884fce7d327001e19f1f21baf2367fedfcc5d9d90422dcef7397478d5f
Size: 29.17 MB
English