ELSA-2026-0436

ELSA-2026-0436 - buildah security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-01-12

Description

[1.41.8-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.41.8-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
(https://github.com/containers/buildah/commit/f85ff89)
- fixes 'CVE-2025-47913 buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-10.1.z]'
- Resolves: RHEL-134777

[2:1.41.7-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
(https://github.com/containers/buildah/commit/e363f79)
- fixes 'Bump to runc v1.2.9 or v1.3.4 to get CVE and regression fixes - Buildah [rhel-10.1.z]'
- Resolves: RHEL-132841

Related CVEs

CVE-2025-47913

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 10 (aarch64)	buildah-1.41.8-1.0.1.el10_1.src.rpm	8aee6f3fcb30197e96a814d3e6799bea1776b4057e481652e3a5b5fdcc5788e7	-	ol10_aarch64_appstream
	buildah-1.41.8-1.0.1.el10_1.aarch64.rpm	a39c23c36beab59d6a102d1bb8bafc9fb3de213d325149ea327c6845a3ae6aa8	-	ol10_aarch64_appstream
	buildah-tests-1.41.8-1.0.1.el10_1.aarch64.rpm	2a1af5af6143ca095c6ab3e8d95701f3abe7f6a8787e7bd3341c1f571c9bcae7	-	ol10_aarch64_appstream
Oracle Linux 10 (x86_64)	buildah-1.41.8-1.0.1.el10_1.src.rpm	8aee6f3fcb30197e96a814d3e6799bea1776b4057e481652e3a5b5fdcc5788e7	-	ol10_x86_64_appstream
	buildah-1.41.8-1.0.1.el10_1.x86_64.rpm	90e6541af45e2644805c707b7f6666025687e40c7f72b1f06d1cb3cf759b9649	-	ol10_x86_64_appstream
	buildah-tests-1.41.8-1.0.1.el10_1.x86_64.rpm	9ce7c58b009512f684f3ac94c8536b6fa364088fd65891691365787ac51ff444	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team