ELSA-2026-0437

ELSA-2026-0437 - buildah security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-01-12

Description

[1.41.8-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.41.8-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
(https://github.com/containers/buildah/commit/f85ff89)
- fixes 'CVE-2025-47913 buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-9.7.z]'
- Resolves: RHEL-134792

[2:1.41.7-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
(https://github.com/containers/buildah/commit/e363f79)
- fixes 'Bump to runc v1.2.9 or v1.3.4 to get CVE and regression fixes - Buildah [rhel-9.7.z]'
- Resolves: RHEL-132846

Related CVEs

CVE-2025-47913

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	buildah-1.41.8-1.0.1.el9_7.src.rpm	bd0c025e2f4d40d2d9bc6c74595f436c5db56a13ee1d4b5a53b92b5f435620b5	-	ol9_aarch64_appstream
	buildah-1.41.8-1.0.1.el9_7.aarch64.rpm	4227786ea097eaf949660e5a88864f5ca2036b14e745973e886bce82345d0d74	-	ol9_aarch64_appstream
	buildah-tests-1.41.8-1.0.1.el9_7.aarch64.rpm	9d7d2abd154c412836400d8cbfc9f41111afd31e8f739e686de6ae849d217f9c	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	buildah-1.41.8-1.0.1.el9_7.src.rpm	bd0c025e2f4d40d2d9bc6c74595f436c5db56a13ee1d4b5a53b92b5f435620b5	-	ol9_x86_64_appstream
	buildah-1.41.8-1.0.1.el9_7.x86_64.rpm	9ea0f0792be35a016b573e4bcab323daed2f5c3ea6a80984c3882f2b76d66b6c	-	ol9_x86_64_appstream
	buildah-tests-1.41.8-1.0.1.el9_7.x86_64.rpm	3757ee5dcfe31745f84d120f26df0b28cc5502a87e21e27a1e5a4a84aea1d845	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team