ELSA-2024-9097

ELSA-2024-9097 - buildah security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-11-14

Description


[1.37.2-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.37.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.37.2
- Related: RHEL-27608

[2:1.37.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.37.1
- Related: RHEL-27608

[2:1.37.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.37.0
- Resolves: RHEL-47164 RHEL-40808

[2:1.36.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.36.0
- Related: RHEL-27608

[2:1.35.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.35.2
- Related: RHEL-27608

[2:1.35.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.35.1
- Related: RHEL-27608

[2:1.35.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.35.0
- Resolves: RHEL-29278

[2:1.33.6-2]
- update tags for systemd libsubid
- Resolves: RHEL-26594

[2:1.33.6-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
(https://github.com/containers/buildah/commit/f843563)
- Related: RHEL-2112

[2:1.33.5-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
(https://github.com/containers/buildah/commit/70b792d)
- Related: RHEL-2112

[2:1.33.4-1]
- revert back to 1.33.4
- Related: Jira:RHEL-2112

[1:1.34.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.34.0
- Related: RHEL-2112

[1:1.33.2-1]
- Bump to v1.33.2
- Related: Jira:RHEL-2112

[1:1.33.1-3]
- Rebuild for CVEs:
CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322
- Related: Jira:RHEL-2779

[1:1.33.1-2]
- Fix gating issues in tests/tests.yml
- Related: RHEL-2112

[1:1.33.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.33.1
- Related: RHEL-2112

[1:1.32.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.32.2
- Related: RHEL-2112

[1:1.32.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.32.1
- Related: RHEL-2112

[1:1.32.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.32.0
- Related: Jira:RHEL-2112

[1:1.31.3-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.3
- Related: #2176063

[1:1.31.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.2
- Related: #2176063

[1:1.31.1-2]
- build buildah off main branch for early testing of zstd compression
- Related: #2176063

[1:1.31.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.1
- Related: #2176063

[1:1.31.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.31.0
- Related: #2176063

[1:1.30.0-2]
- rebuild for following CVEs:
CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400
- Resolves: #2175073
- Resolves: #2179958
- Resolves: #2187332
- Resolves: #2187375
- Resolves: #2203696
- Resolves: #2207518

[1:1.30.0-1]
- update to 1.30.0
- Related: #2176063

[1:1.29.1-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29
(https://github.com/containers/buildah/commit/f07d2c9)
- Resolves: #2178263

[1:1.29.1-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29
(https://github.com/containers/buildah/commit/7fa17a8)
- Related: #2124478

[1:1.29.0-3]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29
(https://github.com/containers/buildah/commit/c822cc6)
- Related: #2124478

[1:1.29.0-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29
(https://github.com/containers/buildah/commit/94b723c)
- Related: #2124478

[1:1.29.0-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.29.0
(https://github.com/containers/buildah/commit/94b723c)
- Related: #2124478

[1:1.29.0-0.4]
- update to the latest content of https://github.com/containers/buildah/tree/main
(https://github.com/containers/buildah/commit/078a7ff)
- Related: #2124478

[1:1.29.0-0.3]
- update to the latest content of https://github.com/containers/buildah/tree/main
(https://github.com/containers/buildah/commit/4b72f05)
- Related: #2124478

[1:1.29.0-0.2]
- update to the latest content of https://github.com/containers/buildah/tree/main
(https://github.com/containers/buildah/commit/c541c35)
- Related: #2124478

[1:1.29.0-0.1]
- update to the latest content of https://github.com/containers/buildah/tree/main
(https://github.com/containers/buildah/commit/8ca903b)
- Related: #2124478

[1:1.28.2-3]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.28
(https://github.com/containers/buildah/commit/cfefbb6)
- fixes segmentation fault on s390x
- Resolves: #2150429

[1:1.28.2-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.28
(https://github.com/containers/buildah/commit/7e4d9dd)
- Resolves: #2151247

[1:1.28.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.28.2
- Related: #2124478

[1:1.28.0-2]
- pull in crun by default
- Resolves: #2142494

[1:1.28.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.28.0
- Related: #2124478


Related CVEs


CVE-2024-24791
CVE-2024-3727

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) buildah-1.37.2-1.0.1.el9.src.rpmc72989e904e4e0b4e553c13d7bbaf286-ol9_aarch64_appstream
buildah-1.37.2-1.0.1.el9.aarch64.rpm0b93ea157166113a0bd1c3c8d0bdbcab-ol9_aarch64_appstream
buildah-tests-1.37.2-1.0.1.el9.aarch64.rpm64ddeee5a61e72437cbb42d62deb3c92-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) buildah-1.37.2-1.0.1.el9.src.rpmc72989e904e4e0b4e553c13d7bbaf286-ol9_x86_64_appstream
buildah-1.37.2-1.0.1.el9.x86_64.rpmc552b9030040653d2723b8dc0000597f-ol9_x86_64_appstream
buildah-tests-1.37.2-1.0.1.el9.x86_64.rpm5ded2a73ec0956d01b9a6fb5782e0847-ol9_x86_64_appstream


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete