ALT-PU-2024-7923-2

Package buildah updated to version 1.35.4-alt1 for branch sisyphus in task 348330.

Уязвимость библиотеки github.com/containers/image, связанная с неправильной проверкой значения целостности, позволяющая нарушителю вызвать отказ в обслуживании, выполнить атаку обхода локального пути или оказать иное воздействие

Severity: HIGH (8.3)Vector: AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Severity: HIGH (8.3)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

github.com/containers/image allows unexpected authenticated registry accesses

Severity: HIGH (8.3)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Version: 2.1.2

Package buildah update in sisyphus on 2024-05-17

ALT-PU-2024-7923-2

Closed vulnerabilities

BDU:2024-05780

CVE-2024-3727

GHSA-6wvf-f2vw-3425