{"affected":[{"ecosystem_specific":{"binaries":[{"buildah":"1.35.4-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"buildah","purl":"pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.35.4-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"buildah":"1.35.4-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"buildah","purl":"pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.35.4-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"buildah":"1.35.4-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"buildah","purl":"pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.35.4-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"buildah":"1.35.4-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"buildah","purl":"pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.35.4-150400.3.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for buildah fixes the following issues:\n\nUpdate to version 1.35.4:\n\n* CVE-2024-3727 updates (bsc#1224117)\n* Bump go-jose CVE-2024-28180\n* Bump ocicrypt and go-jose CVE-2024-28180\n\nUpdate to version 1.35.3:\n\n* correctly configure /etc/hosts and resolv.conf\n* buildah: refactor resolv/hosts setup.\n* rename the hostFile var to reflect\n* CVE-2024-24786 protobuf to 1.33\n\n\nUpdate to version 1.35.1:\n\n* CVE-2024-1753 container escape fix (bsc#1221677)\n\n- Buildah dropped cni support, require netavark instead (bsc#1221243)\n\n- Remove obsolete requires libcontainers-image & libcontainers-storage\n\n- Require passt for rootless networking (poo#156955)\n  Buildah moved to passt/pasta for rootless networking from slirp4netns\n  (https://github.com/containers/common/pull/1846)\n\nUpdate to version 1.35.0:\n\n* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0\n* conformance tests: don't break on trailing zeroes in layer blobs\n* Add a conformance test for copying to a mounted prior stage\n* cgroups: reuse version check from c/common\n* Update vendor of containers/(common,image)\n* manifest add: complain if we get artifact flags without --artifact\n* Use retry logic from containers/common\n* Vendor in containers/(storage,image,common)\n* Update module golang.org/x/crypto to v0.20.0\n* Add comment re: Total Success task name\n* tests: skip_if_no_unshare(): check for --setuid\n* Properly handle build --pull=false\n* Update module go.etcd.io/bbolt to v1.3.9\n* Update module github.com/opencontainers/image-spec to v1.1.0\n* build --all-platforms: skip some base 'image' platforms\n* Bump main to v1.35.0-dev\n* Vendor in latest containers/(storage,image,common)\n* Split up error messages for missing --sbom related flags\n* `buildah manifest`: add artifact-related options\n* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing\n* cmd/buildah/manifest.go: don't make struct declarations aliases\n* Use golang.org/x/exp/slices.Contains\n* Try Cirrus with a newer VM version\n* Set CONTAINERS_CONF in the chroot-mount-flags integration test\n* Update to match dependency API update\n* Update github.com/openshift/imagebuilder and containers/common\n* docs: correct default authfile path\n* tests: retrofit test for heredoc summary\n* build, heredoc: show heredoc summary in build output\n* manifest, push: add support for --retry and --retry-delay\n* imagebuildah: fix crash with empty RUN\n* Make buildah match podman for handling of ulimits\n* docs: move footnotes to where they're applicable\n* Allow users to specify no-dereference\n* docs: use reversed logo for dark theme in README\n* build,commit: add --sbom to scan and produce SBOMs when committing\n* commit: force omitHistory if the parent has layers but no history\n* docs: fix a couple of typos\n* internal/mkcw.Archive(): handle extra image content\n* stage_executor,heredoc: honor interpreter in heredoc\n* stage_executor,layers: burst cache if heredoc content is changed\n* Replace map[K]bool with map[K]struct{} where it makes sense\n* Bump CI VMs\n* Replace strings.SplitN with strings.Cut\n* Document use of containers-transports values in buildah\n* manifest: addCompression use default from containers.conf\n* commit: add a --add-file flag\n* mkcw: populate the rootfs using an overlay\n* [skip-ci] Update actions/stale action to v9\n* Ignore errors if label.Relabel returns ENOSUP","id":"SUSE-SU-2024:3186-1","modified":"2024-09-10T07:43:19Z","published":"2024-09-10T07:43:19Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243186-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221243"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221677"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224117"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-1753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-24786"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-28180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-3727"}],"related":["CVE-2024-1753","CVE-2024-24786","CVE-2024-28180","CVE-2024-3727"],"summary":"Security update for buildah","upstream":["CVE-2024-1753","CVE-2024-24786","CVE-2024-28180","CVE-2024-3727"]}