-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v5.2-rhel] Fix CVE-2024-9407, 9675, 9676, 9341 #24324
[v5.2-rhel] Fix CVE-2024-9407, 9675, 9676, 9341 #24324
Conversation
This fixes four CVES: CVE-2024-9341 - FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9407 - Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction CVE-2024-9675 - Buildah allows arbitrary directory mount [rhel-9.5] CVE-2024-9676 - symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) And Jira cards: https://issues.redhat.com/browse/RHEL-60963 - CVE-2024-9341 https://issues.redhat.com/browse/RHEL-62369 - CVE-2024-9341 https://issues.redhat.com/browse/RHEL-61152 - CVE-2024-9407 https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5) - CVE-2024-9675 https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5.z) - CVE-2024-9675 https://issues.redhat.com/browse/RHEL-61865 - CVE-2024-9676 Signed-off-by: tomsweeneyredhat <[email protected]>
CVE-2024-9341 was already fixed in #24132 And btw the correct syntax should be |
Happy green test buttons on this one, can it be merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Luap99, TomSweeneyRedHat The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
6df7dfb
into
containers:v5.2-rhel
This fixes four CVES:
CVE-2024-9341 - FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9407 - Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction CVE-2024-9675 - Buildah allows arbitrary directory mount [rhel-9.5] CVE-2024-9676 - symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)
And Jira cards:
https://issues.redhat.com/browse/RHEL-60963 - CVE-2024-9341
https://issues.redhat.com/browse/RHEL-62369 - CVE-2024-9341
https://issues.redhat.com/browse/RHEL-61152 - CVE-2024-9407
https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5) - CVE-2024-9675
https://issues.redhat.com/browse/RHEL-61847 (RHEL 9.5.z) - CVE-2024-9675
https://issues.redhat.com/browse/RHEL-61865 - CVE-2024-9676
Does this PR introduce a user-facing change?