buildah: Fix CVE-2024-9675 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Praveen Kumar <praveen.kumar@windriver.com>	2025-04-14 13:29:56 +0000
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2025-04-19 22:48:09 +0000
commit	9e040ee8dd6025558ea60ac9db60c41bfeddf221 (patch)
tree	f39e0ebd2421491279ffaccba0f9bc034132ed61 /recipes-containers/nerdctl/relocation.inc
parent	9287a355b338361e42027ce371444111a791d64f (diff)
download	meta-virtualization-scarthgap.tar.gz

buildah: Fix CVE-2024-9675scarthgap

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. References: https://nvd.nist.gov/vuln/detail/CVE-2024-9675 https://security-tracker.debian.org/tracker/CVE-2024-9675 Upstream-patch: https://github.com/containers/buildah/commit/cffa820dc8be07efdb7fc4e8e8b9ff44c70aaf93 Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'recipes-containers/nerdctl/relocation.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: