Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

update: containers-image #1545

Closed
dongsupark opened this issue Sep 20, 2024 · 0 comments · Fixed by flatcar/scripts#2388
Closed

update: containers-image #1545

dongsupark opened this issue Sep 20, 2024 · 0 comments · Fixed by flatcar/scripts#2388
Labels
advisory/sysext advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

Name: containers-image
CVEs: CVE-2024-3727
CVSSs: 8.3
Action Needed: update to >= 5.30.1

Summary: A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

See also https://bugzilla.redhat.com/show_bug.cgi?id=2274767.

refmap.gentoo: TBD
@dongsupark dongsupark added security security concerns advisory security advisory labels Sep 20, 2024
@dongsupark dongsupark added the cvss/HIGH > 7 && < 9 assessed CVSS label Sep 20, 2024
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Sep 20, 2024
@github-actions github-actions bot mentioned this issue Sep 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Oct 22, 2024
Closed
@krnowak krnowak mentioned this issue Oct 28, 2024
Merged
2 tasks
@github-actions github-actions bot mentioned this issue Nov 22, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
advisory/sysext advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns
Projects
Flatcar tactical, release planning, and roadmap
Status: Implemented
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Weekly portage-stable package updates 2024-10-21 flatcar/scripts
1 participant
@dongsupark