[ALSA-2023:7764] Moderate: buildah security update
Release date:
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319) * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321) * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 buildah-1.31.3-2.el9_3.aarch64.rpm 40d3ffb21a339389c9e725fc85adc0abc00a2e373e1b51acfe8754583271456b
aarch64 buildah-tests-1.31.3-2.el9_3.aarch64.rpm 49aa96906774f1149e6cd04a315e6539e8b95a92fc9d09e2241178fbf41726b9
ppc64le buildah-1.31.3-2.el9_3.ppc64le.rpm 4c07749e85d8ae464d8158ecca517c9cf3c73fc3deb6ba0057688721756bea09
ppc64le buildah-tests-1.31.3-2.el9_3.ppc64le.rpm 91488729285e9662f58cf46ee2a3c53003ed1ec8d112937581cb97fe72e10c35
s390x buildah-1.31.3-2.el9_3.s390x.rpm 6b009a5bf2c56599e7fb9ec0bf92e7b2f6558418068511dbd139594da1d2664b
s390x buildah-tests-1.31.3-2.el9_3.s390x.rpm f76889fa2b08aa9717122e68d644aeedaec9a8f9769ef0920670c2d964bbd691
x86_64 buildah-1.31.3-2.el9_3.x86_64.rpm 5f0aa3001075d7c1627c376f3897ae174a59c117e81e49b5220522180ecc0b30
x86_64 buildah-tests-1.31.3-2.el9_3.x86_64.rpm b61dfeaa93295fe5e91c1b4d4cc3fe7db90dddfd4833278c0ab62102fc5c625b
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.