update: containers-image #1545

dongsupark · 2024-09-20T10:15:53Z

Name: containers-image
CVEs: CVE-2024-3727
CVSSs: 8.3
Action Needed: update to >= 5.30.1

Summary: A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

See also https://bugzilla.redhat.com/show_bug.cgi?id=2274767.

refmap.gentoo: TBD

dongsupark added security security concerns advisory security advisory labels Sep 20, 2024

github-project-automation bot added this to Flatcar tactical, release planning, and roadmap Sep 20, 2024

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Sep 20, 2024

dongsupark added the cvss/HIGH > 7 && < 9 assessed CVSS label Sep 20, 2024

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Sep 20, 2024

github-actions bot mentioned this issue Sep 22, 2024

Monthly contributions report 2024-08-22 - 2024-09-21 #1547

Closed

github-actions bot mentioned this issue Oct 22, 2024

Monthly contributions report 2024-09-22 - 2024-10-21 #1568

Open

krnowak mentioned this issue Oct 28, 2024

Weekly portage-stable package updates 2024-10-21 flatcar/scripts#2388

Merged

2 tasks

krnowak closed this as completed in flatcar/scripts#2388 Oct 29, 2024

github-project-automation bot moved this from 🪵Backlog to Implemented in Flatcar tactical, release planning, and roadmap Oct 29, 2024

github-actions bot mentioned this issue Nov 22, 2024

Monthly contributions report 2024-10-22 - 2024-11-21 #1585

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: containers-image #1545

update: containers-image #1545

dongsupark commented Sep 20, 2024

update: containers-image #1545

update: containers-image #1545

Comments

dongsupark commented Sep 20, 2024