[v5.2-rhel] Fix CVE-2024-9407, 9675, 9676, 9341 #24324
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes four CVES:
CVE-2024-9341 - FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9407 - Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction CVE-2024-9675 - Buildah allows arbitrary directory mount [rhel-9.5] CVE-2024-9676 - symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)
And Jira cards:
https://issues.redhat.com/browse/RHEL-60963 - CVE-2024-9341 https://issues.redhat.com/browse/RHEL-62369 - CVE-2024-9341 https://issues.redhat.com/browse/RHEL-61152 - CVE-2024-9407 https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5) - CVE-2024-9675 https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5.z) - CVE-2024-9675 https://issues.redhat.com/browse/RHEL-61865 - CVE-2024-9676
Does this PR introduce a user-facing change?