Buildah Package Security Update Advisory (CVE-2024-1753)

Overview

 

An update has been made available to address a vulnerability in the buildah package. users of affected versions are advised to update to the latest version.

 

Affected Products

 

Podman versions 4.9.3 and 5.0 or below

Buildah 1.35.0 or below

 

Resolved Vulnerabilities

 

Container escape vulnerability in build due to commands within the RUN phase having read-write access to the host file system via a malicious Containerfile (CVE-2024-1753)

 

Vulnerability Patches

 

Buildah version 1.35.1

 

Referenced Sites

 

[1] CVE-2024-1753 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-1753

[2] CVE-2024-1753 container escape at build time
https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3

[3] CVE-2024-1753 container escape at build time
https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf