This update for buildah, docker fixes the following issues:
Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
Update to Docker 25.0.5-ce (bsc#1223409)
Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916)
Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
Update to version 1.35.3:
Update to version 1.35.1:
Buildah dropped cni support, require netavark instead (bsc#1221243)
Remove obsolete requires libcontainers-image & libcontainers-storage
Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846)
Update to version 1.35.0:
buildah manifest
: add artifact-related options