affected

created on 13 Dec 2024

NIXPKGS-2024-0001

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Vulnerabilities

CVE-2024-9675

Related packages

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

nixos-unstable 1.31.2
- nixos-unstable-small 1.31.3
- nixpkgs-unstable 1.31.2

pkgs.conmon

OCI container runtime monitor

nixos-unstable 2.1.12
- nixos-unstable-small 2.1.12
- nixpkgs-unstable 2.1.12

pkgs.podman

Program for managing pods, containers and container images

nixos-unstable 5.3.1
- nixos-unstable-small 5.3.1
- nixpkgs-unstable 5.3.1

pkgs.skopeo

Command line utility for various operations on container images and image repositories

nixos-unstable 1.17.0
- nixos-unstable-small 1.17.0
- nixpkgs-unstable 1.17.0

pkgs.buildah

Tool which facilitates building OCI images

nixos-unstable 1.38.0
- nixos-unstable-small 1.38.0
- nixpkgs-unstable 1.38.0

pkgs.conmon-rs

OCI container runtime monitor written in Rust

nixos-unstable 0.6.6
- nixos-unstable-small 0.6.6
- nixpkgs-unstable 0.6.6

pkgs.podman-tui

Podman Terminal UI

nixos-unstable 1.3.0
- nixos-unstable-small 1.3.0
- nixpkgs-unstable 1.3.0

pkgs.podman-compose

Implementation of docker-compose with podman backend

nixos-unstable 1.2.0
- nixos-unstable-small 1.2.0
- nixpkgs-unstable 1.2.0

pkgs.podman-desktop

A graphical tool for developing on containers and Kubernetes

nixos-unstable 1.13.2
- nixos-unstable-small 1.13.2
- nixpkgs-unstable 1.13.2

pkgs.cri-o-unwrapped