buildkit-0.12.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13688 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z buildkit-0.12.5-2.1 on GA media These are all security issues fixed in the buildkit-0.12.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13688 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13688 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-23653/ SUSE CVE CVE-2024-23653 page openSUSE Tumbleweed buildkit-0.12.5-2.1 buildkit-0.12.5-2.1 as a component of openSUSE Tumbleweed BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. CVE-2024-23653 openSUSE Tumbleweed:buildkit-0.12.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-23653.html CVE-2024-23653 https://bugzilla.suse.com/1219438 SUSE Bug 1219438