Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1989-1 Final 1 1 2024-06-11T11:49:48Z current 2024-06-11T11:49:48Z 2024-06-11T11:49:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727) - Remove SLE15 SP4 from the distro check (end of general support) - Add LABEL with source URL The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1989,SUSE-SLE-Module-Containers-15-SP6-2024-1989,openSUSE-SLE-15.6-2024-1989 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241989-1/ Link for SUSE-SU-2024:1989-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035546.html E-Mail link for SUSE-SU-2024:1989-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224119 SUSE Bug 1224119 https://www.suse.com/security/cve/CVE-2024-3727/ SUSE CVE CVE-2024-3727 page SUSE Linux Enterprise Module for Containers 15 SP6 openSUSE Leap 15.6 containerized-data-importer-api-1.58.0-150600.3.3.2 containerized-data-importer-cloner-1.58.0-150600.3.3.2 containerized-data-importer-controller-1.58.0-150600.3.3.2 containerized-data-importer-importer-1.58.0-150600.3.3.2 containerized-data-importer-manifests-1.58.0-150600.3.3.2 containerized-data-importer-operator-1.58.0-150600.3.3.2 containerized-data-importer-uploadproxy-1.58.0-150600.3.3.2 containerized-data-importer-uploadserver-1.58.0-150600.3.3.2 obs-service-cdi_containers_meta-1.58.0-150600.3.3.2 containerized-data-importer-manifests-1.58.0-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Containers 15 SP6 containerized-data-importer-api-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-cloner-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-controller-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-importer-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-manifests-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-operator-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-uploadproxy-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 containerized-data-importer-uploadserver-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 obs-service-cdi_containers_meta-1.58.0-150600.3.3.2 as a component of openSUSE Leap 15.6 A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. CVE-2024-3727 SUSE Linux Enterprise Module for Containers 15 SP6:containerized-data-importer-manifests-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-api-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-cloner-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-controller-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-importer-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-manifests-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-operator-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-uploadproxy-1.58.0-150600.3.3.2 openSUSE Leap 15.6:containerized-data-importer-uploadserver-1.58.0-150600.3.3.2 openSUSE Leap 15.6:obs-service-cdi_containers_meta-1.58.0-150600.3.3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241989-1/ https://www.suse.com/security/cve/CVE-2024-3727.html CVE-2024-3727 https://bugzilla.suse.com/1224112 SUSE Bug 1224112