Bug 9736 - [Anolis OS 8] Bugfix for CVE-2024-3727
Summary: [Anolis OS 8] Bugfix for CVE-2024-3727
Status: NEW
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.6
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: Jacob
QA Contact: shuming
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2024-08-14 10:29 UTC by 小龙
Modified: 2024-08-14 10:29 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2024-08-14 10:29:18 UTC 
Description:
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Broken commit info:

Bugfix commit info:
https://github.com/containers/image/commit/56e750a2cab2472740a8be66355401da5191d10b
https://github.com/containers/image/pull/2404
https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385
https://github.com/containers/image/pull/2403
https://github.com/containers/image/commit/8d7cdb21f5bbbaabd24819fcd9f0ffdae2d30d1e
https://github.com/containers/image/pull/2405