|
|
Log in / Subscribe / Register

Oracle alert ELSA-2026-0437 (buildah)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2026-0437 Important: Oracle Linux 9 buildah security update


Date:
              Mon, 12 Jan 2026 12:54:04 -0800


Message-ID:
              <mailman.267.1768251253.31.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2026-0437

http://linux.oracle.com/errata/ELSA-2026-0437.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
buildah-1.41.8-1.0.1.el9_7.x86_64.rpm
buildah-tests-1.41.8-1.0.1.el9_7.x86_64.rpm

aarch64:
buildah-1.41.8-1.0.1.el9_7.aarch64.rpm
buildah-tests-1.41.8-1.0.1.el9_7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/buildah-1.41.8-1....

Related CVEs:

CVE-2025-47913




Description of changes:

[1.41.8-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.41.8-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
  (https://github.com/containers/buildah/commit/f85ff89)
- fixes "CVE-2025-47913 buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected
SSH_AGENT_SUCCESS [rhel-9.7.z]"
- Resolves: RHEL-134792

[2:1.41.7-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
  (https://github.com/containers/buildah/commit/e363f79)
- fixes "Bump to runc v1.2.9 or v1.3.4 to get CVE and regression fixes - Buildah [rhel-9.7.z]"
- Resolves: RHEL-132846


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds