Msrc Azl3 Libcontainers-Common 20240213-3 On Azure Linux 3.0 vulnerabilities

CVE-2025-47913 [HIGH] Potential denial of service in golang.org/x/crypto/ssh/agent Potential denial of service in golang.org/x/crypto/ssh/agent Mariner: Mariner Go: Go Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-9566 [HIGH] CWE-22 Podman: podman kube play command may overwrite host files Podman: podman kube play command may overwrite host files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2025-6032 [HIGH] CWE-295 Podman: podman missing tls verification Podman: podman missing tls verification FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-9675 [HIGH] CWE-22 Buildah: buildah allows arbitrary directory mount Buildah: buildah allows arbitrary directory mount FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-9407 [MEDIUM] CWE-20 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to ke

CVE-2024-9341 [MEDIUM] CWE-59 Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date

CVE-2024-9676 [MEDIUM] CWE-22 Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu

CVE-2024-37298 [HIGH] CWE-770 Potential memory exhaustion attack due to sparse slice deserialization Potential memory exhaustion attack due to sparse slice deserialization FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-3727 [HIGH] CWE-354 Containers/image: digest type does not guarantee valid type Containers/image: digest type does not guarantee valid type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-1753 [HIGH] CWE-59 Buildah: full container escape at build time Buildah: full container escape at build time FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2022-2879 [HIGH] CWE-770 Unbounded memory consumption when reading headers in archive/tar Unbounded memory consumption when reading headers in archive/tar FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libra