(RHSA-2020:1231) Moderate: buildah security and bug fix update

2020-04-01T03:31:31
ID RHSA-2020:1231
Type redhat
Reporter RedHat
Modified 2020-04-01T03:54:32

Description

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: * Create a working container, either from scratch or using an image as a starting point. * Create an image, either from a working container or using the instructions in a Dockerfile. * Build both Docker and OCI images.

Security Fix(es):

  • proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • rootless buildah does not work with UID in /etc/subuid (BZ#1765469)

  • Extras RHEL-7.8 update - buildah (BZ#1791286)

  • buildah should be linked against gpgme-pthread (BZ#1793074)