(RHSA-2020:1231) Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to:

• Create a working container, either from scratch or using an image as a starting point.
• Create an image, either from a working container or using the instructions in a Dockerfile.
• Build both Docker and OCI images.

Security Fix(es):

• proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• rootless buildah does not work with UID in /etc/subuid (BZ#1765469)

• Extras RHEL-7.8 update - buildah (BZ#1791286)

• buildah should be linked against gpgme-pthread (BZ#1793074)