logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2020:2116) Important: buildah security and bug fix update

Description

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) * containers/image: Container images read entire image manifest into memory (CVE-2020-1702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * buildah is not expanding env vars in file paths (BZ#1822031)


Affected Package


OS OS Version Package Name Package Version
RedHat 7 buildah-debuginfo 1.11.6-11.el7_8
RedHat 7 buildah 1.11.6-11.el7_8
RedHat 7 buildah-debuginfo 1.11.6-11.el7_8
RedHat 7 buildah 1.11.6-11.el7_8
RedHat 7 buildah 1.11.6-11.el7_8
RedHat 7 buildah-debuginfo 1.11.6-11.el7_8
RedHat 7 buildah 1.11.6-11.el7_8

Related