PT-2022-19901 · Podman +11 · Podman +11

Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 20.10.18 CRI-O versions prior to 20.10.18 Docker versions prior to 20.10.18 Moby Docker Engine versions prior to 20.10.18 Podman versions prior to 20.10.18 Description: The issue arises from an incorrect handling of...

AZL-44580 CVE-2021-20291 affecting package buildah for versions less than 1.41.4-2

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...