Lucene search

K
suseSuseOPENSUSE-SU-2022:0770-1
HistoryMar 09, 2022 - 12:00 a.m.

Security update for buildah (moderate)

2022-03-0900:00:00
lists.opensuse.org
33

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

An update that fixes three vulnerabilities, contains one
feature is now available.

Description:

This update for buildah fixes the following issues:

buildah was updated to version 1.23.1:

Update to version 1.22.3:

  • Update dependencies
  • Post-branch commit
  • Accept repositories on login/logout

Update to version 1.22.0:

  • c/image, c/storage, c/common vendor before Podman 3.3 release
  • Proposed patch for 3399 (shadowutils)
  • Fix handling of --restore shadow-utils
  • runtime-flag (debug) test: handle old & new runc
  • Allow dst and destination for target in secret mounts
  • Multi-arch: Always push updated version-tagged img
  • imagebuildah.stageExecutor.prepare(): remove pseudonym check
  • refine dangling filter
  • Chown with environment variables not set should fail
  • Just restore protections of shadow-utils
  • Remove specific kernel version number requirement from install.md
  • Multi-arch image workflow: Make steps generic
  • chroot: fix environment value leakage to intermediate processes
  • Update nix pin with make nixpkgs
  • buildah source - create and manage source images
  • Update cirrus-cron notification GH workflow
  • Reuse code from containers/common/pkg/parse
  • Cirrus: Freshen VM images
  • Fix excludes exception begining with / or ./
  • Fix syntax for --manifest example
  • vendor containers/common@main
  • Cirrus: Drop dependence on fedora-minimal
  • Adjust conformance-test error-message regex
  • Workaround appearance of differing debug messages
  • Cirrus: Install docker from package cache
  • Switch rusagelogfile to use options.Out
  • Turn stdio back to blocking when command finishes
  • Add support for default network creation
  • Cirrus: Updates for master->main rename
  • Change references from master to main
  • Add --env and --workingdir flags to run command
  • [CI:DOCS] buildah bud: spelling --ignore-file requires parameter
  • [CI:DOCS] push/pull: clarify supported transports
  • Remove unused function arguments
  • Create mountOptions for mount command flags
  • Extract version command implementation to function
  • Add --json flags to mount and version commands
  • copier.Put(): set xattrs after ownership
  • buildah add/copy: spelling
  • buildah copy and buildah add should support .containerignore
  • Remove unused util.StartsWithValidTransport
  • Fix documentation of the --format option of buildah push
  • Don’t use alltransports.ParseImageName with known transports
  • man pages: clarify rmi removes dangling parents
  • [CI:DOCS] Fix links to c/image master branch
  • imagebuildah: use the specified logger for logging preprocessing warnings
  • Fix copy into workdir for a single file
  • Fix docs links due to branch rename
  • Update nix pin with make nixpkgs
  • fix(docs): typo
  • Move to v1.22.0-dev
  • Fix handling of auth.json file while in a user namespace
  • Add rusage-logfile flag to optionally send rusage to a file
  • imagebuildah: redo step logging
  • Add volumes to make running buildah within a container easier
  • Add and use a “copy” helper instead of podman load/save
  • Bump github.com/containers/common from 0.38.4 to 0.39.0
  • containerImageRef/containerImageSource: don’t buffer uncompressed layers
  • containerImageRef(): squashed images have no parent images
  • Sync. workflow across skopeo, buildah, and podman
  • Bump github.com/containers/storage from 1.31.1 to 1.31.2
  • Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
  • Bump to v1.21.1-dev [NO TESTS NEEDED]

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-770=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for OPENSUSE-SU-2022:0770-1