Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Fedora 33: Security Advisory for Buildah DoS Issue CVE-2021-20291

fedora
Calendar Grey April 24, 2021
Dist Fedora Esm H88
Patch the critical DoS vulnerability in Buildah on Fedora 33 by updating the package, checking for vulnerabilities, rebuilding containers, testing changes, and monitoring for updates
- crun and runc both `Provides: oci-runtime`

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

- crun and runc both `Provides: oci-runtime`. - containers-common now has

`Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by

default unless runc is already installed. ---- buildah: Security fix for

CVE-2021-20291 Autobuilt v1.20.1

* Thu Apr 22 2021 Lokesh Mandvekar - 1.20.1-4

- fix gating tests

* Mon Apr 19 2021 Lokesh Mandvekar - 1.20.1-3

- update containers-common dependency

- container-selinux, oci-runtime, slirp4netns and fuse-overlayfs handled in

containers-common

* Fri Apr 16 2021 Lokesh Mandvekar - 1.20.1-2

- rebuild for buildah-tests

* Wed Apr 14 2021 RH Container Bot - 1.20.1-1

- autobuilt v1.20.1

* Mon Mar 29 2021 Lokesh Mandvekar - 1.20.0-1

- bump to v1.20.0

[ 1 ] Bug #1939485 - CVE-2021-20291 containers/storage: DoS via malicious image

https://bugzilla.redhat.com/show_bug.cgi?id=1939485

su -c 'dnf upgrade --advisory FEDORA-2021-ec00da7faa' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory DoS issue critical Fedora container security buildah container management

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 1.20.1
Release: 4.fc33
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory DoS issue critical Fedora container security buildah container management

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here