Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 34: 440e34200c Critical: Buildah Host Leak Issue

fedora
Calendar Grey August 1, 2021
Dist Fedora Esm H88
Uncover the vulnerability resolution for CVE-2021-3602 within the buildah upgrade for Fedora 34, augmenting the safety of container administration.
Security fix for CVE-2021-3602

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Security fix for CVE-2021-3602

* Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-4

- ensure consistent version-release and changelog

* Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-1

- bump to v1.21.4

- fix gating test issues

* Thu Jul 22 2021 Lokesh Mandvekar - 1.21.3-3

- try fix for copy-release

* Thu Jul 22 2021 Eduardo Santiago - 1.21.3-2

- Try to deal with new buildah-copy-helper nightmare

* Fri Jul 16 2021 Lokesh Mandvekar - 1.21.3-1

- Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602

- bump to v1.21.3

* Wed Jun 30 2021 Lokesh Mandvekar - 1.21.2-1

- bump to v1.21.2

* Tue Jun 8 2021 RH Container Bot - 1.21.1-1

- autobuilt v1.21.1

[ 1 ] Bug #1969264 - CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation

https://bugzilla.redhat.com/show_bug.cgi?id=1969264

su -c 'dnf upgrade --advisory FEDORA-2021-440e34200c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory Fedora critical fix buildah host leak

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 1.21.4
Release: 4.fc34
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory Fedora critical fix buildah host leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here