Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 35 Buildah: FEDORA-2022-224a93852c Critical Container Issue

fedora
Calendar Grey April 7, 2022
Dist Fedora Esm H88
The patch addressing CVE-2022-27651 has been rolled out in Fedora 35 for buildah, enhancing both security and operational efficiency.
Security fix for CVE-2022-27651

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Security fix for CVE-2022-27651

* Wed Mar 30 2022 Lokesh Mandvekar 1.23.3-2

- add CVE-2022-27651 patches

* Wed Mar 30 2022 Lokesh Mandvekar 1.23.3-1

- Resolves: CVE-2022-27651, bump to v1.23.3

* Wed Mar 30 2022 Lokesh Mandvekar 1.23.2-1

- Revert "bump to v1.24.0, bump containers-common dep"

* Wed Mar 30 2022 Lokesh Mandvekar 1.24.0-1

- Revert "bump to v1.24.1"

* Fri Feb 4 2022 Lokesh Mandvekar 1.24.1-1

- bump to v1.24.1

* Wed Feb 2 2022 Ed Santiago 1.24.0-8

- tests package: now require git-daemon

* Tue Feb 1 2022 Lokesh Mandvekar 1.24.0-6

- adjust containers-common dep for f35

* Fri Jan 28 2022 Lokesh Mandvekar 1.24.0-5

- adjust containers-common dep for f35

* Fri Jan 28 2022 Lokesh Mandvekar 1.24.0-4

- unpack git content

* Fri Jan 28 2022 Lokesh Mandvekar 1.24.0-2

- fix deps and golang provides

* Fri Jan 28 2022 Lokesh Mandvekar 1.24.0-1

- bump to v1.24.0, bump containers-common dep

* Thu Jan 27 2022 Lokesh Mandvekar 1.23.2-1

- bump to v1.23.2, switch to autospec

* Thu Jan 27 2022 Fedora Release Engineering 1.23.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[ 1 ] Bug #2066840 - CVE-2022-27651 buildah: Default inheritable capabilities for linux container should be empty

https://bugzilla.redhat.com/show_bug.cgi?id=2066840

su -c 'dnf upgrade --advisory FEDORA-2022-224a93852c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory update Fedora critical fix security patch container issue buildah

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 1.23.3
Release: 2.fc35
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory update Fedora critical fix security patch container issue buildah

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here