SUSE: 2020:3423-1 Moderate: Buildah Security Threat Fix
suse
November 19, 2020
An update that fixes two vulnerabilities is now available
Summary
This update for buildah fixes the following issues: buildah was updated to v1.17.0 (bsc#1165184): * Handle cases where other tools mount/unmount containers * overlay.MountReadOnly: support RO overlay mounts * overlay: use fusermount for rootless umounts * overlay: fix umount * Switch default log level of Buildah to Warn. Users need to see these messages * Drop error messages about OCI/Docker format to Warning level * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 * tests/testreport: adjust for API break in storage v1.23.6 * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 * copier: put: ignore Typeflag="g" * Use curl to get repo file (fix #2714)
Topics Covered
References
#1165184 #1167864
Cross- CVE-2019-10214 CVE-2020-10696
Affected Products:
SUSE Linux Enterprise Module for Containers 15-SP2
SUSE Linux Enterprise Module for Containers 15-SP1
https://www.suse.com/security/cve/CVE-2019-10214.html
https://www.suse.com/security/cve/CVE-2020-10696.html
https://bugzilla.suse.com/1165184
https://bugzilla.suse.com/1167864
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:3423-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!