Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE: 2022:3792-2 Important: BCI-Minimal Security Update

suse
Calendar Grey October 28, 2022
Scroller Suse
SUSE Container Update Notification for bci/bci-minimal encompasses critical security enhancements resolving various vulnerabilities.
The container bci/bci-minimal was updated

Summary

Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important

References

References : 1167864 1181961 1202812 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990

1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990

This update for buildah fixes the following issues:

- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).

- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).

- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812

Buildah was updated to version 1.27.1:

* run: add container gid to additional groups

- Add fix for CVE-2022-2990 / bsc#1202812

Update to version 1.27.0:

* Don't try to call runLabelStdioPipes if spec.Linux is not set

Severity
important
Lowest
Low
Medium
High
Critical

Container Advisory ID : SUSE-CU-2022:2741-1
Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.32.15
Container Release : 32.15
Severity : important
Type : security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.