Explore top 10 tips to secure your open-source projects now. Read More
×
Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important
References : 1167864 1181961 1202812 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990
1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990
This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
Get the latest Linux and open source security news straight to your inbox.