Stay Secure with the Latest Linux Advisories

security advisoryFedoracritical fix

Fedora 34: 440e34200c Critical: Buildah Host Leak Issue

Security fix for CVE-2021-3602. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-440e34200c 2021-08-02 01:02:57.308399 --------------------------------------------------------------------------------Name : buildah Product : Fedora 34 Version : 1.21.4 Release : 4.fc34 URL : https://buildah.io Summary : A command line tool used for creating OCI Images Description : The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to create a new image * delete a working container or an image --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-3602 --------------------------------------------------------------------------------ChangeLog: * Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-4 - ensure consistent version-release and changelog * Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-1 - bump to v1.21.4 - fix gating test issues * Thu Jul 22 2021 Lokesh Mandvekar - 1.21.3-3 - try fix for copy-release * Thu Jul 22 2021 Eduardo Santiago - 1.21.3-2 - Try to deal with new buildah-copy-helper nightmare * Fri Jul 16 2021 Lokesh Mandvekar - 1.21.3-1 - Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602 - bump to v1.21.3 * Wed Jun 30 2021 Lokesh Mandvekar - 1.21.2-1 - bump to v1.21.2 * Tue Jun 8 2021 RH Container Bot - 1.21.1-1 - autobuilt v1.21.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1969264 - CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation https://bugzilla.redhat.com/show_bug.cgi?id=1969264 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-440e34200c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Uncover the vulnerability resolution for CVE-2021-3602 within the buildah upgrade for Fedora 34, augmenting the safety of container administration.. Fedora 34, buildah security, critical fix, host leak, container management. . Severity: Critical. LinuxSecurity.com Team

Aug 01, 2021 •Critical Fedora