Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-10696 (GCVE-0-2020-10696)
Vulnerability from cvelistv5 – Published: 2020-03-31 21:01 – Updated: 2024-08-04 11:06
VLAI
EPSS
Summary
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
Severity
8.8 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/containers/buildah/pull/2245 | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2020-10696 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containers/buildah/pull/2245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "buildah",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "Fixed in buildah-1.14.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T21:30:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/buildah/pull/2245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "buildah",
"version": {
"version_data": [
{
"version_value": "Fixed in buildah-1.14.5"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696"
},
{
"name": "https://github.com/containers/buildah/pull/2245",
"refsource": "MISC",
"url": "https://github.com/containers/buildah/pull/2245"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10696",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10696",
"datePublished": "2020-03-31T21:01:22.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:11.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-10696",
"date": "2026-06-05",
"epss": "0.00258",
"percentile": "0.49492"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-10696\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-03-31T22:15:14.667\",\"lastModified\":\"2024-11-21T04:55:52.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante enga\u00f1ar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.5\",\"matchCriteriaId\":\"D2DF53D3-40E1-43CD-8BDC-57207CB2F330\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/cve-2020-10696\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containers/buildah/pull/2245\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2020-10696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containers/buildah/pull/2245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2020:2117
Vulnerability from csaf_redhat - Published: 2020-05-12 19:52 - Updated: 2026-03-04 04:49Summary
Red Hat Security Advisory: podman security update
Severity
Important
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
8.8 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
13 references
Acknowledgments
Erik Sjölund
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2117",
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "1817651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817651"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2117.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-03-04T04:49:16+00:00",
"generator": {
"date": "2026-03-04T04:49:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2020:2117",
"initial_release_date": "2020-05-12T19:52:10+00:00",
"revision_history": [
{
"date": "2020-05-12T19:52:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-12T19:52:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T04:49:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.x86_64",
"product": {
"name": "podman-0:1.6.4-18.el7_8.x86_64",
"product_id": "podman-0:1.6.4-18.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"product": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"product_id": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-18.el7_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.src",
"product": {
"name": "podman-0:1.6.4-18.el7_8.src",
"product_id": "podman-0:1.6.4-18.el7_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-0:1.6.4-18.el7_8.noarch",
"product": {
"name": "podman-docker-0:1.6.4-18.el7_8.noarch",
"product_id": "podman-docker-0:1.6.4-18.el7_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@1.6.4-18.el7_8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.ppc64le",
"product": {
"name": "podman-0:1.6.4-18.el7_8.ppc64le",
"product_id": "podman-0:1.6.4-18.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"product": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"product_id": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-18.el7_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-0:1.6.4-18.el7_8.s390x",
"product": {
"name": "podman-0:1.6.4-18.el7_8.s390x",
"product_id": "podman-0:1.6.4-18.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@1.6.4-18.el7_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"product": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"product_id": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@1.6.4-18.el7_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src"
},
"product_reference": "podman-0:1.6.4-18.el7_8.src",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-0:1.6.4-18.el7_8.noarch as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
},
"product_reference": "podman-docker-0:1.6.4-18.el7_8.noarch",
"relates_to_product_reference": "7Server-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src"
},
"product_reference": "podman-0:1.6.4-18.el7_8.src",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.s390x as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64"
},
"product_reference": "podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-0:1.6.4-18.el7_8.noarch as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
},
"product_reference": "podman-docker-0:1.6.4-18.el7_8.noarch",
"relates_to_product_reference": "7Workstation-EXTRAS-7.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8945",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1795838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 consumes updates for podman from the RHEL-7 extras channel, hence why it has been marked as wontfix in this instance.\n\nAfter extensive testing of the mentioned vulnerability Red Hat has chosen a severity of Moderate instead of High, because the deallocation of GPGME objects while other parts of code are still using it, the vulnerability can only result in a crash and cannot be used to execute code in any feasible manner, moreover the vulnerability only results in crash if finalizers are called to clean up variables while objects are still being used by the underlying C code. Given the inherent attack complexity being high and the exploitability of the vulnerability limited to a crash, Moderate severity seems adequate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8945"
},
{
"category": "external",
"summary": "RHBZ#1795838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-12T19:52:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
},
{
"acknowledgments": [
{
"names": [
"Erik Sj\u00f6lund"
]
}
],
"cve": "CVE-2020-10696",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1817651"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "buildah: Crafted input tar file may lead to local file overwrite during image build process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform does include the vulnerable buildah code, it doesn\u0027t make use of the vulnerable function. Podman is also included in OpenShift Container Platform, but it isn\u0027t used to perform a build, so it has been given a low impact rating.\n\nOpenShift Container Platform 3.11 now used podman from the RHEL Extra repository, and not the podman package shipped in the OpenShift 3.11 RPM repository. This issue is fixed in podman in RHEL Extras so we won\u0027t fix the podman package shipped in the OpenShift 3.11 RPM repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "RHBZ#1817651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817651"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696"
}
],
"release_date": "2020-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-12T19:52:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2117"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Server-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Server-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Server-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.src",
"7Workstation-EXTRAS-7.8:podman-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.ppc64le",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.s390x",
"7Workstation-EXTRAS-7.8:podman-debuginfo-0:1.6.4-18.el7_8.x86_64",
"7Workstation-EXTRAS-7.8:podman-docker-0:1.6.4-18.el7_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "buildah: Crafted input tar file may lead to local file overwrite during image build process"
}
]
}
SUSE-SU-2020:3423-1
Vulnerability from csaf_suse - Published: 2020-11-19 15:11 - Updated: 2020-11-19 15:11Summary
Security update for buildah
Severity
Moderate
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
buildah was updated to v1.17.0 (bsc#1165184):
* Handle cases where other tools mount/unmount containers
* overlay.MountReadOnly: support RO overlay mounts
* overlay: use fusermount for rootless umounts
* overlay: fix umount
* Switch default log level of Buildah to Warn. Users need to see these messages
* Drop error messages about OCI/Docker format to Warning level
* build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2
* tests/testreport: adjust for API break in storage v1.23.6
* build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7
* build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6
* copier: put: ignore Typeflag='g'
* Use curl to get repo file (fix #2714)
* build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0
* build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1
* Remove docs that refer to bors, since we're not using it
* Buildah bud should not use stdin by default
* bump containerd, docker, and golang.org/x/sys
* Makefile: cross: remove windows.386 target
* copier.copierHandlerPut: don't check length when there are errors
* Stop excessive wrapping
* CI: require that conformance tests pass
* bump(github.com/openshift/imagebuilder) to v1.1.8
* Skip tlsVerify insecure BUILD_REGISTRY_SOURCES
* Fix build path wrong containers/podman#7993
* refactor pullpolicy to avoid deps
* build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0
* CI: run gating tasks with a lot more memory
* ADD and COPY: descend into excluded directories, sometimes
* copier: add more context to a couple of error messages
* copier: check an error earlier
* copier: log stderr output as debug on success
* Update nix pin with make nixpkgs
* Set directory ownership when copied with ID mapping
* build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
* build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0
* Cirrus: Remove bors artifacts
* Sort build flag definitions alphabetically
* ADD: only expand archives at the right time
* Remove configuration for bors
* Shell Completion for podman build flags
* Bump c/common to v0.24.0
* New CI check: xref --help vs man pages
* CI: re-enable several linters
* Move --userns-uid-map/--userns-gid-map description into buildah man page
* add: preserve ownerships and permissions on ADDed archives
* Makefile: tweak the cross-compile target
* Bump containers/common to v0.23.0
* chroot: create bind mount targets 0755 instead of 0700
* Change call to Split() to safer SplitN()
* chroot: fix handling of errno seccomp rules
* build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
* Add In Progress section to contributing
* integration tests: make sure tests run in ${topdir}/tests
* Run(): ignore containers.conf's environment configuration
* Warn when setting healthcheck in OCI format
* Cirrus: Skip git-validate on branches
* tools: update git-validation to the latest commit
* tools: update golangci-lint to v1.18.0
* Add a few tests of push command
* Add(): fix handling of relative paths with no ContextDir
* build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0
* Lint: Use same linters as podman
* Validate: reference HEAD
* Fix buildah mount to display container names not ids
* Update nix pin with make nixpkgs
* Add missing --format option in buildah from man page
* Fix up code based on codespell
* build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7
* build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5
* Improve buildah completions
* Cirrus: Fix validate commit epoch
* Fix bash completion of manifest flags
* Uniform some man pages
* Update Buildah Tutorial to address BZ1867426
* Update bash completion of manifest add sub command
* copier.Get(): hard link targets shouldn't be relative paths
* build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2
* Pass timestamp down to history lines
* Timestamp gets updated everytime you inspect an image
* bud.bats: use absolute paths in newly-added tests
* contrib/cirrus/lib.sh: don't use CN for the hostname
* tests: Add some tests
* Update manifest add man page
* Extend flags of manifest add
* build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4
* build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
* CI: expand cross-compile checks
Update to v1.16.2:
* fix build on 32bit arches
* containerImageRef.NewImageSource(): don't always force timestamps
* Add fuse module warning to image readme
* Heed our retry delay option values when retrying commit/pull/push
* Switch to containers/common for seccomp
* Use --timestamp rather then --omit-timestamp
* docs: remove outdated notice
* docs: remove outdated notice
* build-using-dockerfile: add a hidden --log-rusage flag
* build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
* Discard ReportWriter if user sets options.Quiet
* build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3
* Fix ownership of content copied using COPY --from
* newTarDigester: zero out timestamps in tar headers
* Update nix pin with `make nixpkgs`
* bud.bats: correct .dockerignore integration tests
* Use pipes for copying
* run: include stdout in error message
* run: use the correct error for errors.Wrapf
* copier: un-export internal types
* copier: add Mkdir()
* in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE
* docs/buildah-commit.md: tweak some wording, add a --rm example
* imagebuildah: don’t blank out destination names when COPYing
* Replace retry functions with common/pkg/retry
* StageExecutor.historyMatches: compare timestamps using .Equal
* Update vendor of containers/common
* Fix errors found in coverity scan
* Change namespace handling flags to better match podman commands
* conformance testing: ignore buildah.BuilderIdentityAnnotation labels
* Vendor in containers/storage v1.23.0
* Add buildah.IsContainer interface
* Avoid feeding run_buildah to pipe
* fix(buildahimage): add xz dependency in buildah image
* Bump github.com/containers/common from 0.15.2 to 0.18.0
* Howto for rootless image building from OpenShift
* Add --omit-timestamp flag to buildah bud
* Update nix pin with `make nixpkgs`
* Shutdown storage on failures
* Handle COPY --from when an argument is used
* Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0
* Cirrus: Use newly built VM images
* Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92
* Enhance the .dockerignore man pages
* conformance: add a test for COPY from subdirectory
* fix bug manifest inspct
* Add documentation for .dockerignore
* Add BuilderIdentityAnnotation to identify buildah version
* DOC: Add quay.io/containers/buildah image to README.md
* Update buildahimages readme
* fix spelling mistake in 'info' command result display
* Don't bind /etc/host and /etc/resolv.conf if network is not present
* blobcache: avoid an unnecessary NewImage()
* Build static binary with `buildGoModule`
* copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit
* tarFilterer: handle multiple archives
* Fix a race we hit during conformance tests
* Rework conformance testing
* Update 02-registries-repositories.md
* test-unit: invoke cmd/buildah tests with --flags
* parse: fix a type mismatch in a test
* Fix compilation of tests/testreport/testreport
* build.sh: log the version of Go that we're using
* test-unit: increase the test timeout to 40/45 minutes
* Add the 'copier' package
* Fix & add notes regarding problematic language in codebase
* Add dependency on github.com/stretchr/testify/require
* CompositeDigester: add the ability to filter tar streams
* BATS tests: make more robust
* vendor golang.org/x/text@v0.3.3
* Switch golang 1.12 to golang 1.13
* imagebuildah: wait for stages that might not have even started yet
* chroot, run: not fail on bind mounts from /sys
* chroot: do not use setgroups if it is blocked
* Set engine env from containers.conf
* imagebuildah: return the right stage's image as the 'final' image
* Fix a help string
* Deduplicate environment variables
* switch containers/libpod to containers/podman
* Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3
* Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
* Mask out /sys/dev to prevent information leak
* linux: skip errors from the runtime kill
* Mask over the /sys/fs/selinux in mask branch
* Add VFS additional image store to container
* tests: add auth tests
* Allow 'readonly' as alias to 'ro' in mount options
* Ignore OS X specific consistency mount option
* Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
* Bump github.com/containers/common from 0.14.0 to 0.15.2
* Rootless Buildah should default to IsolationOCIRootless
* imagebuildah: fix inheriting multi-stage builds
* Make imagebuildah.BuildOptions.Architecture/OS optional
* Make imagebuildah.BuildOptions.Jobs optional
* Resolve a possible race in imagebuildah.Executor.startStage()
* Switch scripts to use containers.conf
* Bump openshift/imagebuilder to v1.1.6
* Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5
* buildah, bud: support --jobs=N for parallel execution
* executor: refactor build code inside new function
* Add bud regression tests
* Cirrus: Fix missing htpasswd in registry img
* docs: clarify the 'triples' format
* CHANGELOG.md: Fix markdown formatting
* Add nix derivation for static builds
* Bump to v1.16.0-dev
- Update to v1.15.1
* Mask over the /sys/fs/selinux in mask branch
* chroot: do not use setgroups if it is blocked
* chroot, run: not fail on bind mounts from /sys
* Allow 'readonly' as alias to 'ro' in mount options
* Add VFS additional image store to container
* vendor golang.org/x/text@v0.3.3
* Make imagebuildah.BuildOptions.Architecture/OS optional
Update to v1.15.0:
* Add CVE-2020-10696 to CHANGELOG.md and changelog.txt
* fix lighttpd example
* remove dependency on openshift struct
* Warn on unset build arguments
* vendor: update seccomp/containers-golang to v0.4.1
* Updated docs
* clean up comments
* update exit code for tests
* Implement commit for encryption
* implementation of encrypt/decrypt push/pull/bud/from
* fix resolve docker image name as transport
* Add preliminary profiling support to the CLI
* Evaluate symlinks in build context directory
* fix error info about get signatures for containerImageSource
* Add Security Policy
* Cirrus: Fixes from review feedback
* imagebuildah: stages shouldn't count as their base images
* Update containers/common v0.10.0
* Add registry to buildahimage Dockerfiles
* Cirrus: Use pre-installed VM packages + F32
* Cirrus: Re-enable all distro versions
* Cirrus: Update to F31 + Use cache images
* golangci-lint: Disable gosimple
* Lower number of golangci-lint threads
* Fix permissions on containers.conf
* Don't force tests to use runc
* Return exit code from failed containers
* cgroup_manager should be under [engine]
* Use c/common/pkg/auth in login/logout
* Cirrus: Temporarily disable Ubuntu 19 testing
* Add containers.conf to stablebyhand build
* Update gitignore to exclude test Dockerfiles
* Remove warning for systemd inside of container
Update to v1.14.6:
* Make image history work correctly with new args handling
* Don't add args to the RUN environment from the Builder
Update to v1.14.5:
* Revert FIPS mode change
Update to v1.14.4:
* Update unshare man page to fix script example
* Fix compilation errors on non linux platforms
* Preserve volume uid and gid through subsequent commands
* Fix potential CVE in tarfile w/ symlink
* Fix .dockerignore with globs and ! commands
Update to v1.14.2:
* Search for local runtime per values in containers.conf
* Set correct ownership on working directory
* Improve remote manifest retrieval
* Correct a couple of incorrect format specifiers
* manifest push --format: force an image type, not a list type
* run: adjust the order in which elements are added to $
* getDateAndDigestAndSize(): handle creation time not being set
* Make the commit id clear like Docker
* Show error on copied file above context directory in build
* pull/from/commit/push: retry on most failures
* Repair buildah so it can use containers.conf on the server side
* Fixing formatting & build instructions
* Fix XDG_RUNTIME_DIR for authfile
* Show validation command-line
Update to v1.14.0:
* getDateAndDigestAndSize(): use manifest.Digest
* Touch up os/arch doc
* chroot: handle slightly broken seccomp defaults
* buildahimage: specify fuse-overlayfs mount options
* parse: don't complain about not being able to rename something to itself
* Fix build for 32bit platforms
* Allow users to set OS and architecture on bud
* Fix COPY in containerfile with envvar
* Add --sign-by to bud/commit/push, --remove-signatures for pull/push
* Add support for containers.conf
* manifest push: add --format option
Update to v1.13.1:
* copyFileWithTar: close source files at the right time
* copy: don't digest files that we ignore
* Check for .dockerignore specifically
* Don't setup excludes, if their is only one pattern to match
* set HOME env to /root on chroot-isolation by default
* docs: fix references to containers-*.5
* fix bug Add check .dockerignore COPY file
* buildah bud --volume: run from tmpdir, not source dir
* Fix imageNamePrefix to give consistent names in buildah-from
* cpp: use -traditional and -undef flags
* discard outputs coming from onbuild command on buildah-from --quiet
* make --format columnizing consistent with buildah images
* Fix option handling for volumes in build
* Rework overlay pkg for use with libpod
* Fix buildahimage builds for buildah
* Add support for FIPS-Mode backends
* Set the TMPDIR for pulling/pushing image to $TMPDIR
Update to v1.12.0:
* Allow ADD to use http src
* imgtype: reset storage opts if driver overridden
* Start using containers/common
* overlay.bats typo: fuse-overlays should be fuse-overlayfs
* chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()
* bind: don't complain about missing mountpoints
* imgtype: check earlier for expected manifest type
* Add history names support
Update to v1.11.6:
* Handle missing equal sign in --from and --chown flags for COPY/ADD
* bud COPY does not download URL
* Fix .dockerignore exclude regression
* commit(docker): always set ContainerID and ContainerConfig
* Touch up commit man page image parameter
* Add builder identity annotations.
Update to v1.11.5:
* buildah: add 'manifest' command
* pkg/supplemented: add a package for grouping images together
* pkg/manifests: add a manifest list build/manipulation API
* Update for ErrUnauthorizedForCredentials API change in containers/image
* Update for manifest-lists API changes in containers/image
* version: also note the version of containers/image
* Move to containers/image v5.0.0
* Enable --device directory as src device
* Add clarification to the Tutorial for new users
* Silence 'using cache' to ensure -q is fully quiet
* Move runtime flag to bud from common
* Commit: check for storage.ErrImageUnknown using errors.Cause()
* Fix crash when invalid COPY --from flag is specified.
Update to v1.11.4:
* buildah: add a 'manifest' command
* pkg/manifests: add a manifest list build/manipulation API
* Update for ErrUnauthorizedForCredentials API change in containers/image
* Update for manifest-lists API changes in containers/image
* Move to containers/image v5.0.0
* Enable --device directory as src device
* Add clarification to the Tutorial for new users
* Silence 'using cache' to ensure -q is fully quiet
* Move runtime flag to bud from common
* Commit: check for storage.ErrImageUnknown using errors.Cause()
* Fix crash when invalid COPY --from flag is specified.
Update to v1.11.3:
* Add cgroups2
* Add support for retrieving context from stdin '-'
* Added tutorial on how to include Buildah as library
* Fix --build-args handling
* Print build 'STEP' line to stdout, not stderr
* Use Containerfile by default
Update to v1.11.2:
* Add some cleanup code
* Move devices code to unit specific directory.
Update to v1.11.1:
* Add --devices flag to bud and from
* Add support for /run/.containerenv
* Allow mounts.conf entries for equal source and destination paths
* Fix label and annotation for 1-line Dockerfiles
* Preserve file and directory mount permissions
* Replace --debug=false with --log-level=error
* Set TMPDIR to /var/tmp by default
* Truncate output of too long image names
* Ignore EmptyLayer if Squash is set
Update to v1.11.0:
* Add --digestfile and Re-add push statement as debug
* Add --log-level command line option and deprecate --debug
* Add security-related volume options to validator
* Allow buildah bud to be called without arguments
* Allow to override build date with SOURCE_DATE_EPOCH
* Correctly detect ExitError values from Run()
* Disable empty logrus timestamps to reduce logger noise
* Fix directory pull image names
* Fix handling of /dev/null masked devices
* Fix possible runtime panic on bud
* Update bud/from help to contain indicator for --dns=none
* Update documentation about bud
* Update shebangs to take env into consideration
* Use content digests in ADD/COPY history entries
* add support for cgroupsV2
* add: add a DryRun flag to AddAndCopyOptions
* add: handle hard links when copying with .dockerignore
* add: teach copyFileWithTar() about symlinks and directories
* imagebuilder: fix detection of referenced stage roots
* pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES
* run_linux: fix mounting /sys in a userns
Update to v1.10.1:
* Add automatic apparmor tag discovery
* Add overlayfs to fuse-overlayfs tip
* Bug fix for volume minus syntax
* Bump container/storage v1.13.1 and containers/image v3.0.1
* Bump containers/image to v3.0.2 to fix keyring issue
* Fix bug whereby --get-login has no effect
* Bump github.com/containernetworking/cni to v0.7.1
- Add appamor-pattern requirement
- Update build process to match the latest repository architecture
- Update to v1.10.0
* vendor github.com/containers/image@v3.0.0
* Remove GO111MODULE in favor of -mod=vendor
* Vendor in containers/storage v1.12.16
* Add '-' minus syntax for removal of config values
* tests: enable overlay tests for rootless
* rootless, overlay: use fuse-overlayfs
* vendor github.com/containers/image@v2.0.1
* Added '-' syntax to remove volume config option
* delete successfully pushed message
* Add golint linter and apply fixes
* vendor github.com/containers/storage@v1.12.15
* Change wait to sleep in buildahimage readme
* Handle ReadOnly images when deleting images
* Add support for listing read/only images
* from/import: record the base image's digest, if it has one
* Fix CNI version retrieval to not require network connection
* Add misspell linter and apply fixes
* Add goimports linter and apply fixes
* Add stylecheck linter and apply fixes
* Add unconvert linter and apply fixes
* image: make sure we don't try to use zstd compression
* run.bats: skip the 'z' flag when testing --mount
* Update to runc v1.0.0-rc8
* Update to match updated runtime-tools API
* bump github.com/opencontainers/runtime-tools to v0.9.0
* Build e2e tests using the proper build tags
* Add unparam linter and apply fixes
* Run: correct a typo in the --cap-add help text
* unshare: add a --mount flag
* fix push check image name is not empty
* add: fix slow copy with no excludes
* Add errcheck linter and fix missing error check
* Improve tests/tools/Makefile parallelism and abstraction
* Fix response body not closed resource leak
* Switch to golangci-lint
* Add gomod instructions and mailing list links
* On Masked path, check if /dev/null already mounted before mounting
* Update to containers/storage v1.12.13
* Refactor code in package imagebuildah
* Add rootless podman with NFS issue in documentation
* Add --mount for buildah run
* import method ValidateVolumeOpts from libpod
* Fix typo
* Makefile: set GO111MODULE=off
* rootless: add the built-in slirp DNS server
* Update docker/libnetwork to get rid of outdated sctp package
* Update buildah-login.md
* migrate to go modules
* install.md: mention go modules
* tests/tools: go module for test binaries
* fix --volume splits comma delimited option
* Add bud test for RUN with a priv'd command
* vendor logrus v1.4.2
* pkg/cli: panic when flags can't be hidden
* pkg/unshare: check all errors
* pull: check error during report write
* run_linux.go: ignore unchecked errors
* conformance test: catch copy error
* chroot/run_test.go: export funcs to actually be executed
* tests/imgtype: ignore error when shutting down the store
* testreport: check json error
* bind/util.go: remove unused func
* rm chroot/util.go
* imagebuildah: remove unused dedupeStringSlice
* StageExecutor: EnsureContainerPath: catch error from SecureJoin()
* imagebuildah/build.go: return instead of branching
* rmi: avoid redundant branching
* conformance tests: nilness: allocate map
* imagebuildah/build.go: avoid redundant filepath.Join()
* imagebuildah/build.go: avoid redundant os.Stat()
* imagebuildah: omit comparison to bool
* fix 'ineffectual assignment' lint errors
* docker: ignore 'repeats json tag' lint error
* pkg/unshare: use ... instead of iterating a slice
* conformance: bud test: use raw strings for regexes
* conformance suite: remove unused func/var
* buildah test suite: remove unused vars/funcs
* testreport: fix golangci-lint errors
* util: remove redundant return statement
* chroot: only log clean-up errors
* images_test: ignore golangci-lint error
* blobcache: log error when draining the pipe
* imagebuildah: check errors in deferred calls
* chroot: fix error handling in deferred funcs
* cmd: check all errors
* chroot/run_test.go: check errors
* chroot/run.go: check errors in deferred calls
* imagebuildah.Executor: remove unused onbuild field
* docker/types.go: remove unused struct fields
* util: use strings.ContainsRune instead of index check
* Cirrus: Initial implementation
* buildah-run: fix-out-of-range panic (2)
* Update containers/image to v2.0.0
* run: fix hang with run and --isolation=chroot
* run: fix hang when using run
* chroot: drop unused function call
* remove --> before imgageID on build
* Always close stdin pipe
* Write deny to setgroups when doing single user mapping
* Avoid including linux/memfd.h
* Add a test for the symlink pointing to a directory
* Add missing continue
* Fix the handling of symlinks to absolute paths
* Only set default network sysctls if not rootless
* Support --dns=none like podman
* fix bug --cpu-shares parsing typo
* Fix validate complaint
* Update vendor on containers/storage to v1.12.10
* Create directory paths for COPY thereby ensuring correct perms
* imagebuildah: use a stable sort for comparing build args
* imagebuildah: tighten up cache checking
* bud.bats: add a test verying the order of --build-args
* add -t to podman run
* imagebuildah: simplify screening by top layers
* imagebuildah: handle ID mappings for COPY --from
* imagebuildah: apply additionalTags ourselves
* bud.bats: test additional tags with cached images
* bud.bats: add a test for WORKDIR and COPY with absolute destinations
* Cleanup Overlay Mounts content
* Add support for file secret mounts
* Add ability to skip secrets in mounts file
* allow 32bit builds
* fix tutorial instructions
* imagebuilder: pass the right contextDir to Add()
* add: use fileutils.PatternMatcher for .dockerignore
* bud.bats: add another .dockerignore test
* unshare: fallback to single usermapping
* addHelperSymlink: clear the destination on os.IsExist errors
* bud.bats: test replacing symbolic links
* imagebuildah: fix handling of destinations that end with '/'
* bud.bats: test COPY with a final '/' in the destination
* linux: add check for sysctl before using it
* unshare: set _CONTAINERS_ROOTLESS_GID
* Rework buildahimamges
* build context: support https git repos
* Add a test for ENV special chars behaviour
* Check in new Dockerfiles
* Apply custom SHELL during build time
* config: expand variables only at the command line
* SetEnv: we only need to expand v once
* Add default /root if empty on chroot iso
* Add support for Overlay volumes into the container.
* Export buildah validate volume functions so it can share code with libpod
* Bump baseline test to F30
* Fix rootless handling of /dev/shm size
* Avoid fmt.Printf() in the library
* imagebuildah: tighten cache checking back up
* Handle WORKDIR with dangling target
* Default Authfile to proper path
* Make buildah run --isolation follow BUILDAH_ISOLATION environment
* Vendor in latest containers/storage and containers/image
* getParent/getChildren: handle layerless images
* imagebuildah: recognize cache images for layerless images
* bud.bats: test scratch images with --layers caching
* Get CHANGELOG.md updates
* Add some symlinks to test our .dockerignore logic
* imagebuildah: addHelper: handle symbolic links
* commit/push: use an everything-allowed policy
* Correct manpage formatting in files section
* Remove must be root statement from buildah doc
* Change image names to stable, testing and upstream
* Don't create directory on container
* Replace kubernetes/pause in tests with k8s.gcr.io/pause
* imagebuildah: don't remove intermediate images if we need them
* Rework buildahimagegit to buildahimageupstream
* Fix Transient Mounts
* Handle WORKDIRs that are symlinks
* allow podman to build a client for windows
* Touch up 1.9-dev to 1.9.0-dev
* Resolve symlink when checking container path
* commit: commit on every instruction, but not always with layers
* CommitOptions: drop the unused OnBuild field
* makeImageRef: pass in the whole CommitOptions structure
* cmd: API cleanup: stores before images
* run: check if SELinux is enabled
* Fix buildahimages Dockerfiles to include support for additionalimages mounted from host.
* Detect changes in rootdir
* Fix typo in buildah-pull(1)
* Vendor in latest containers/storage
* Keep track of any build-args used during buildah bud --layers
* commit: always set a parent ID
* imagebuildah: rework unused-argument detection
* fix bug dest path when COPY .dockerignore
* Move Host IDMAppings code from util to unshare
* Add BUILDAH_ISOLATION rootless back
* Travis CI: fail fast, upon error in any step
* imagebuildah: only commit images for intermediate stages if we have to
* Use errors.Cause() when checking for IsNotExist errors
* auto pass http_proxy to container
* imagebuildah: don't leak image structs
* Add Dockerfiles for buildahimages
* Bump to Replace golang 1.10 with 1.12
* add --dns* flags to buildah bud
* Add hack/build_speed.sh test speeds on building container images
* Create buildahimage Dockerfile for Quay
* rename 'is' to 'expect_output'
* squash.bats: test squashing in multi-layered builds
* bud.bats: test COPY --from in a Dockerfile while using the cache
* commit: make target image names optional
* Fix bud-args to allow comma separation
* oops, missed some tests in commit.bats
* new helper: expect_line_count
* New tests for #1467 (string slices in cmdline opts)
* Workarounds for dealing with travis; review feedback
* BATS tests - extensive but minor cleanup
* imagebuildah: defer pulling images for COPY --from
* imagebuildah: centralize COMMIT and image ID output
* Travis: do not use traviswait
* imagebuildah: only initialize imagebuilder configuration once per stage
* Make cleaner error on Dockerfile build errors
* unshare: move to pkg/
* unshare: move some code from cmd/buildah/unshare
* Fix handling of Slices versus Arrays
* imagebuildah: reorganize stage and per-stage logic
* imagebuildah: add empty layers for instructions
* Add missing step in installing into Ubuntu
* fix bug in .dockerignore support
* imagebuildah: deduplicate prepended 'FROM' instructions
* Touch up intro
* commit: set created-by to the shell if it isn't set
* commit: check that we always set a 'created-by'
* docs/buildah.md: add 'containers-' prefixes under 'SEE ALSO'
Update to v1.7.2
* Updates vendored containers/storage to latest version
* rootless: by default use the host network namespace
- Full changelog: https://github.com/containers/buildah/releases/tag/v1.6
Patchnames: SUSE-2020-3423,SUSE-SLE-Module-Containers-15-SP1-2020-3423,SUSE-SLE-Module-Containers-15-SP2-2020-3423
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nbuildah was updated to v1.17.0 (bsc#1165184):\n\n* Handle cases where other tools mount/unmount containers\n* overlay.MountReadOnly: support RO overlay mounts\n* overlay: use fusermount for rootless umounts\n* overlay: fix umount\n* Switch default log level of Buildah to Warn. Users need to see these messages\n* Drop error messages about OCI/Docker format to Warning level\n* build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2\n* tests/testreport: adjust for API break in storage v1.23.6\n* build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7\n* build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6\n* copier: put: ignore Typeflag=\u0027g\u0027\n* Use curl to get repo file (fix #2714)\n* build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0\n* build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1\n* Remove docs that refer to bors, since we\u0027re not using it\n* Buildah bud should not use stdin by default\n* bump containerd, docker, and golang.org/x/sys\n* Makefile: cross: remove windows.386 target\n* copier.copierHandlerPut: don\u0027t check length when there are errors\n* Stop excessive wrapping\n* CI: require that conformance tests pass\n* bump(github.com/openshift/imagebuilder) to v1.1.8\n* Skip tlsVerify insecure BUILD_REGISTRY_SOURCES\n* Fix build path wrong containers/podman#7993\n* refactor pullpolicy to avoid deps\n* build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0\n* CI: run gating tasks with a lot more memory\n* ADD and COPY: descend into excluded directories, sometimes\n* copier: add more context to a couple of error messages\n* copier: check an error earlier\n* copier: log stderr output as debug on success\n* Update nix pin with make nixpkgs\n* Set directory ownership when copied with ID mapping\n* build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0\n* build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0\n* Cirrus: Remove bors artifacts\n* Sort build flag definitions alphabetically\n* ADD: only expand archives at the right time\n* Remove configuration for bors\n* Shell Completion for podman build flags\n* Bump c/common to v0.24.0\n* New CI check: xref --help vs man pages\n* CI: re-enable several linters\n* Move --userns-uid-map/--userns-gid-map description into buildah man page\n* add: preserve ownerships and permissions on ADDed archives\n* Makefile: tweak the cross-compile target\n* Bump containers/common to v0.23.0\n* chroot: create bind mount targets 0755 instead of 0700\n* Change call to Split() to safer SplitN()\n* chroot: fix handling of errno seccomp rules\n* build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0\n* Add In Progress section to contributing\n* integration tests: make sure tests run in ${topdir}/tests\n* Run(): ignore containers.conf\u0027s environment configuration\n* Warn when setting healthcheck in OCI format\n* Cirrus: Skip git-validate on branches\n* tools: update git-validation to the latest commit\n* tools: update golangci-lint to v1.18.0\n* Add a few tests of push command\n* Add(): fix handling of relative paths with no ContextDir\n* build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0\n* Lint: Use same linters as podman\n* Validate: reference HEAD\n* Fix buildah mount to display container names not ids\n* Update nix pin with make nixpkgs\n* Add missing --format option in buildah from man page\n* Fix up code based on codespell\n* build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7\n* build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5\n* Improve buildah completions\n* Cirrus: Fix validate commit epoch\n* Fix bash completion of manifest flags\n* Uniform some man pages\n* Update Buildah Tutorial to address BZ1867426\n* Update bash completion of manifest add sub command\n* copier.Get(): hard link targets shouldn\u0027t be relative paths\n* build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2\n* Pass timestamp down to history lines\n* Timestamp gets updated everytime you inspect an image\n* bud.bats: use absolute paths in newly-added tests\n* contrib/cirrus/lib.sh: don\u0027t use CN for the hostname\n* tests: Add some tests\n* Update manifest add man page\n* Extend flags of manifest add\n* build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4\n* build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1\n* CI: expand cross-compile checks\n\nUpdate to v1.16.2:\n\n* fix build on 32bit arches\n* containerImageRef.NewImageSource(): don\u0027t always force timestamps\n* Add fuse module warning to image readme\n* Heed our retry delay option values when retrying commit/pull/push\n* Switch to containers/common for seccomp\n* Use --timestamp rather then --omit-timestamp\n* docs: remove outdated notice\n* docs: remove outdated notice\n* build-using-dockerfile: add a hidden --log-rusage flag\n* build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2\n* Discard ReportWriter if user sets options.Quiet\n* build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3\n* Fix ownership of content copied using COPY --from\n* newTarDigester: zero out timestamps in tar headers\n* Update nix pin with `make nixpkgs`\n* bud.bats: correct .dockerignore integration tests\n* Use pipes for copying\n* run: include stdout in error message\n* run: use the correct error for errors.Wrapf\n* copier: un-export internal types\n* copier: add Mkdir()\n* in_podman: don\u0027t get tripped up by $CIRRUS_CHANGE_TITLE\n* docs/buildah-commit.md: tweak some wording, add a --rm example\n* imagebuildah: don\u2019t blank out destination names when COPYing\n* Replace retry functions with common/pkg/retry\n* StageExecutor.historyMatches: compare timestamps using .Equal\n* Update vendor of containers/common\n* Fix errors found in coverity scan\n* Change namespace handling flags to better match podman commands\n* conformance testing: ignore buildah.BuilderIdentityAnnotation labels\n* Vendor in containers/storage v1.23.0\n* Add buildah.IsContainer interface\n* Avoid feeding run_buildah to pipe\n* fix(buildahimage): add xz dependency in buildah image\n* Bump github.com/containers/common from 0.15.2 to 0.18.0\n* Howto for rootless image building from OpenShift\n* Add --omit-timestamp flag to buildah bud\n* Update nix pin with `make nixpkgs`\n* Shutdown storage on failures\n* Handle COPY --from when an argument is used\n* Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0\n* Cirrus: Use newly built VM images\n* Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92\n* Enhance the .dockerignore man pages\n* conformance: add a test for COPY from subdirectory\n* fix bug manifest inspct\n* Add documentation for .dockerignore\n* Add BuilderIdentityAnnotation to identify buildah version\n* DOC: Add quay.io/containers/buildah image to README.md\n* Update buildahimages readme\n* fix spelling mistake in \u0027info\u0027 command result display\n* Don\u0027t bind /etc/host and /etc/resolv.conf if network is not present\n* blobcache: avoid an unnecessary NewImage()\n* Build static binary with `buildGoModule`\n* copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit\n* tarFilterer: handle multiple archives\n* Fix a race we hit during conformance tests\n* Rework conformance testing\n* Update 02-registries-repositories.md\n* test-unit: invoke cmd/buildah tests with --flags\n* parse: fix a type mismatch in a test\n* Fix compilation of tests/testreport/testreport\n* build.sh: log the version of Go that we\u0027re using\n* test-unit: increase the test timeout to 40/45 minutes\n* Add the \u0027copier\u0027 package\n* Fix \u0026 add notes regarding problematic language in codebase\n* Add dependency on github.com/stretchr/testify/require\n* CompositeDigester: add the ability to filter tar streams\n* BATS tests: make more robust\n* vendor golang.org/x/text@v0.3.3\n* Switch golang 1.12 to golang 1.13\n* imagebuildah: wait for stages that might not have even started yet\n* chroot, run: not fail on bind mounts from /sys\n* chroot: do not use setgroups if it is blocked\n* Set engine env from containers.conf\n* imagebuildah: return the right stage\u0027s image as the \u0027final\u0027 image\n* Fix a help string\n* Deduplicate environment variables\n* switch containers/libpod to containers/podman\n* Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3\n* Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0\n* Mask out /sys/dev to prevent information leak\n* linux: skip errors from the runtime kill\n* Mask over the /sys/fs/selinux in mask branch\n* Add VFS additional image store to container\n* tests: add auth tests\n* Allow \u0027readonly\u0027 as alias to \u0027ro\u0027 in mount options\n* Ignore OS X specific consistency mount option\n* Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0\n* Bump github.com/containers/common from 0.14.0 to 0.15.2\n* Rootless Buildah should default to IsolationOCIRootless\n* imagebuildah: fix inheriting multi-stage builds\n* Make imagebuildah.BuildOptions.Architecture/OS optional\n* Make imagebuildah.BuildOptions.Jobs optional\n* Resolve a possible race in imagebuildah.Executor.startStage()\n* Switch scripts to use containers.conf\n* Bump openshift/imagebuilder to v1.1.6\n* Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5\n* buildah, bud: support --jobs=N for parallel execution\n* executor: refactor build code inside new function\n* Add bud regression tests\n* Cirrus: Fix missing htpasswd in registry img\n* docs: clarify the \u0027triples\u0027 format\n* CHANGELOG.md: Fix markdown formatting\n* Add nix derivation for static builds\n* Bump to v1.16.0-dev\n\n- Update to v1.15.1\n* Mask over the /sys/fs/selinux in mask branch\n* chroot: do not use setgroups if it is blocked\n* chroot, run: not fail on bind mounts from /sys\n* Allow \u0027readonly\u0027 as alias to \u0027ro\u0027 in mount options\n* Add VFS additional image store to container\n* vendor golang.org/x/text@v0.3.3\n* Make imagebuildah.BuildOptions.Architecture/OS optional\n\nUpdate to v1.15.0:\n\n* Add CVE-2020-10696 to CHANGELOG.md and changelog.txt\n* fix lighttpd example\n* remove dependency on openshift struct\n* Warn on unset build arguments\n* vendor: update seccomp/containers-golang to v0.4.1\n* Updated docs\n* clean up comments\n* update exit code for tests\n* Implement commit for encryption\n* implementation of encrypt/decrypt push/pull/bud/from\n* fix resolve docker image name as transport\n* Add preliminary profiling support to the CLI\n* Evaluate symlinks in build context directory\n* fix error info about get signatures for containerImageSource\n* Add Security Policy\n* Cirrus: Fixes from review feedback\n* imagebuildah: stages shouldn\u0027t count as their base images\n* Update containers/common v0.10.0\n* Add registry to buildahimage Dockerfiles\n* Cirrus: Use pre-installed VM packages + F32\n* Cirrus: Re-enable all distro versions\n* Cirrus: Update to F31 + Use cache images\n* golangci-lint: Disable gosimple\n* Lower number of golangci-lint threads\n* Fix permissions on containers.conf\n* Don\u0027t force tests to use runc\n* Return exit code from failed containers\n* cgroup_manager should be under [engine]\n* Use c/common/pkg/auth in login/logout\n* Cirrus: Temporarily disable Ubuntu 19 testing\n* Add containers.conf to stablebyhand build\n* Update gitignore to exclude test Dockerfiles\n* Remove warning for systemd inside of container\n\nUpdate to v1.14.6:\n\n* Make image history work correctly with new args handling\n* Don\u0027t add args to the RUN environment from the Builder\n\nUpdate to v1.14.5:\n\n* Revert FIPS mode change\n\nUpdate to v1.14.4:\n\n* Update unshare man page to fix script example\n* Fix compilation errors on non linux platforms\n* Preserve volume uid and gid through subsequent commands\n* Fix potential CVE in tarfile w/ symlink\n* Fix .dockerignore with globs and ! commands\n\nUpdate to v1.14.2:\n\n* Search for local runtime per values in containers.conf\n* Set correct ownership on working directory\n* Improve remote manifest retrieval\n* Correct a couple of incorrect format specifiers\n* manifest push --format: force an image type, not a list type\n* run: adjust the order in which elements are added to $\n* getDateAndDigestAndSize(): handle creation time not being set\n* Make the commit id clear like Docker\n* Show error on copied file above context directory in build\n* pull/from/commit/push: retry on most failures\n* Repair buildah so it can use containers.conf on the server side\n* Fixing formatting \u0026 build instructions\n* Fix XDG_RUNTIME_DIR for authfile\n* Show validation command-line\n\nUpdate to v1.14.0:\n\n* getDateAndDigestAndSize(): use manifest.Digest\n* Touch up os/arch doc\n* chroot: handle slightly broken seccomp defaults\n* buildahimage: specify fuse-overlayfs mount options\n* parse: don\u0027t complain about not being able to rename something to itself\n* Fix build for 32bit platforms\n* Allow users to set OS and architecture on bud\n* Fix COPY in containerfile with envvar\n* Add --sign-by to bud/commit/push, --remove-signatures for pull/push\n* Add support for containers.conf\n* manifest push: add --format option\n\nUpdate to v1.13.1:\n\n* copyFileWithTar: close source files at the right time\n* copy: don\u0027t digest files that we ignore\n* Check for .dockerignore specifically\n* Don\u0027t setup excludes, if their is only one pattern to match\n* set HOME env to /root on chroot-isolation by default\n* docs: fix references to containers-*.5\n* fix bug Add check .dockerignore COPY file\n* buildah bud --volume: run from tmpdir, not source dir\n* Fix imageNamePrefix to give consistent names in buildah-from\n* cpp: use -traditional and -undef flags\n* discard outputs coming from onbuild command on buildah-from --quiet\n* make --format columnizing consistent with buildah images\n* Fix option handling for volumes in build\n* Rework overlay pkg for use with libpod\n* Fix buildahimage builds for buildah\n* Add support for FIPS-Mode backends\n* Set the TMPDIR for pulling/pushing image to $TMPDIR\n\nUpdate to v1.12.0:\n\n* Allow ADD to use http src\n* imgtype: reset storage opts if driver overridden\n* Start using containers/common\n* overlay.bats typo: fuse-overlays should be fuse-overlayfs\n* chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()\n* bind: don\u0027t complain about missing mountpoints\n* imgtype: check earlier for expected manifest type\n* Add history names support\n\nUpdate to v1.11.6:\n\n* Handle missing equal sign in --from and --chown flags for COPY/ADD\n* bud COPY does not download URL\n* Fix .dockerignore exclude regression\n* commit(docker): always set ContainerID and ContainerConfig\n* Touch up commit man page image parameter\n* Add builder identity annotations.\n\nUpdate to v1.11.5:\n\n* buildah: add \u0027manifest\u0027 command\n* pkg/supplemented: add a package for grouping images together\n* pkg/manifests: add a manifest list build/manipulation API\n* Update for ErrUnauthorizedForCredentials API change in containers/image\n* Update for manifest-lists API changes in containers/image\n* version: also note the version of containers/image\n* Move to containers/image v5.0.0\n* Enable --device directory as src device\n* Add clarification to the Tutorial for new users\n* Silence \u0027using cache\u0027 to ensure -q is fully quiet\n* Move runtime flag to bud from common\n* Commit: check for storage.ErrImageUnknown using errors.Cause()\n* Fix crash when invalid COPY --from flag is specified.\n\nUpdate to v1.11.4:\n\n* buildah: add a \u0027manifest\u0027 command\n* pkg/manifests: add a manifest list build/manipulation API\n* Update for ErrUnauthorizedForCredentials API change in containers/image\n* Update for manifest-lists API changes in containers/image\n* Move to containers/image v5.0.0\n* Enable --device directory as src device\n* Add clarification to the Tutorial for new users\n* Silence \u0027using cache\u0027 to ensure -q is fully quiet\n* Move runtime flag to bud from common\n* Commit: check for storage.ErrImageUnknown using errors.Cause()\n* Fix crash when invalid COPY --from flag is specified.\n\nUpdate to v1.11.3:\n\n* Add cgroups2\n* Add support for retrieving context from stdin \u0027-\u0027\n* Added tutorial on how to include Buildah as library\n* Fix --build-args handling\n* Print build \u0027STEP\u0027 line to stdout, not stderr\n* Use Containerfile by default\n\nUpdate to v1.11.2:\n\n* Add some cleanup code\n* Move devices code to unit specific directory.\n\nUpdate to v1.11.1:\n\n* Add --devices flag to bud and from\n* Add support for /run/.containerenv\n* Allow mounts.conf entries for equal source and destination paths\n* Fix label and annotation for 1-line Dockerfiles\n* Preserve file and directory mount permissions\n* Replace --debug=false with --log-level=error\n* Set TMPDIR to /var/tmp by default\n* Truncate output of too long image names\n* Ignore EmptyLayer if Squash is set\n\nUpdate to v1.11.0:\n\n* Add --digestfile and Re-add push statement as debug\n* Add --log-level command line option and deprecate --debug\n* Add security-related volume options to validator\n* Allow buildah bud to be called without arguments\n* Allow to override build date with SOURCE_DATE_EPOCH\n* Correctly detect ExitError values from Run()\n* Disable empty logrus timestamps to reduce logger noise\n* Fix directory pull image names\n* Fix handling of /dev/null masked devices\n* Fix possible runtime panic on bud\n* Update bud/from help to contain indicator for --dns=none\n* Update documentation about bud\n* Update shebangs to take env into consideration\n* Use content digests in ADD/COPY history entries\n* add support for cgroupsV2\n* add: add a DryRun flag to AddAndCopyOptions\n* add: handle hard links when copying with .dockerignore\n* add: teach copyFileWithTar() about symlinks and directories\n* imagebuilder: fix detection of referenced stage roots\n* pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES\n* run_linux: fix mounting /sys in a userns\n\n\nUpdate to v1.10.1:\n\n* Add automatic apparmor tag discovery\n* Add overlayfs to fuse-overlayfs tip\n* Bug fix for volume minus syntax\n* Bump container/storage v1.13.1 and containers/image v3.0.1\n* Bump containers/image to v3.0.2 to fix keyring issue\n* Fix bug whereby --get-login has no effect\n* Bump github.com/containernetworking/cni to v0.7.1\n- Add appamor-pattern requirement\n\n- Update build process to match the latest repository architecture\n- Update to v1.10.0\n* vendor github.com/containers/image@v3.0.0\n* Remove GO111MODULE in favor of -mod=vendor\n* Vendor in containers/storage v1.12.16\n* Add \u0027-\u0027 minus syntax for removal of config values\n* tests: enable overlay tests for rootless\n* rootless, overlay: use fuse-overlayfs\n* vendor github.com/containers/image@v2.0.1\n* Added \u0027-\u0027 syntax to remove volume config option\n* delete successfully pushed message\n* Add golint linter and apply fixes\n* vendor github.com/containers/storage@v1.12.15\n* Change wait to sleep in buildahimage readme\n* Handle ReadOnly images when deleting images\n* Add support for listing read/only images\n* from/import: record the base image\u0027s digest, if it has one\n* Fix CNI version retrieval to not require network connection\n* Add misspell linter and apply fixes\n* Add goimports linter and apply fixes\n* Add stylecheck linter and apply fixes\n* Add unconvert linter and apply fixes\n* image: make sure we don\u0027t try to use zstd compression\n* run.bats: skip the \u0027z\u0027 flag when testing --mount\n* Update to runc v1.0.0-rc8\n* Update to match updated runtime-tools API\n* bump github.com/opencontainers/runtime-tools to v0.9.0\n* Build e2e tests using the proper build tags\n* Add unparam linter and apply fixes\n* Run: correct a typo in the --cap-add help text\n* unshare: add a --mount flag\n* fix push check image name is not empty\n* add: fix slow copy with no excludes\n* Add errcheck linter and fix missing error check\n* Improve tests/tools/Makefile parallelism and abstraction\n* Fix response body not closed resource leak\n* Switch to golangci-lint\n* Add gomod instructions and mailing list links\n* On Masked path, check if /dev/null already mounted before mounting\n* Update to containers/storage v1.12.13\n* Refactor code in package imagebuildah\n* Add rootless podman with NFS issue in documentation\n* Add --mount for buildah run\n* import method ValidateVolumeOpts from libpod\n* Fix typo\n* Makefile: set GO111MODULE=off\n* rootless: add the built-in slirp DNS server\n* Update docker/libnetwork to get rid of outdated sctp package\n* Update buildah-login.md\n* migrate to go modules\n* install.md: mention go modules\n* tests/tools: go module for test binaries\n* fix --volume splits comma delimited option\n* Add bud test for RUN with a priv\u0027d command\n* vendor logrus v1.4.2\n* pkg/cli: panic when flags can\u0027t be hidden\n* pkg/unshare: check all errors\n* pull: check error during report write\n* run_linux.go: ignore unchecked errors\n* conformance test: catch copy error\n* chroot/run_test.go: export funcs to actually be executed\n* tests/imgtype: ignore error when shutting down the store\n* testreport: check json error\n* bind/util.go: remove unused func\n* rm chroot/util.go\n* imagebuildah: remove unused dedupeStringSlice\n* StageExecutor: EnsureContainerPath: catch error from SecureJoin()\n* imagebuildah/build.go: return instead of branching\n* rmi: avoid redundant branching\n* conformance tests: nilness: allocate map\n* imagebuildah/build.go: avoid redundant filepath.Join()\n* imagebuildah/build.go: avoid redundant os.Stat()\n* imagebuildah: omit comparison to bool\n* fix \u0027ineffectual assignment\u0027 lint errors\n* docker: ignore \u0027repeats json tag\u0027 lint error\n* pkg/unshare: use ... instead of iterating a slice\n* conformance: bud test: use raw strings for regexes\n* conformance suite: remove unused func/var\n* buildah test suite: remove unused vars/funcs\n* testreport: fix golangci-lint errors\n* util: remove redundant return statement\n* chroot: only log clean-up errors\n* images_test: ignore golangci-lint error\n* blobcache: log error when draining the pipe\n* imagebuildah: check errors in deferred calls\n* chroot: fix error handling in deferred funcs\n* cmd: check all errors\n* chroot/run_test.go: check errors\n* chroot/run.go: check errors in deferred calls\n* imagebuildah.Executor: remove unused onbuild field\n* docker/types.go: remove unused struct fields\n* util: use strings.ContainsRune instead of index check\n* Cirrus: Initial implementation\n* buildah-run: fix-out-of-range panic (2)\n* Update containers/image to v2.0.0\n* run: fix hang with run and --isolation=chroot\n* run: fix hang when using run\n* chroot: drop unused function call\n* remove --\u003e before imgageID on build\n* Always close stdin pipe\n* Write deny to setgroups when doing single user mapping\n* Avoid including linux/memfd.h\n* Add a test for the symlink pointing to a directory\n* Add missing continue\n* Fix the handling of symlinks to absolute paths\n* Only set default network sysctls if not rootless\n* Support --dns=none like podman\n* fix bug --cpu-shares parsing typo\n* Fix validate complaint\n* Update vendor on containers/storage to v1.12.10\n* Create directory paths for COPY thereby ensuring correct perms\n* imagebuildah: use a stable sort for comparing build args\n* imagebuildah: tighten up cache checking\n* bud.bats: add a test verying the order of --build-args\n* add -t to podman run\n* imagebuildah: simplify screening by top layers\n* imagebuildah: handle ID mappings for COPY --from\n* imagebuildah: apply additionalTags ourselves\n* bud.bats: test additional tags with cached images\n* bud.bats: add a test for WORKDIR and COPY with absolute destinations\n* Cleanup Overlay Mounts content\n* Add support for file secret mounts\n* Add ability to skip secrets in mounts file\n* allow 32bit builds\n* fix tutorial instructions\n* imagebuilder: pass the right contextDir to Add()\n* add: use fileutils.PatternMatcher for .dockerignore\n* bud.bats: add another .dockerignore test\n* unshare: fallback to single usermapping\n* addHelperSymlink: clear the destination on os.IsExist errors\n* bud.bats: test replacing symbolic links\n* imagebuildah: fix handling of destinations that end with \u0027/\u0027\n* bud.bats: test COPY with a final \u0027/\u0027 in the destination\n* linux: add check for sysctl before using it\n* unshare: set _CONTAINERS_ROOTLESS_GID\n* Rework buildahimamges\n* build context: support https git repos\n* Add a test for ENV special chars behaviour\n* Check in new Dockerfiles\n* Apply custom SHELL during build time\n* config: expand variables only at the command line\n* SetEnv: we only need to expand v once\n* Add default /root if empty on chroot iso\n* Add support for Overlay volumes into the container.\n* Export buildah validate volume functions so it can share code with libpod\n* Bump baseline test to F30\n* Fix rootless handling of /dev/shm size\n* Avoid fmt.Printf() in the library\n* imagebuildah: tighten cache checking back up\n* Handle WORKDIR with dangling target\n* Default Authfile to proper path\n* Make buildah run --isolation follow BUILDAH_ISOLATION environment\n* Vendor in latest containers/storage and containers/image\n* getParent/getChildren: handle layerless images\n* imagebuildah: recognize cache images for layerless images\n* bud.bats: test scratch images with --layers caching\n* Get CHANGELOG.md updates\n* Add some symlinks to test our .dockerignore logic\n* imagebuildah: addHelper: handle symbolic links\n* commit/push: use an everything-allowed policy\n* Correct manpage formatting in files section\n* Remove must be root statement from buildah doc\n* Change image names to stable, testing and upstream\n* Don\u0027t create directory on container\n* Replace kubernetes/pause in tests with k8s.gcr.io/pause\n* imagebuildah: don\u0027t remove intermediate images if we need them\n* Rework buildahimagegit to buildahimageupstream\n* Fix Transient Mounts\n* Handle WORKDIRs that are symlinks\n* allow podman to build a client for windows\n* Touch up 1.9-dev to 1.9.0-dev\n* Resolve symlink when checking container path\n* commit: commit on every instruction, but not always with layers\n* CommitOptions: drop the unused OnBuild field\n* makeImageRef: pass in the whole CommitOptions structure\n* cmd: API cleanup: stores before images\n* run: check if SELinux is enabled\n* Fix buildahimages Dockerfiles to include support for additionalimages mounted from host.\n* Detect changes in rootdir\n* Fix typo in buildah-pull(1)\n* Vendor in latest containers/storage\n* Keep track of any build-args used during buildah bud --layers\n* commit: always set a parent ID\n* imagebuildah: rework unused-argument detection\n* fix bug dest path when COPY .dockerignore\n* Move Host IDMAppings code from util to unshare\n* Add BUILDAH_ISOLATION rootless back\n* Travis CI: fail fast, upon error in any step\n* imagebuildah: only commit images for intermediate stages if we have to\n* Use errors.Cause() when checking for IsNotExist errors\n* auto pass http_proxy to container\n* imagebuildah: don\u0027t leak image structs\n* Add Dockerfiles for buildahimages\n* Bump to Replace golang 1.10 with 1.12\n* add --dns* flags to buildah bud\n* Add hack/build_speed.sh test speeds on building container images\n* Create buildahimage Dockerfile for Quay\n* rename \u0027is\u0027 to \u0027expect_output\u0027\n* squash.bats: test squashing in multi-layered builds\n* bud.bats: test COPY --from in a Dockerfile while using the cache\n* commit: make target image names optional\n* Fix bud-args to allow comma separation\n* oops, missed some tests in commit.bats\n* new helper: expect_line_count\n* New tests for #1467 (string slices in cmdline opts)\n* Workarounds for dealing with travis; review feedback\n* BATS tests - extensive but minor cleanup\n* imagebuildah: defer pulling images for COPY --from\n* imagebuildah: centralize COMMIT and image ID output\n* Travis: do not use traviswait\n* imagebuildah: only initialize imagebuilder configuration once per stage\n* Make cleaner error on Dockerfile build errors\n* unshare: move to pkg/\n* unshare: move some code from cmd/buildah/unshare\n* Fix handling of Slices versus Arrays\n* imagebuildah: reorganize stage and per-stage logic\n* imagebuildah: add empty layers for instructions\n* Add missing step in installing into Ubuntu\n* fix bug in .dockerignore support\n* imagebuildah: deduplicate prepended \u0027FROM\u0027 instructions\n* Touch up intro\n* commit: set created-by to the shell if it isn\u0027t set\n* commit: check that we always set a \u0027created-by\u0027\n* docs/buildah.md: add \u0027containers-\u0027 prefixes under \u0027SEE ALSO\u0027\n\nUpdate to v1.7.2\n\n* Updates vendored containers/storage to latest version\n* rootless: by default use the host network namespace\n\n- Full changelog: https://github.com/containers/buildah/releases/tag/v1.6\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3423,SUSE-SLE-Module-Containers-15-SP1-2020-3423,SUSE-SLE-Module-Containers-15-SP2-2020-3423",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3423-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3423-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203423-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3423-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007820.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165184",
"url": "https://bugzilla.suse.com/1165184"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10214 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2020-11-19T15:11:49Z",
"generator": {
"date": "2020-11-19T15:11:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3423-1",
"initial_release_date": "2020-11-19T15:11:49Z",
"revision_history": [
{
"date": "2020-11-19T15:11:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.aarch64",
"product": {
"name": "buildah-1.17.0-3.6.1.aarch64",
"product_id": "buildah-1.17.0-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.i586",
"product": {
"name": "buildah-1.17.0-3.6.1.i586",
"product_id": "buildah-1.17.0-3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.ppc64le",
"product": {
"name": "buildah-1.17.0-3.6.1.ppc64le",
"product_id": "buildah-1.17.0-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.s390x",
"product": {
"name": "buildah-1.17.0-3.6.1.s390x",
"product_id": "buildah-1.17.0-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.x86_64",
"product": {
"name": "buildah-1.17.0-3.6.1.x86_64",
"product_id": "buildah-1.17.0-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64"
},
"product_reference": "buildah-1.17.0-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le"
},
"product_reference": "buildah-1.17.0-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x"
},
"product_reference": "buildah-1.17.0-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64"
},
"product_reference": "buildah-1.17.0-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64"
},
"product_reference": "buildah-1.17.0-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le"
},
"product_reference": "buildah-1.17.0-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x"
},
"product_reference": "buildah-1.17.0-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
},
"product_reference": "buildah-1.17.0-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10214"
}
],
"notes": [
{
"category": "general",
"text": "The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10214",
"url": "https://www.suse.com/security/cve/CVE-2019-10214"
},
{
"category": "external",
"summary": "SUSE Bug 1144065 for CVE-2019-10214",
"url": "https://bugzilla.suse.com/1144065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T15:11:49Z",
"details": "moderate"
}
],
"title": "CVE-2019-10214"
},
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T15:11:49Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
}
]
}
SUSE-SU-2022:0770-1
Vulnerability from csaf_suse - Published: 2022-03-09 08:24 - Updated: 2022-03-09 08:24Summary
Security update for buildah
Severity
Moderate
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
buildah was updated to version 1.23.1:
Update to version 1.22.3:
* Update dependencies
* Post-branch commit
* Accept repositories on login/logout
Update to version 1.22.0:
* c/image, c/storage, c/common vendor before Podman 3.3 release
* Proposed patch for 3399 (shadowutils)
* Fix handling of --restore shadow-utils
* runtime-flag (debug) test: handle old & new runc
* Allow dst and destination for target in secret mounts
* Multi-arch: Always push updated version-tagged img
* imagebuildah.stageExecutor.prepare(): remove pseudonym check
* refine dangling filter
* Chown with environment variables not set should fail
* Just restore protections of shadow-utils
* Remove specific kernel version number requirement from install.md
* Multi-arch image workflow: Make steps generic
* chroot: fix environment value leakage to intermediate processes
* Update nix pin with `make nixpkgs`
* buildah source - create and manage source images
* Update cirrus-cron notification GH workflow
* Reuse code from containers/common/pkg/parse
* Cirrus: Freshen VM images
* Fix excludes exception begining with / or ./
* Fix syntax for --manifest example
* vendor containers/common@main
* Cirrus: Drop dependence on fedora-minimal
* Adjust conformance-test error-message regex
* Workaround appearance of differing debug messages
* Cirrus: Install docker from package cache
* Switch rusagelogfile to use options.Out
* Turn stdio back to blocking when command finishes
* Add support for default network creation
* Cirrus: Updates for master->main rename
* Change references from master to main
* Add `--env` and `--workingdir` flags to run command
* [CI:DOCS] buildah bud: spelling --ignore-file requires parameter
* [CI:DOCS] push/pull: clarify supported transports
* Remove unused function arguments
* Create mountOptions for mount command flags
* Extract version command implementation to function
* Add --json flags to `mount` and `version` commands
* copier.Put(): set xattrs after ownership
* buildah add/copy: spelling
* buildah copy and buildah add should support .containerignore
* Remove unused util.StartsWithValidTransport
* Fix documentation of the --format option of buildah push
* Don't use alltransports.ParseImageName with known transports
* man pages: clarify `rmi` removes dangling parents
* [CI:DOCS] Fix links to c/image master branch
* imagebuildah: use the specified logger for logging preprocessing warnings
* Fix copy into workdir for a single file
* Fix docs links due to branch rename
* Update nix pin with `make nixpkgs`
* fix(docs): typo
* Move to v1.22.0-dev
* Fix handling of auth.json file while in a user namespace
* Add rusage-logfile flag to optionally send rusage to a file
* imagebuildah: redo step logging
* Add volumes to make running buildah within a container easier
* Add and use a 'copy' helper instead of podman load/save
* Bump github.com/containers/common from 0.38.4 to 0.39.0
* containerImageRef/containerImageSource: don't buffer uncompressed layers
* containerImageRef(): squashed images have no parent images
* Sync. workflow across skopeo, buildah, and podman
* Bump github.com/containers/storage from 1.31.1 to 1.31.2
* Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
* Bump to v1.21.1-dev [NO TESTS NEEDED]
Patchnames: SUSE-2022-770,SUSE-SLE-Module-Containers-15-SP3-2022-770
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nbuildah was updated to version 1.23.1:\n\nUpdate to version 1.22.3:\n\n* Update dependencies\n* Post-branch commit\n* Accept repositories on login/logout\n\nUpdate to version 1.22.0:\n\n* c/image, c/storage, c/common vendor before Podman 3.3 release\n* Proposed patch for 3399 (shadowutils)\n* Fix handling of --restore shadow-utils\n* runtime-flag (debug) test: handle old \u0026 new runc\n* Allow dst and destination for target in secret mounts\n* Multi-arch: Always push updated version-tagged img\n* imagebuildah.stageExecutor.prepare(): remove pseudonym check\n* refine dangling filter\n* Chown with environment variables not set should fail\n* Just restore protections of shadow-utils\n* Remove specific kernel version number requirement from install.md\n* Multi-arch image workflow: Make steps generic\n* chroot: fix environment value leakage to intermediate processes\n* Update nix pin with `make nixpkgs`\n* buildah source - create and manage source images\n* Update cirrus-cron notification GH workflow\n* Reuse code from containers/common/pkg/parse\n* Cirrus: Freshen VM images\n* Fix excludes exception begining with / or ./\n* Fix syntax for --manifest example\n* vendor containers/common@main\n* Cirrus: Drop dependence on fedora-minimal\n* Adjust conformance-test error-message regex\n* Workaround appearance of differing debug messages\n* Cirrus: Install docker from package cache\n* Switch rusagelogfile to use options.Out\n* Turn stdio back to blocking when command finishes\n* Add support for default network creation\n* Cirrus: Updates for master-\u003emain rename\n* Change references from master to main\n* Add `--env` and `--workingdir` flags to run command\n* [CI:DOCS] buildah bud: spelling --ignore-file requires parameter\n* [CI:DOCS] push/pull: clarify supported transports\n* Remove unused function arguments\n* Create mountOptions for mount command flags\n* Extract version command implementation to function\n* Add --json flags to `mount` and `version` commands\n* copier.Put(): set xattrs after ownership\n* buildah add/copy: spelling\n* buildah copy and buildah add should support .containerignore\n* Remove unused util.StartsWithValidTransport\n* Fix documentation of the --format option of buildah push\n* Don\u0027t use alltransports.ParseImageName with known transports\n* man pages: clarify `rmi` removes dangling parents\n* [CI:DOCS] Fix links to c/image master branch\n* imagebuildah: use the specified logger for logging preprocessing warnings\n* Fix copy into workdir for a single file\n* Fix docs links due to branch rename\n* Update nix pin with `make nixpkgs`\n* fix(docs): typo\n* Move to v1.22.0-dev\n* Fix handling of auth.json file while in a user namespace\n* Add rusage-logfile flag to optionally send rusage to a file\n* imagebuildah: redo step logging\n* Add volumes to make running buildah within a container easier\n* Add and use a \u0027copy\u0027 helper instead of podman load/save\n* Bump github.com/containers/common from 0.38.4 to 0.39.0\n* containerImageRef/containerImageSource: don\u0027t buffer uncompressed layers\n* containerImageRef(): squashed images have no parent images\n* Sync. workflow across skopeo, buildah, and podman\n* Bump github.com/containers/storage from 1.31.1 to 1.31.2\n* Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95\n* Bump to v1.21.1-dev [NO TESTS NEEDED]\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-770,SUSE-SLE-Module-Containers-15-SP3-2022-770",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0770-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0770-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220770-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0770-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010404.html"
},
{
"category": "self",
"summary": "SUSE Bug 1187812",
"url": "https://bugzilla.suse.com/1187812"
},
{
"category": "self",
"summary": "SUSE Bug 1192999",
"url": "https://bugzilla.suse.com/1192999"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10214 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-03-09T08:24:57Z",
"generator": {
"date": "2022-03-09T08:24:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0770-1",
"initial_release_date": "2022-03-09T08:24:57Z",
"revision_history": [
{
"date": "2022-03-09T08:24:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.aarch64",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.aarch64",
"product_id": "buildah-1.23.1-150300.8.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.i586",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.i586",
"product_id": "buildah-1.23.1-150300.8.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.ppc64le",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.ppc64le",
"product_id": "buildah-1.23.1-150300.8.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.s390x",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.s390x",
"product_id": "buildah-1.23.1-150300.8.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.x86_64",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.x86_64",
"product_id": "buildah-1.23.1-150300.8.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10214"
}
],
"notes": [
{
"category": "general",
"text": "The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10214",
"url": "https://www.suse.com/security/cve/CVE-2019-10214"
},
{
"category": "external",
"summary": "SUSE Bug 1144065 for CVE-2019-10214",
"url": "https://bugzilla.suse.com/1144065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T08:24:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-10214"
},
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T08:24:57Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T08:24:57Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
}
]
}
SUSE-SU-2022:3480-1
Vulnerability from csaf_suse - Published: 2022-09-30 12:50 - Updated: 2022-09-30 12:50Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- Updated to version 1.26.0:
- CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities (bsc#1197870).
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
Patchnames: SUSE-2022-3480,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3480,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3480,SUSE-Storage-6-2022-3480,SUSE-Storage-7-2022-3480
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- Updated to version 1.26.0:\n - CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities (bsc#1197870).\n - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).\n - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3480,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3480,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3480,SUSE-Storage-6-2022-3480,SUSE-Storage-7-2022-3480",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3480-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3480-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223480-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3480-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012462.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1183043",
"url": "https://bugzilla.suse.com/1183043"
},
{
"category": "self",
"summary": "SUSE Bug 1192999",
"url": "https://bugzilla.suse.com/1192999"
},
{
"category": "self",
"summary": "SUSE Bug 1197870",
"url": "https://bugzilla.suse.com/1197870"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27651 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27651/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-09-30T12:50:00Z",
"generator": {
"date": "2022-09-30T12:50:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3480-1",
"initial_release_date": "2022-09-30T12:50:00Z",
"revision_history": [
{
"date": "2022-09-30T12:50:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.aarch64",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64",
"product_id": "buildah-1.25.1-150100.3.13.12.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.i586",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.i586",
"product_id": "buildah-1.25.1-150100.3.13.12.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.ppc64le",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le",
"product_id": "buildah-1.25.1-150100.3.13.12.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.s390x",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.s390x",
"product_id": "buildah-1.25.1-150100.3.13.12.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.x86_64",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64",
"product_id": "buildah-1.25.1-150100.3.13.12.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-30T12:50:00Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-30T12:50:00Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-27651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27651"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27651",
"url": "https://www.suse.com/security/cve/CVE-2022-27651"
},
{
"category": "external",
"summary": "SUSE Bug 1197870 for CVE-2022-27651",
"url": "https://bugzilla.suse.com/1197870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-30T12:50:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-27651"
}
]
}
SUSE-SU-2022:3655-1
Vulnerability from csaf_suse - Published: 2022-10-19 10:34 - Updated: 2022-10-19 10:34Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Buildah was updated to version 1.27.1:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker
to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).
Patchnames: SUSE-2022-3655,SUSE-SLE-Module-Containers-15-SP4-2022-3655,openSUSE-SLE-15.4-2022-3655
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n \nBuildah was updated to version 1.27.1:\n\n- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker\n to execute arbitrary binaries on the host (bsc#1181961).\n- CVE-2020-10696: Fixed an issue that could lead to files being\n overwritten during the image building process (bsc#1167864).\n- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3655,SUSE-SLE-Module-Containers-15-SP4-2022-3655,openSUSE-SLE-15.4-2022-3655",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3655-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3655-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223655-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3655-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012578.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-10-19T10:34:23Z",
"generator": {
"date": "2022-10-19T10:34:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3655-1",
"initial_release_date": "2022-10-19T10:34:23Z",
"revision_history": [
{
"date": "2022-10-19T10:34:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.aarch64",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64",
"product_id": "buildah-1.27.1-150400.3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.i586",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.i586",
"product_id": "buildah-1.27.1-150400.3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.ppc64le",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le",
"product_id": "buildah-1.27.1-150400.3.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.s390x",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.s390x",
"product_id": "buildah-1.27.1-150400.3.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.x86_64",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64",
"product_id": "buildah-1.27.1-150400.3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:3766-1
Vulnerability from csaf_suse - Published: 2022-10-26 09:38 - Updated: 2022-10-26 09:38Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote '?' in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow 'err'
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for 'mkdir /'
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty 'foo' label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote '?' in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere
for systems which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file
is required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty 'foo' label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
Patchnames: SUSE-2022-3766,SUSE-SLE-Module-Basesystem-15-SP3-2022-3766,SUSE-SLE-Module-Containers-15-SP3-2022-3766,SUSE-SUSE-MicroOS-5.1-2022-3766,SUSE-SUSE-MicroOS-5.2-2022-3766,openSUSE-Leap-Micro-5.2-2022-3766,openSUSE-SLE-15.3-2022-3766
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).\n- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).\n- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812\n\nBuildah was updated to version 1.27.1:\n\n* run: add container gid to additional groups\n\n- Add fix for CVE-2022-2990 / bsc#1202812\n\n\nUpdate to version 1.27.0:\n\n* Don\u0027t try to call runLabelStdioPipes if spec.Linux is not set\n* build: support filtering cache by duration using --cache-ttl\n* build: support building from commit when using git repo as build context\n* build: clean up git repos correctly when using subdirs\n* integration tests: quote \u0027?\u0027 in shell scripts\n* test: manifest inspect should have OCIv1 annotation\n* vendor: bump to c/common@87fab4b7019a\n* Failure to determine a file or directory should print an error\n* refactor: remove unused CommitOptions from generateBuildOutput\n* stage_executor: generate output for cases with no commit\n* stage_executor, commit: output only if last stage in build\n* Use errors.Is() instead of os.Is{Not,}Exist\n* Minor test tweak for podman-remote compatibility\n* Cirrus: Use the latest imgts container\n* imagebuildah: complain about the right Dockerfile\n* tests: don\u0027t try to wrap `nil` errors\n* cmd/buildah.commitCmd: don\u0027t shadow \u0027err\u0027\n* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig\n* Fix a copy/paste error message\n* Fix a typo in an error message\n* build,cache: support pulling/pushing cache layers to/from remote sources\n* Update vendor of containers/(common, storage, image)\n* Rename chroot/run.go to chroot/run_linux.go\n* Don\u0027t bother telling codespell to skip files that don\u0027t exist\n* Set user namespace defaults correctly for the library\n* imagebuildah: optimize cache hits for COPY and ADD instructions\n* Cirrus: Update VM images w/ updated bats\n* docs, run: show SELinux label flag for cache and bind mounts\n* imagebuildah, build: remove undefined concurrent writes\n* bump github.com/opencontainers/runtime-tools\n* Add FreeBSD support for \u0027buildah info\u0027\n* Vendor in latest containers/(storage, common, image)\n* Add freebsd cross build targets\n* Make the jail package build on 32bit platforms\n* Cirrus: Ensure the build-push VM image is labeled\n* GHA: Fix dynamic script filename\n* Vendor in containers/(common, storage, image)\n* Run codespell\n* Remove import of github.com/pkg/errors\n* Avoid using cgo in pkg/jail\n* Rename footypes to fooTypes for naming consistency\n* Move cleanupTempVolumes and cleanupRunMounts to run_common.go\n* Make the various run mounts work for FreeBSD\n* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go\n* Move runSetupRunMounts to run_common.go\n* Move cleanableDestinationListFromMounts to run_common.go\n* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD\n* Move setupMounts and runSetupBuiltinVolumes to run_common.go\n* Tidy up - runMakeStdioPipe can\u0027t be shared with linux\n* Move runAcceptTerminal to run_common.go\n* Move stdio copying utilities to run_common.go\n* Move runUsingRuntime and runCollectOutput to run_common.go\n* Move fileCloser, waitForSync and contains to run_common.go\n* Move checkAndOverrideIsolationOptions to run_common.go\n* Move DefaultNamespaceOptions to run_common.go\n* Move getNetworkInterface to run_common.go\n* Move configureEnvironment to run_common.go\n* Don\u0027t crash in configureUIDGID if Process.Capabilities is nil\n* Move configureUIDGID to run_common.go\n* Move runLookupPath to run_common.go\n* Move setupTerminal to run_common.go\n* Move etc file generation utilities to run_common.go\n* Add run support for FreeBSD\n* Add a simple FreeBSD jail library\n* Add FreeBSD support to pkg/chrootuser\n* Sync call signature for RunUsingChroot with chroot/run.go\n* test: verify feature to resolve basename with args\n* vendor: bump openshift/imagebuilder to master@4151e43\n* GHA: Remove required reserved-name use\n* buildah: set XDG_RUNTIME_DIR before setting default runroot\n* imagebuildah: honor build output even if build container is not commited\n* chroot: honor DefaultErrnoRet\n* [CI:DOCS] improve pull-policy documentation\n* tests: retrofit test since --file does not supports dir\n* Switch to golang native error wrapping\n* BuildDockerfiles: error out if path to containerfile is a directory\n* define.downloadToDirectory: fail early if bad HTTP response\n* GHA: Allow re-use of Cirrus-Cron fail-mail workflow\n* add: fail on bad http response instead of writing to container\n* [CI:DOCS] Update buildahimage comment\n* lint: inspectable is never nil\n* vendor: c/common to common@7e1563b\n* build: support OCI hooks for ephemeral build containers\n* [CI:BUILD] Install latest buildah instead of compiling\n* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]\n* Make sure cpp is installed in buildah images\n* demo: use unshare for rootless invocations\n* buildah.spec.rpkg: initial addition\n* build: fix test for subid 4\n* build, userns: add support for --userns=auto\n* Fix building upstream buildah image\n* Remove redundant buildahimages-are-sane validation\n* Docs: Update multi-arch buildah images readme\n* Cirrus: Migrate multiarch build off github actions\n* retrofit-tests: we skip unused stages so use stages\n* stage_executor: dont rely on stage while looking for additional-context\n* buildkit, multistage: skip computing unwanted stages\n* More test cleanup\n* copier: work around freebsd bug for \u0027mkdir /\u0027\n* Replace $BUILDAH_BINARY with buildah() function\n* Fix up buildah images\n* Make util and copier build on FreeBSD\n* Vendor in latest github.com/sirupsen/logrus\n* Makefile: allow building without .git\n* run_unix: don\u0027t return an error from getNetworkInterface\n* run_unix: return a valid DefaultNamespaceOptions\n* Update vendor of containers/storage\n* chroot: use ActKillThread instead of ActKill\n* use resolvconf package from c/common/libnetwork\n* update c/common to latest main\n* copier: add `NoOverwriteNonDirDir` option\n* Sort buildoptions and move cli/build functions to internal\n* Fix TODO: de-spaghettify run mounts\n* Move options parsing out of build.go and into pkg/cli\n* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps\n* build, multiarch: support splitting build logs for --platform\n* [CI:BUILD] WIP Cleanup Image Dockerfiles\n* cli remove stutter\n* docker-parity: ignore sanity check if baseImage history is null\n* build, commit: allow disabling image history with --omit-history\n* Fix use generic/ambiguous DEBUG name\n* Cirrus: use Ubuntu 22.04 LTS\n* Fix codespell errors\n* Remove util.StringInSlice because it is defined in containers/common\n* buildah: add support for renaming a device in rootless setups\n* squash: never use build cache when computing last step of last stage\n* Update vendor of containers/(common, storage, image)\n* buildkit: supports additionalBuildContext in builds via --build-context\n* buildah source pull/push: show progress bar\n* run: allow resuing secret twice in different RUN steps\n* test helpers: default to being rootless-aware\n* Add --cpp-flag flag to buildah build\n* build: accept branch and subdirectory when context is git repo\n* Vendor in latest containers/common\n* vendor: update c/storage and c/image\n* Fix gentoo install docs\n* copier: move NSS load to new process\n* Add test for prevention of reusing encrypted layers\n* Make `buildah build --label foo` create an empty \u0027foo\u0027 label again\n\n\nUpdate to version 1.26.4:\n\n* build, multiarch: support splitting build logs for --platform\n* copier: add `NoOverwriteNonDirDir` option\n* docker-parity: ignore sanity check if baseImage history is null\n* build, commit: allow disabling image history with --omit-history\n* buildkit: supports additionalBuildContext in builds via --build-context\n* Add --cpp-flag flag to buildah build\n\nUpdate to version 1.26.3:\n\n* define.downloadToDirectory: fail early if bad HTTP response\n* add: fail on bad http response instead of writing to container\n* squash: never use build cache when computing last step of last stage\n* run: allow resuing secret twice in different RUN steps\n* integration tests: update expected error messages\n* integration tests: quote \u0027?\u0027 in shell scripts\n* Use errors.Is() to check for storage errors\n* lint: inspectable is never nil\n* chroot: use ActKillThread instead of ActKill\n* chroot: honor DefaultErrnoRet\n* Set user namespace defaults correctly for the library\n* contrib/rpm/buildah.spec: fix `rpm` parser warnings\n\nDrop requires on apparmor pattern, should be moved elsewhere\nfor systems which want AppArmor instead of SELinux.\n\n- Update BuildRequires to libassuan-devel \u003e= 2.5.2, pkgconfig file\n is required to build.\n\nUpdate to version 1.26.2:\n\n* buildah: add support for renaming a device in rootless setups\n\nUpdate to version 1.26.1:\n\n* Make `buildah build --label foo` create an empty \u0027foo\u0027 label again\n* imagebuildah,build: move deepcopy of args before we spawn goroutine\n* Vendor in containers/storage v1.40.2\n* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated\n* help output: get more consistent about option usage text\n* Handle OS version and features flags\n* buildah build: --annotation and --label should remove values\n* buildah build: add a --env\n* buildah: deep copy options.Args before performing concurrent build/stage\n* test: inline platform and builtinargs behaviour\n* vendor: bump imagebuilder to master/009dbc6\n* build: automatically set correct TARGETPLATFORM where expected\n* Vendor in containers/(common, storage, image)\n* imagebuildah, executor: process arg variables while populating baseMap\n* buildkit: add support for custom build output with --output\n* Cirrus: Update CI VMs to F36\n* fix staticcheck linter warning for deprecated function\n* Fix docs build on FreeBSD\n* copier.unwrapError(): update for Go 1.16\n* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit\n* copier.Put(): write to read-only directories\n* Ed\u0027s periodic test cleanup\n* using consistent lowercase \u0027invalid\u0027 word in returned err msg\n* use etchosts package from c/common\n* run: set actual hostname in /etc/hostname to match docker parity\n* Update vendor of containers/(common,storage,image)\n* manifest-create: allow creating manifest list from local image\n* Update vendor of storage,common,image\n* Initialize network backend before first pull\n* oci spec: change special mount points for namespaces\n* tests/helpers.bash: assert handle corner cases correctly\n* buildah: actually use containers.conf settings\n* integration tests: learn to start a dummy registry\n* Fix error check to work on Podman\n* buildah build should accept at most one arg\n* tests: reduce concurrency for flaky bud-multiple-platform-no-run\n* vendor in latest containers/common,image,storage\n* manifest-add: allow override arch,variant while adding image\n* Remove a stray `\\` from .containerenv\n* Vendor in latest opencontainers/selinux v1.10.1\n* build, commit: allow removing default identity labels\n* Create shorter names for containers based on image IDs\n* test: skip rootless on cgroupv2 in root env\n* fix hang when oci runtime fails\n* Set permissions for GitHub actions\n* copier test: use correct UID/GID in test archives\n* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3766,SUSE-SLE-Module-Basesystem-15-SP3-2022-3766,SUSE-SLE-Module-Containers-15-SP3-2022-3766,SUSE-SUSE-MicroOS-5.1-2022-3766,SUSE-SUSE-MicroOS-5.2-2022-3766,openSUSE-Leap-Micro-5.2-2022-3766,openSUSE-SLE-15.3-2022-3766",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3766-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3766-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223766-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3766-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012703.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-10-26T09:38:08Z",
"generator": {
"date": "2022-10-26T09:38:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3766-1",
"initial_release_date": "2022-10-26T09:38:08Z",
"revision_history": [
{
"date": "2022-10-26T09:38:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.aarch64",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64",
"product_id": "buildah-1.27.1-150300.8.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"product_id": "libgpg-error0-1.42-150300.9.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product": {
"name": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product_id": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product": {
"name": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product_id": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.i586",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.i586",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.i586",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.i586",
"product_id": "libgpg-error0-1.42-150300.9.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.ppc64le",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le",
"product_id": "buildah-1.27.1-150300.8.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"product_id": "libgpg-error0-1.42-150300.9.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.s390x",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.s390x",
"product_id": "buildah-1.27.1-150300.8.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.s390x",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x",
"product_id": "libgpg-error0-1.42-150300.9.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.x86_64",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64",
"product_id": "buildah-1.27.1-150300.8.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error0-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:4349-1
Vulnerability from csaf_suse - Published: 2022-12-07 15:15 - Updated: 2022-12-07 15:15Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Version update to 1.28.2.
- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).
- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).
Patchnames: SUSE-2022-4349,SUSE-SLE-Module-Containers-15-SP4-2022-4349,openSUSE-SLE-15.4-2022-4349
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nVersion update to 1.28.2.\n\n- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).\n- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4349,SUSE-SLE-Module-Containers-15-SP4-2022-4349,openSUSE-SLE-15.4-2022-4349",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4349-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4349-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224349-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4349-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013200.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-12-07T15:15:59Z",
"generator": {
"date": "2022-12-07T15:15:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4349-1",
"initial_release_date": "2022-12-07T15:15:59Z",
"revision_history": [
{
"date": "2022-12-07T15:15:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.aarch64",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.aarch64",
"product_id": "buildah-1.28.2-150400.3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.i586",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.i586",
"product_id": "buildah-1.28.2-150400.3.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.ppc64le",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.ppc64le",
"product_id": "buildah-1.28.2-150400.3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.s390x",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.s390x",
"product_id": "buildah-1.28.2-150400.3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.x86_64",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.x86_64",
"product_id": "buildah-1.28.2-150400.3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:15:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:4350-1
Vulnerability from csaf_suse - Published: 2022-12-07 15:16 - Updated: 2022-12-07 15:16Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Version update to 1.28.2.
- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).
- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).
Patchnames: SUSE-2022-4350,SUSE-SLE-Module-Containers-15-SP3-2022-4350,openSUSE-SLE-15.3-2022-4350
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nVersion update to 1.28.2.\n\n- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).\n- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4350,SUSE-SLE-Module-Containers-15-SP3-2022-4350,openSUSE-SLE-15.3-2022-4350",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4350-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4350-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224350-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4350-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013201.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-12-07T15:16:30Z",
"generator": {
"date": "2022-12-07T15:16:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4350-1",
"initial_release_date": "2022-12-07T15:16:30Z",
"revision_history": [
{
"date": "2022-12-07T15:16:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.aarch64",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.aarch64",
"product_id": "buildah-1.28.2-150300.8.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.i586",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.i586",
"product_id": "buildah-1.28.2-150300.8.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.ppc64le",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.ppc64le",
"product_id": "buildah-1.28.2-150300.8.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.s390x",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.s390x",
"product_id": "buildah-1.28.2-150300.8.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.x86_64",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.x86_64",
"product_id": "buildah-1.28.2-150300.8.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:16:30Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:16:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…