Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:1931

Опубликовано: 28 апр. 2020
Источник: rocky
Оценка: Important

Описание

Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
cockpit-podmannoarch1.module+el8.5.0+770+e2f49861cockpit-podman-11-1.module+el8.5.0+770+e2f49861.noarch.rpm
containernetworking-pluginsx86_644.module+el8.5.0+770+e2f49861containernetworking-plugins-0.8.3-4.module+el8.5.0+770+e2f49861.x86_64.rpm
critx86_649.module+el8.5.0+681+c9a1951fcrit-3.12-9.module+el8.5.0+681+c9a1951f.x86_64.rpm
criux86_649.module+el8.5.0+681+c9a1951fcriu-3.12-9.module+el8.5.0+681+c9a1951f.x86_64.rpm
python3-criux86_649.module+el8.5.0+681+c9a1951fpython3-criu-3.12-9.module+el8.5.0+681+c9a1951f.x86_64.rpm
python-podman-apinoarch0.2.gitd0a45fe.module+el8.5.0+770+e2f49861python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.5.0+770+e2f49861.noarch.rpm
slirp4netnsx86_643.git21fdece.module+el8.5.0+770+e2f49861slirp4netns-0.4.2-3.git21fdece.module+el8.5.0+770+e2f49861.x86_64.rpm
toolboxnoarch1.module+el8.5.0+770+e2f49861toolbox-0.0.7-1.module+el8.5.0+770+e2f49861.noarch.rpm
udicanoarch2.module+el8.5.0+770+e2f49861udica-0.2.1-2.module+el8.5.0+770+e2f49861.noarch.rpm

Показывать по

Связанные CVE

CVE-2020-10696

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-10696

CVSS3: 8.8
ubuntu
около 5 лет назад

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

redhat логотип

CVE-2020-10696

CVSS3: 8.8
redhat
около 5 лет назад

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

nvd логотип

CVE-2020-10696

CVSS3: 8.8
nvd
около 5 лет назад

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

debian логотип

CVE-2020-10696

CVSS3: 8.8
debian
около 5 лет назад

A path traversal flaw was found in Buildah in versions before 1.14.5. ...

rocky логотип

RLSA-2020:1932

rocky
около 5 лет назад

Important: container-tools:rhel8 security update