Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3480-1

Опубликовано: 30 сент. 2022
Источник: suse-cvrf

Описание

Security update for buildah

This update for buildah fixes the following issues:

  • Updated to version 1.26.0:
    • CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities (bsc#1197870).
    • CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
    • CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).

Список пакетов

SUSE Enterprise Storage 6
buildah-1.25.1-150100.3.13.12
SUSE Enterprise Storage 7
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise Server 15 SP1-BCL
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise Server 15 SP1-LTSS
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise Server 15 SP2-BCL
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise Server 15 SP2-LTSS
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise Server for SAP Applications 15 SP1
buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise Server for SAP Applications 15 SP2
buildah-1.25.1-150100.3.13.12
SUSE Manager Proxy 4.1
buildah-1.25.1-150100.3.13.12
SUSE Manager Retail Branch Server 4.1
buildah-1.25.1-150100.3.13.12
SUSE Manager Server 4.1
buildah-1.25.1-150100.3.13.12

Ссылки

Описание

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Затронутые продукты
SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12
SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12
Ссылки

Описание

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые продукты
SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12
SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12
Ссылки

Описание

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Затронутые продукты
SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12
SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12
Ссылки