Описание
Security update for buildah
This update for buildah fixes the following issues:
Version update to 1.28.2.
- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).
- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).
Список пакетов
SUSE Linux Enterprise Module for Containers 15 SP4
buildah-1.28.2-150400.3.11.1
openSUSE Leap 15.4
buildah-1.28.2-150400.3.11.1
Ссылки
- Link for SUSE-SU-2022:4349-1
- E-Mail link for SUSE-SU-2022:4349-1
- SUSE Security Ratings
- SUSE Bug 1167864
- SUSE Bug 1202812
- SUSE CVE CVE-2020-10696 page
- SUSE CVE CVE-2022-2990 page
Описание
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
Затронутые продукты
SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1
openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1
Ссылки
- CVE-2020-10696
- SUSE Bug 1167864
Описание
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Затронутые продукты
SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1
openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1
Ссылки
- CVE-2022-2990
- SUSE Bug 1202812