Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-10696 (GCVE-0-2020-10696)
Vulnerability from cvelistv5 – Published: 2020-03-31 21:01 – Updated: 2024-08-04 11:06
VLAI
EPSS
Summary
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
Severity
8.8 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/containers/buildah/pull/2245 | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2020-10696 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containers/buildah/pull/2245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "buildah",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "Fixed in buildah-1.14.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T21:30:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/buildah/pull/2245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "buildah",
"version": {
"version_data": [
{
"version_value": "Fixed in buildah-1.14.5"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696"
},
{
"name": "https://github.com/containers/buildah/pull/2245",
"refsource": "MISC",
"url": "https://github.com/containers/buildah/pull/2245"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10696",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10696",
"datePublished": "2020-03-31T21:01:22.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:11.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-10696",
"date": "2026-06-14",
"epss": "0.00258",
"percentile": "0.49678"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.14.5\", \"matchCriteriaId\": \"D2DF53D3-40E1-43CD-8BDC-57207CB2F330\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F87326E-0B56-4356-A889-73D026DB1D4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante enga\\u00f1ar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos.\"}]",
"id": "CVE-2020-10696",
"lastModified": "2024-11-21T04:55:52.387",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-03-31T22:15:14.667",
"references": "[{\"url\": \"https://access.redhat.com/security/cve/cve-2020-10696\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containers/buildah/pull/2245\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2020-10696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containers/buildah/pull/2245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-10696\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-03-31T22:15:14.667\",\"lastModified\":\"2024-11-21T04:55:52.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante enga\u00f1ar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.5\",\"matchCriteriaId\":\"D2DF53D3-40E1-43CD-8BDC-57207CB2F330\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/cve-2020-10696\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containers/buildah/pull/2245\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2020-10696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containers/buildah/pull/2245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2022:0770-1
Vulnerability from csaf_suse - Published: 2022-03-09 08:24 - Updated: 2022-03-09 08:24Summary
Security update for buildah
Severity
Moderate
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
buildah was updated to version 1.23.1:
Update to version 1.22.3:
* Update dependencies
* Post-branch commit
* Accept repositories on login/logout
Update to version 1.22.0:
* c/image, c/storage, c/common vendor before Podman 3.3 release
* Proposed patch for 3399 (shadowutils)
* Fix handling of --restore shadow-utils
* runtime-flag (debug) test: handle old & new runc
* Allow dst and destination for target in secret mounts
* Multi-arch: Always push updated version-tagged img
* imagebuildah.stageExecutor.prepare(): remove pseudonym check
* refine dangling filter
* Chown with environment variables not set should fail
* Just restore protections of shadow-utils
* Remove specific kernel version number requirement from install.md
* Multi-arch image workflow: Make steps generic
* chroot: fix environment value leakage to intermediate processes
* Update nix pin with `make nixpkgs`
* buildah source - create and manage source images
* Update cirrus-cron notification GH workflow
* Reuse code from containers/common/pkg/parse
* Cirrus: Freshen VM images
* Fix excludes exception begining with / or ./
* Fix syntax for --manifest example
* vendor containers/common@main
* Cirrus: Drop dependence on fedora-minimal
* Adjust conformance-test error-message regex
* Workaround appearance of differing debug messages
* Cirrus: Install docker from package cache
* Switch rusagelogfile to use options.Out
* Turn stdio back to blocking when command finishes
* Add support for default network creation
* Cirrus: Updates for master->main rename
* Change references from master to main
* Add `--env` and `--workingdir` flags to run command
* [CI:DOCS] buildah bud: spelling --ignore-file requires parameter
* [CI:DOCS] push/pull: clarify supported transports
* Remove unused function arguments
* Create mountOptions for mount command flags
* Extract version command implementation to function
* Add --json flags to `mount` and `version` commands
* copier.Put(): set xattrs after ownership
* buildah add/copy: spelling
* buildah copy and buildah add should support .containerignore
* Remove unused util.StartsWithValidTransport
* Fix documentation of the --format option of buildah push
* Don't use alltransports.ParseImageName with known transports
* man pages: clarify `rmi` removes dangling parents
* [CI:DOCS] Fix links to c/image master branch
* imagebuildah: use the specified logger for logging preprocessing warnings
* Fix copy into workdir for a single file
* Fix docs links due to branch rename
* Update nix pin with `make nixpkgs`
* fix(docs): typo
* Move to v1.22.0-dev
* Fix handling of auth.json file while in a user namespace
* Add rusage-logfile flag to optionally send rusage to a file
* imagebuildah: redo step logging
* Add volumes to make running buildah within a container easier
* Add and use a 'copy' helper instead of podman load/save
* Bump github.com/containers/common from 0.38.4 to 0.39.0
* containerImageRef/containerImageSource: don't buffer uncompressed layers
* containerImageRef(): squashed images have no parent images
* Sync. workflow across skopeo, buildah, and podman
* Bump github.com/containers/storage from 1.31.1 to 1.31.2
* Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
* Bump to v1.21.1-dev [NO TESTS NEEDED]
Patchnames: SUSE-2022-770,SUSE-SLE-Module-Containers-15-SP3-2022-770
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nbuildah was updated to version 1.23.1:\n\nUpdate to version 1.22.3:\n\n* Update dependencies\n* Post-branch commit\n* Accept repositories on login/logout\n\nUpdate to version 1.22.0:\n\n* c/image, c/storage, c/common vendor before Podman 3.3 release\n* Proposed patch for 3399 (shadowutils)\n* Fix handling of --restore shadow-utils\n* runtime-flag (debug) test: handle old \u0026 new runc\n* Allow dst and destination for target in secret mounts\n* Multi-arch: Always push updated version-tagged img\n* imagebuildah.stageExecutor.prepare(): remove pseudonym check\n* refine dangling filter\n* Chown with environment variables not set should fail\n* Just restore protections of shadow-utils\n* Remove specific kernel version number requirement from install.md\n* Multi-arch image workflow: Make steps generic\n* chroot: fix environment value leakage to intermediate processes\n* Update nix pin with `make nixpkgs`\n* buildah source - create and manage source images\n* Update cirrus-cron notification GH workflow\n* Reuse code from containers/common/pkg/parse\n* Cirrus: Freshen VM images\n* Fix excludes exception begining with / or ./\n* Fix syntax for --manifest example\n* vendor containers/common@main\n* Cirrus: Drop dependence on fedora-minimal\n* Adjust conformance-test error-message regex\n* Workaround appearance of differing debug messages\n* Cirrus: Install docker from package cache\n* Switch rusagelogfile to use options.Out\n* Turn stdio back to blocking when command finishes\n* Add support for default network creation\n* Cirrus: Updates for master-\u003emain rename\n* Change references from master to main\n* Add `--env` and `--workingdir` flags to run command\n* [CI:DOCS] buildah bud: spelling --ignore-file requires parameter\n* [CI:DOCS] push/pull: clarify supported transports\n* Remove unused function arguments\n* Create mountOptions for mount command flags\n* Extract version command implementation to function\n* Add --json flags to `mount` and `version` commands\n* copier.Put(): set xattrs after ownership\n* buildah add/copy: spelling\n* buildah copy and buildah add should support .containerignore\n* Remove unused util.StartsWithValidTransport\n* Fix documentation of the --format option of buildah push\n* Don\u0027t use alltransports.ParseImageName with known transports\n* man pages: clarify `rmi` removes dangling parents\n* [CI:DOCS] Fix links to c/image master branch\n* imagebuildah: use the specified logger for logging preprocessing warnings\n* Fix copy into workdir for a single file\n* Fix docs links due to branch rename\n* Update nix pin with `make nixpkgs`\n* fix(docs): typo\n* Move to v1.22.0-dev\n* Fix handling of auth.json file while in a user namespace\n* Add rusage-logfile flag to optionally send rusage to a file\n* imagebuildah: redo step logging\n* Add volumes to make running buildah within a container easier\n* Add and use a \u0027copy\u0027 helper instead of podman load/save\n* Bump github.com/containers/common from 0.38.4 to 0.39.0\n* containerImageRef/containerImageSource: don\u0027t buffer uncompressed layers\n* containerImageRef(): squashed images have no parent images\n* Sync. workflow across skopeo, buildah, and podman\n* Bump github.com/containers/storage from 1.31.1 to 1.31.2\n* Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95\n* Bump to v1.21.1-dev [NO TESTS NEEDED]\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-770,SUSE-SLE-Module-Containers-15-SP3-2022-770",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0770-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0770-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220770-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0770-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010404.html"
},
{
"category": "self",
"summary": "SUSE Bug 1187812",
"url": "https://bugzilla.suse.com/1187812"
},
{
"category": "self",
"summary": "SUSE Bug 1192999",
"url": "https://bugzilla.suse.com/1192999"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10214 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-03-09T08:24:57Z",
"generator": {
"date": "2022-03-09T08:24:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0770-1",
"initial_release_date": "2022-03-09T08:24:57Z",
"revision_history": [
{
"date": "2022-03-09T08:24:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.aarch64",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.aarch64",
"product_id": "buildah-1.23.1-150300.8.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.i586",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.i586",
"product_id": "buildah-1.23.1-150300.8.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.ppc64le",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.ppc64le",
"product_id": "buildah-1.23.1-150300.8.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.s390x",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.s390x",
"product_id": "buildah-1.23.1-150300.8.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.23.1-150300.8.3.1.x86_64",
"product": {
"name": "buildah-1.23.1-150300.8.3.1.x86_64",
"product_id": "buildah-1.23.1-150300.8.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.23.1-150300.8.3.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
},
"product_reference": "buildah-1.23.1-150300.8.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10214"
}
],
"notes": [
{
"category": "general",
"text": "The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10214",
"url": "https://www.suse.com/security/cve/CVE-2019-10214"
},
{
"category": "external",
"summary": "SUSE Bug 1144065 for CVE-2019-10214",
"url": "https://bugzilla.suse.com/1144065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T08:24:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-10214"
},
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T08:24:57Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.23.1-150300.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T08:24:57Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
}
]
}
SUSE-SU-2022:3480-1
Vulnerability from csaf_suse - Published: 2022-09-30 12:50 - Updated: 2022-09-30 12:50Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- Updated to version 1.26.0:
- CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities (bsc#1197870).
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
Patchnames: SUSE-2022-3480,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3480,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3480,SUSE-Storage-6-2022-3480,SUSE-Storage-7-2022-3480
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- Updated to version 1.26.0:\n - CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities (bsc#1197870).\n - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).\n - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3480,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3480,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3480,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3480,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3480,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3480,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3480,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3480,SUSE-Storage-6-2022-3480,SUSE-Storage-7-2022-3480",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3480-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3480-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223480-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3480-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012462.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1183043",
"url": "https://bugzilla.suse.com/1183043"
},
{
"category": "self",
"summary": "SUSE Bug 1192999",
"url": "https://bugzilla.suse.com/1192999"
},
{
"category": "self",
"summary": "SUSE Bug 1197870",
"url": "https://bugzilla.suse.com/1197870"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27651 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27651/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-09-30T12:50:00Z",
"generator": {
"date": "2022-09-30T12:50:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3480-1",
"initial_release_date": "2022-09-30T12:50:00Z",
"revision_history": [
{
"date": "2022-09-30T12:50:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.aarch64",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64",
"product_id": "buildah-1.25.1-150100.3.13.12.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.i586",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.i586",
"product_id": "buildah-1.25.1-150100.3.13.12.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.ppc64le",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le",
"product_id": "buildah-1.25.1-150100.3.13.12.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.s390x",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.s390x",
"product_id": "buildah-1.25.1-150100.3.13.12.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.25.1-150100.3.13.12.x86_64",
"product": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64",
"product_id": "buildah-1.25.1-150100.3.13.12.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.25.1-150100.3.13.12.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64"
},
"product_reference": "buildah-1.25.1-150100.3.13.12.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-30T12:50:00Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-30T12:50:00Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-27651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27651"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27651",
"url": "https://www.suse.com/security/cve/CVE-2022-27651"
},
{
"category": "external",
"summary": "SUSE Bug 1197870 for CVE-2022-27651",
"url": "https://bugzilla.suse.com/1197870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 6:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Enterprise Storage 7:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Proxy 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Retail Branch Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.ppc64le",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.s390x",
"SUSE Manager Server 4.1:buildah-1.25.1-150100.3.13.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-30T12:50:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-27651"
}
]
}
SUSE-SU-2022:3655-1
Vulnerability from csaf_suse - Published: 2022-10-19 10:34 - Updated: 2022-10-19 10:34Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Buildah was updated to version 1.27.1:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker
to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).
Patchnames: SUSE-2022-3655,SUSE-SLE-Module-Containers-15-SP4-2022-3655,openSUSE-SLE-15.4-2022-3655
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n \nBuildah was updated to version 1.27.1:\n\n- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker\n to execute arbitrary binaries on the host (bsc#1181961).\n- CVE-2020-10696: Fixed an issue that could lead to files being\n overwritten during the image building process (bsc#1167864).\n- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3655,SUSE-SLE-Module-Containers-15-SP4-2022-3655,openSUSE-SLE-15.4-2022-3655",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3655-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3655-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223655-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3655-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012578.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-10-19T10:34:23Z",
"generator": {
"date": "2022-10-19T10:34:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3655-1",
"initial_release_date": "2022-10-19T10:34:23Z",
"revision_history": [
{
"date": "2022-10-19T10:34:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.aarch64",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64",
"product_id": "buildah-1.27.1-150400.3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.i586",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.i586",
"product_id": "buildah-1.27.1-150400.3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.ppc64le",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le",
"product_id": "buildah-1.27.1-150400.3.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.s390x",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.s390x",
"product_id": "buildah-1.27.1-150400.3.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.x86_64",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64",
"product_id": "buildah-1.27.1-150400.3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:3766-1
Vulnerability from csaf_suse - Published: 2022-10-26 09:38 - Updated: 2022-10-26 09:38Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote '?' in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow 'err'
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for 'mkdir /'
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty 'foo' label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote '?' in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere
for systems which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file
is required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty 'foo' label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
Patchnames: SUSE-2022-3766,SUSE-SLE-Module-Basesystem-15-SP3-2022-3766,SUSE-SLE-Module-Containers-15-SP3-2022-3766,SUSE-SUSE-MicroOS-5.1-2022-3766,SUSE-SUSE-MicroOS-5.2-2022-3766,openSUSE-Leap-Micro-5.2-2022-3766,openSUSE-SLE-15.3-2022-3766
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).\n- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).\n- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812\n\nBuildah was updated to version 1.27.1:\n\n* run: add container gid to additional groups\n\n- Add fix for CVE-2022-2990 / bsc#1202812\n\n\nUpdate to version 1.27.0:\n\n* Don\u0027t try to call runLabelStdioPipes if spec.Linux is not set\n* build: support filtering cache by duration using --cache-ttl\n* build: support building from commit when using git repo as build context\n* build: clean up git repos correctly when using subdirs\n* integration tests: quote \u0027?\u0027 in shell scripts\n* test: manifest inspect should have OCIv1 annotation\n* vendor: bump to c/common@87fab4b7019a\n* Failure to determine a file or directory should print an error\n* refactor: remove unused CommitOptions from generateBuildOutput\n* stage_executor: generate output for cases with no commit\n* stage_executor, commit: output only if last stage in build\n* Use errors.Is() instead of os.Is{Not,}Exist\n* Minor test tweak for podman-remote compatibility\n* Cirrus: Use the latest imgts container\n* imagebuildah: complain about the right Dockerfile\n* tests: don\u0027t try to wrap `nil` errors\n* cmd/buildah.commitCmd: don\u0027t shadow \u0027err\u0027\n* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig\n* Fix a copy/paste error message\n* Fix a typo in an error message\n* build,cache: support pulling/pushing cache layers to/from remote sources\n* Update vendor of containers/(common, storage, image)\n* Rename chroot/run.go to chroot/run_linux.go\n* Don\u0027t bother telling codespell to skip files that don\u0027t exist\n* Set user namespace defaults correctly for the library\n* imagebuildah: optimize cache hits for COPY and ADD instructions\n* Cirrus: Update VM images w/ updated bats\n* docs, run: show SELinux label flag for cache and bind mounts\n* imagebuildah, build: remove undefined concurrent writes\n* bump github.com/opencontainers/runtime-tools\n* Add FreeBSD support for \u0027buildah info\u0027\n* Vendor in latest containers/(storage, common, image)\n* Add freebsd cross build targets\n* Make the jail package build on 32bit platforms\n* Cirrus: Ensure the build-push VM image is labeled\n* GHA: Fix dynamic script filename\n* Vendor in containers/(common, storage, image)\n* Run codespell\n* Remove import of github.com/pkg/errors\n* Avoid using cgo in pkg/jail\n* Rename footypes to fooTypes for naming consistency\n* Move cleanupTempVolumes and cleanupRunMounts to run_common.go\n* Make the various run mounts work for FreeBSD\n* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go\n* Move runSetupRunMounts to run_common.go\n* Move cleanableDestinationListFromMounts to run_common.go\n* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD\n* Move setupMounts and runSetupBuiltinVolumes to run_common.go\n* Tidy up - runMakeStdioPipe can\u0027t be shared with linux\n* Move runAcceptTerminal to run_common.go\n* Move stdio copying utilities to run_common.go\n* Move runUsingRuntime and runCollectOutput to run_common.go\n* Move fileCloser, waitForSync and contains to run_common.go\n* Move checkAndOverrideIsolationOptions to run_common.go\n* Move DefaultNamespaceOptions to run_common.go\n* Move getNetworkInterface to run_common.go\n* Move configureEnvironment to run_common.go\n* Don\u0027t crash in configureUIDGID if Process.Capabilities is nil\n* Move configureUIDGID to run_common.go\n* Move runLookupPath to run_common.go\n* Move setupTerminal to run_common.go\n* Move etc file generation utilities to run_common.go\n* Add run support for FreeBSD\n* Add a simple FreeBSD jail library\n* Add FreeBSD support to pkg/chrootuser\n* Sync call signature for RunUsingChroot with chroot/run.go\n* test: verify feature to resolve basename with args\n* vendor: bump openshift/imagebuilder to master@4151e43\n* GHA: Remove required reserved-name use\n* buildah: set XDG_RUNTIME_DIR before setting default runroot\n* imagebuildah: honor build output even if build container is not commited\n* chroot: honor DefaultErrnoRet\n* [CI:DOCS] improve pull-policy documentation\n* tests: retrofit test since --file does not supports dir\n* Switch to golang native error wrapping\n* BuildDockerfiles: error out if path to containerfile is a directory\n* define.downloadToDirectory: fail early if bad HTTP response\n* GHA: Allow re-use of Cirrus-Cron fail-mail workflow\n* add: fail on bad http response instead of writing to container\n* [CI:DOCS] Update buildahimage comment\n* lint: inspectable is never nil\n* vendor: c/common to common@7e1563b\n* build: support OCI hooks for ephemeral build containers\n* [CI:BUILD] Install latest buildah instead of compiling\n* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]\n* Make sure cpp is installed in buildah images\n* demo: use unshare for rootless invocations\n* buildah.spec.rpkg: initial addition\n* build: fix test for subid 4\n* build, userns: add support for --userns=auto\n* Fix building upstream buildah image\n* Remove redundant buildahimages-are-sane validation\n* Docs: Update multi-arch buildah images readme\n* Cirrus: Migrate multiarch build off github actions\n* retrofit-tests: we skip unused stages so use stages\n* stage_executor: dont rely on stage while looking for additional-context\n* buildkit, multistage: skip computing unwanted stages\n* More test cleanup\n* copier: work around freebsd bug for \u0027mkdir /\u0027\n* Replace $BUILDAH_BINARY with buildah() function\n* Fix up buildah images\n* Make util and copier build on FreeBSD\n* Vendor in latest github.com/sirupsen/logrus\n* Makefile: allow building without .git\n* run_unix: don\u0027t return an error from getNetworkInterface\n* run_unix: return a valid DefaultNamespaceOptions\n* Update vendor of containers/storage\n* chroot: use ActKillThread instead of ActKill\n* use resolvconf package from c/common/libnetwork\n* update c/common to latest main\n* copier: add `NoOverwriteNonDirDir` option\n* Sort buildoptions and move cli/build functions to internal\n* Fix TODO: de-spaghettify run mounts\n* Move options parsing out of build.go and into pkg/cli\n* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps\n* build, multiarch: support splitting build logs for --platform\n* [CI:BUILD] WIP Cleanup Image Dockerfiles\n* cli remove stutter\n* docker-parity: ignore sanity check if baseImage history is null\n* build, commit: allow disabling image history with --omit-history\n* Fix use generic/ambiguous DEBUG name\n* Cirrus: use Ubuntu 22.04 LTS\n* Fix codespell errors\n* Remove util.StringInSlice because it is defined in containers/common\n* buildah: add support for renaming a device in rootless setups\n* squash: never use build cache when computing last step of last stage\n* Update vendor of containers/(common, storage, image)\n* buildkit: supports additionalBuildContext in builds via --build-context\n* buildah source pull/push: show progress bar\n* run: allow resuing secret twice in different RUN steps\n* test helpers: default to being rootless-aware\n* Add --cpp-flag flag to buildah build\n* build: accept branch and subdirectory when context is git repo\n* Vendor in latest containers/common\n* vendor: update c/storage and c/image\n* Fix gentoo install docs\n* copier: move NSS load to new process\n* Add test for prevention of reusing encrypted layers\n* Make `buildah build --label foo` create an empty \u0027foo\u0027 label again\n\n\nUpdate to version 1.26.4:\n\n* build, multiarch: support splitting build logs for --platform\n* copier: add `NoOverwriteNonDirDir` option\n* docker-parity: ignore sanity check if baseImage history is null\n* build, commit: allow disabling image history with --omit-history\n* buildkit: supports additionalBuildContext in builds via --build-context\n* Add --cpp-flag flag to buildah build\n\nUpdate to version 1.26.3:\n\n* define.downloadToDirectory: fail early if bad HTTP response\n* add: fail on bad http response instead of writing to container\n* squash: never use build cache when computing last step of last stage\n* run: allow resuing secret twice in different RUN steps\n* integration tests: update expected error messages\n* integration tests: quote \u0027?\u0027 in shell scripts\n* Use errors.Is() to check for storage errors\n* lint: inspectable is never nil\n* chroot: use ActKillThread instead of ActKill\n* chroot: honor DefaultErrnoRet\n* Set user namespace defaults correctly for the library\n* contrib/rpm/buildah.spec: fix `rpm` parser warnings\n\nDrop requires on apparmor pattern, should be moved elsewhere\nfor systems which want AppArmor instead of SELinux.\n\n- Update BuildRequires to libassuan-devel \u003e= 2.5.2, pkgconfig file\n is required to build.\n\nUpdate to version 1.26.2:\n\n* buildah: add support for renaming a device in rootless setups\n\nUpdate to version 1.26.1:\n\n* Make `buildah build --label foo` create an empty \u0027foo\u0027 label again\n* imagebuildah,build: move deepcopy of args before we spawn goroutine\n* Vendor in containers/storage v1.40.2\n* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated\n* help output: get more consistent about option usage text\n* Handle OS version and features flags\n* buildah build: --annotation and --label should remove values\n* buildah build: add a --env\n* buildah: deep copy options.Args before performing concurrent build/stage\n* test: inline platform and builtinargs behaviour\n* vendor: bump imagebuilder to master/009dbc6\n* build: automatically set correct TARGETPLATFORM where expected\n* Vendor in containers/(common, storage, image)\n* imagebuildah, executor: process arg variables while populating baseMap\n* buildkit: add support for custom build output with --output\n* Cirrus: Update CI VMs to F36\n* fix staticcheck linter warning for deprecated function\n* Fix docs build on FreeBSD\n* copier.unwrapError(): update for Go 1.16\n* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit\n* copier.Put(): write to read-only directories\n* Ed\u0027s periodic test cleanup\n* using consistent lowercase \u0027invalid\u0027 word in returned err msg\n* use etchosts package from c/common\n* run: set actual hostname in /etc/hostname to match docker parity\n* Update vendor of containers/(common,storage,image)\n* manifest-create: allow creating manifest list from local image\n* Update vendor of storage,common,image\n* Initialize network backend before first pull\n* oci spec: change special mount points for namespaces\n* tests/helpers.bash: assert handle corner cases correctly\n* buildah: actually use containers.conf settings\n* integration tests: learn to start a dummy registry\n* Fix error check to work on Podman\n* buildah build should accept at most one arg\n* tests: reduce concurrency for flaky bud-multiple-platform-no-run\n* vendor in latest containers/common,image,storage\n* manifest-add: allow override arch,variant while adding image\n* Remove a stray `\\` from .containerenv\n* Vendor in latest opencontainers/selinux v1.10.1\n* build, commit: allow removing default identity labels\n* Create shorter names for containers based on image IDs\n* test: skip rootless on cgroupv2 in root env\n* fix hang when oci runtime fails\n* Set permissions for GitHub actions\n* copier test: use correct UID/GID in test archives\n* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3766,SUSE-SLE-Module-Basesystem-15-SP3-2022-3766,SUSE-SLE-Module-Containers-15-SP3-2022-3766,SUSE-SUSE-MicroOS-5.1-2022-3766,SUSE-SUSE-MicroOS-5.2-2022-3766,openSUSE-Leap-Micro-5.2-2022-3766,openSUSE-SLE-15.3-2022-3766",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3766-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3766-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223766-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3766-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012703.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-10-26T09:38:08Z",
"generator": {
"date": "2022-10-26T09:38:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3766-1",
"initial_release_date": "2022-10-26T09:38:08Z",
"revision_history": [
{
"date": "2022-10-26T09:38:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.aarch64",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64",
"product_id": "buildah-1.27.1-150300.8.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"product_id": "libgpg-error0-1.42-150300.9.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product": {
"name": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product_id": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product": {
"name": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product_id": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.i586",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.i586",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.i586",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.i586",
"product_id": "libgpg-error0-1.42-150300.9.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.ppc64le",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le",
"product_id": "buildah-1.27.1-150300.8.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"product_id": "libgpg-error0-1.42-150300.9.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.s390x",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.s390x",
"product_id": "buildah-1.27.1-150300.8.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.s390x",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x",
"product_id": "libgpg-error0-1.42-150300.9.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.x86_64",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64",
"product_id": "buildah-1.27.1-150300.8.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error0-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:4349-1
Vulnerability from csaf_suse - Published: 2022-12-07 15:15 - Updated: 2022-12-07 15:15Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Version update to 1.28.2.
- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).
- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).
Patchnames: SUSE-2022-4349,SUSE-SLE-Module-Containers-15-SP4-2022-4349,openSUSE-SLE-15.4-2022-4349
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nVersion update to 1.28.2.\n\n- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).\n- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4349,SUSE-SLE-Module-Containers-15-SP4-2022-4349,openSUSE-SLE-15.4-2022-4349",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4349-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4349-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224349-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4349-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013200.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-12-07T15:15:59Z",
"generator": {
"date": "2022-12-07T15:15:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4349-1",
"initial_release_date": "2022-12-07T15:15:59Z",
"revision_history": [
{
"date": "2022-12-07T15:15:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.aarch64",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.aarch64",
"product_id": "buildah-1.28.2-150400.3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.i586",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.i586",
"product_id": "buildah-1.28.2-150400.3.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.ppc64le",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.ppc64le",
"product_id": "buildah-1.28.2-150400.3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.s390x",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.s390x",
"product_id": "buildah-1.28.2-150400.3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150400.3.11.1.x86_64",
"product": {
"name": "buildah-1.28.2-150400.3.11.1.x86_64",
"product_id": "buildah-1.28.2-150400.3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150400.3.11.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
},
"product_reference": "buildah-1.28.2-150400.3.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.28.2-150400.3.11.1.x86_64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.aarch64",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.s390x",
"openSUSE Leap 15.4:buildah-1.28.2-150400.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:15:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:4350-1
Vulnerability from csaf_suse - Published: 2022-12-07 15:16 - Updated: 2022-12-07 15:16Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Version update to 1.28.2.
- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).
- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).
Patchnames: SUSE-2022-4350,SUSE-SLE-Module-Containers-15-SP3-2022-4350,openSUSE-SLE-15.3-2022-4350
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nVersion update to 1.28.2.\n\n- CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).\n- CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4350,SUSE-SLE-Module-Containers-15-SP3-2022-4350,openSUSE-SLE-15.3-2022-4350",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4350-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4350-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224350-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4350-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013201.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-12-07T15:16:30Z",
"generator": {
"date": "2022-12-07T15:16:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4350-1",
"initial_release_date": "2022-12-07T15:16:30Z",
"revision_history": [
{
"date": "2022-12-07T15:16:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.aarch64",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.aarch64",
"product_id": "buildah-1.28.2-150300.8.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.i586",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.i586",
"product_id": "buildah-1.28.2-150300.8.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.ppc64le",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.ppc64le",
"product_id": "buildah-1.28.2-150300.8.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.s390x",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.s390x",
"product_id": "buildah-1.28.2-150300.8.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.28.2-150300.8.14.1.x86_64",
"product": {
"name": "buildah-1.28.2-150300.8.14.1.x86_64",
"product_id": "buildah-1.28.2-150300.8.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.28.2-150300.8.14.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
},
"product_reference": "buildah-1.28.2-150300.8.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:16:30Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.28.2-150300.8.14.1.x86_64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.aarch64",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.s390x",
"openSUSE Leap 15.3:buildah-1.28.2-150300.8.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-07T15:16:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…