File _patchinfo of Package patchinfo.25529
<patchinfo incident="25529">
<issue tracker="bnc" id="1167864">VUL-0: CVE-2020-10696: buildah: crafted input tar file may lead to local file overwriting during image build process</issue>
<issue tracker="bnc" id="1181961">VUL-0: CVE-2021-20206: cni,podman,cni-plugins: Arbitrary path injection via type field in CNI configuration</issue>
<issue tracker="bnc" id="1202812">VUL-0: CVE-2022-2990: buildah: possible information disclosure and modification</issue>
<issue tracker="cve" id="2021-20206"/>
<issue tracker="cve" id="2020-10696"/>
<issue tracker="cve" id="2022-2990"/>
<packager>dancermak</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for buildah</summary>
<description>This update for buildah fixes the following issues:
Buildah was updated to version 1.27.1:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker
to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).
</description>
</patchinfo>