Overview

File _patchinfo of Package patchinfo.25529

<patchinfo incident="25529">
  <issue tracker="bnc" id="1167864">VUL-0: CVE-2020-10696: buildah: crafted input tar file may lead to local file overwriting during image build process</issue>
  <issue tracker="bnc" id="1181961">VUL-0: CVE-2021-20206: cni,podman,cni-plugins: Arbitrary path injection via type field in CNI configuration</issue>
  <issue tracker="bnc" id="1202812">VUL-0: CVE-2022-2990: buildah: possible information disclosure and modification</issue>
  <issue tracker="cve" id="2021-20206"/>
  <issue tracker="cve" id="2020-10696"/>
  <issue tracker="cve" id="2022-2990"/>
  <packager>dancermak</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for buildah</summary>
  <description>This update for buildah fixes the following issues:
  
Buildah was updated to version 1.27.1:

- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker
  to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
  overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places