Overview

File _patchinfo of Package patchinfo.25547

<patchinfo incident="25547">
  <issue tracker="bnc" id="1181961">VUL-0: CVE-2021-20206: cni,podman,cni-plugins: Arbitrary path injection via type field in CNI configuration</issue>
  <issue tracker="bnc" id="1167864">VUL-0: CVE-2020-10696: buildah: crafted input tar file may lead to local file overwriting during image build process</issue>
  <issue tracker="bnc" id="1192999">[Build 150400.1.140] update buildah to v1.21.2+</issue>
  <issue tracker="bnc" id="1197870">VUL-0: CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty</issue>
  <issue tracker="cve" id="2020-10696"/>
  <issue tracker="cve" id="2021-20206"/>
  <issue tracker="cve" id="2022-27651"/>
  <issue tracker="bnc" id="1183043">go compilers need binutils-gold on aarch64 (and armv7)</issue>
  <packager>dancermak</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for buildah</summary>
  <description>This update for buildah fixes the following issues:

- Updated to version 1.26.0:
  - CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities (bsc#1197870).
  - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
  - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places