[ALSA-2022:8008] buildah security and bug fix update
buildah security and bug fix update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
- containers/storage: DoS via malicious image (CVE-2021-20291)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
- podman: possible information disclosure and modification (CVE-2022-2989)
- buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Package | Affected Version |
---|---|
pkg:rpm/almalinux/buildah?arch=x86_64&distro=almalinux-9 | < 1.27.0-2.el9 |
pkg:rpm/almalinux/buildah?arch=aarch64&distro=almalinux-9 | < 1.27.0-2.el9 |
pkg:rpm/almalinux/buildah-tests?arch=x86_64&distro=almalinux-9 | < 1.27.0-2.el9 |
pkg:rpm/almalinux/buildah-tests?arch=aarch64&distro=almalinux-9 | < 1.27.0-2.el9 |
- ID
- ALSA-2022:8008
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2022:8008.html
- Published
-
2022-11-15T00:00:00
(22 months ago) - Modified
-
2022-11-18T05:11:27
(22 months ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
- ALAS-2021-1527
- ALAS-2022-1635
- ALAS-2023-1825
- ALAS2-2022-1830
- ALAS2-2022-1846
- ALAS2-2022-1847
- ALAS2-2022-1858
- ALAS2-2022-1859
- ALAS2-2022-1860
- ALAS2-2022-1861
- ALAS2-2022-1862
- ALAS2-2022-1863
- ALAS2-2022-1864
- ALAS2-2022-1865
- ALAS2-2023-2238
- ALBA-2022:0348
- ALPINE:CVE-2021-33195
- ALPINE:CVE-2021-33197
- ALPINE:CVE-2021-33198
- ALPINE:CVE-2022-27191
- ALPINE:CVE-2022-2989
- ALPINE:CVE-2022-2990
- ALSA-2021:4154
- ALSA-2021:4156
- ALSA-2021:4226
- ALSA-2022:7469
- ALSA-2022:7822
- ALSA-2022:7954
- ALSA-2022:7955
- ALSA-2022:8431
- ALSA-2023:2802
- ASA-202106-42
- ELSA-2021-4154
- ELSA-2021-4226
- ELSA-2022-7457
- ELSA-2022-7469
- ELSA-2022-7822
- ELSA-2022-7954
- ELSA-2022-7955
- ELSA-2022-8008
- ELSA-2022-8431
- ELSA-2023-2802
- ELSA-2024-2988
- FEDORA-2021-83b3740389
- FEDORA-2021-a3703b9dc8
- FEDORA-2021-c56a213327
- FEDORA-2021-ec00da7faa
- FEDORA-2022-08ae2dd481
- FEDORA-2022-13ad572b5a
- FEDORA-2022-14712f9699
- FEDORA-2022-30c5ed5625
- FEDORA-2022-3969b64d4b
- FEDORA-2022-3a63897745
- FEDORA-2022-3e1ade35db
- FEDORA-2022-4a48180f3f
- FEDORA-2022-4b5537c44c
- FEDORA-2022-5038c3236c
- FEDORA-2022-53e0f427dd
- FEDORA-2022-5cbd6de569
- FEDORA-2022-5e637f6cc6
- FEDORA-2022-5ef0bd9a27
- FEDORA-2022-6716cd0da2
- FEDORA-2022-739c7a0058
- FEDORA-2022-741325e9a0
- FEDORA-2022-8bf5635efc
- FEDORA-2022-9986fbb3d7
- FEDORA-2022-9a9a638d09
- FEDORA-2022-a4c9009f3e
- FEDORA-2022-b0bd0219ff
- FEDORA-2022-ba365d3703
- FEDORA-2022-c87047f163
- FEDORA-2022-d37fb34309
- FEDORA-2022-e674d52438
- FEDORA-2022-ea8f4e232d
- FEDORA-2022-fae3ecee19
- FEDORA-2023-e8c27ba884
- FEDORA-2024-80e062d21a
- FEDORA-2024-9cc0e0c63e
- FEDORA-2024-d652859efb
- FREEBSD:079B3641-C4BD-11EB-A22A-693F0544AE52
- GLSA-202208-02
- GLSA-202407-12
- GO-2021-0100
- GO-2021-0239
- GO-2021-0241
- GO-2021-0242
- GO-2021-0356
- GO-2022-1008
- openSUSE-SU-2021:0950-1
- openSUSE-SU-2021:2186-1
- openSUSE-SU-2021:2214-1
- RHBA-2022:0348
- RHSA-2021:4154
- RHSA-2021:4156
- RHSA-2021:4226
- RHSA-2022:7457
- RHSA-2022:7469
- RHSA-2022:7822
- RHSA-2022:7954
- RHSA-2022:7955
- RHSA-2022:8008
- RHSA-2022:8431
- RHSA-2023:2802
- RHSA-2024:2988
- RLBA-2022:0348
- RLSA-2021:4154
- RLSA-2022:7457
- RLSA-2022:7469
- RLSA-2022:7822
- SUSE-SU-2021:2186-1
- SUSE-SU-2021:2214-1
- SUSE-SU-2022:1507-1
- SUSE-SU-2022:1689-1
- SUSE-SU-2022:2834-1
- SUSE-SU-2022:2839-1
- SUSE-SU-2022:2839-2
- SUSE-SU-2022:3312-1
- SUSE-SU-2022:3655-1
- SUSE-SU-2022:3766-1
- SUSE-SU-2022:3819-1
- SUSE-SU-2022:3820-1
- SUSE-SU-2022:4349-1
- SUSE-SU-2022:4350-1
- SUSE-SU-2022:4409-1
- SUSE-SU-2022:4463-1
- SUSE-SU-2023:0187-1
- SUSE-SU-2023:0326-1
- SUSE-SU-2023:2183-1
- SUSE-SU-2023:2185-1
- SUSE-SU-2023:2187-1
- SUSE-SU-2023:2579-1
- SUSE-SU-2023:4099-1
- SUSE-SU-2024:0191-1
- USN-6295-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/buildah?arch=x86_64&distro=almalinux-9 | almalinux | buildah | < 1.27.0-2.el9 | almalinux-9 | x86_64 | |
Affected | pkg:rpm/almalinux/buildah?arch=aarch64&distro=almalinux-9 | almalinux | buildah | < 1.27.0-2.el9 | almalinux-9 | aarch64 | |
Affected | pkg:rpm/almalinux/buildah-tests?arch=x86_64&distro=almalinux-9 | almalinux | buildah-tests | < 1.27.0-2.el9 | almalinux-9 | x86_64 | |
Affected | pkg:rpm/almalinux/buildah-tests?arch=aarch64&distro=almalinux-9 | almalinux | buildah-tests | < 1.27.0-2.el9 | almalinux-9 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |