[RHSA-2022:8008] buildah security and bug fix update
Severity
Moderate
Affected Packages
8
CVEs
7
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
containers/storage: DoS via malicious image (CVE-2021-20291)
golang: net: lookup functions may return invalid host names (CVE-2021-33195)
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
podman: possible information disclosure and modification (CVE-2022-2989)
buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah-tests?arch=x86_64&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah-tests?arch=s390x&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah-tests?arch=ppc64le&distro=redhat-9
|
< 1.27.0-2.el9 |
|
pkg:rpm/redhat/buildah-tests?arch=aarch64&distro=redhat-9
|
< 1.27.0-2.el9 |
- ID
- RHSA-2022:8008
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2022:8008
- Published
-
2022-11-15T00:00:00
(22 months ago) - Modified
-
2022-11-15T00:00:00
(22 months ago) - Rights
- Copyright 2022 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2021-1527
-
ALAS-2022-1635
-
ALAS-2023-1825
-
ALAS2-2022-1830
-
ALAS2-2022-1846
-
ALAS2-2022-1847
-
ALAS2-2022-1858
-
ALAS2-2022-1859
-
ALAS2-2022-1860
-
ALAS2-2022-1861
-
ALAS2-2022-1862
-
ALAS2-2022-1863
-
ALAS2-2022-1864
-
ALAS2-2022-1865
-
ALAS2-2023-2238
-
ALBA-2022:0348
-
ALPINE:CVE-2021-33195
-
ALPINE:CVE-2021-33197
-
ALPINE:CVE-2021-33198
-
ALPINE:CVE-2022-27191
-
ALPINE:CVE-2022-2989
-
ALPINE:CVE-2022-2990
-
ALSA-2021:4154
-
ALSA-2021:4156
-
ALSA-2021:4226
-
ALSA-2022:7469
-
ALSA-2022:7822
-
ALSA-2022:7954
-
ALSA-2022:7955
-
ALSA-2022:8008
-
ALSA-2022:8431
-
ALSA-2023:2802
-
ASA-202106-42
-
ELSA-2021-4154
-
ELSA-2021-4226
-
ELSA-2022-7457
-
ELSA-2022-7469
-
ELSA-2022-7822
-
ELSA-2022-7954
-
ELSA-2022-7955
-
ELSA-2022-8008
-
ELSA-2022-8431
-
ELSA-2023-2802
-
ELSA-2024-2988
-
FEDORA-2021-83b3740389
-
FEDORA-2021-a3703b9dc8
-
FEDORA-2021-c56a213327
-
FEDORA-2021-ec00da7faa
-
FEDORA-2022-08ae2dd481
-
FEDORA-2022-13ad572b5a
-
FEDORA-2022-14712f9699
-
FEDORA-2022-30c5ed5625
-
FEDORA-2022-3969b64d4b
-
FEDORA-2022-3a63897745
-
FEDORA-2022-3e1ade35db
-
FEDORA-2022-4a48180f3f
-
FEDORA-2022-4b5537c44c
-
FEDORA-2022-5038c3236c
-
FEDORA-2022-53e0f427dd
-
FEDORA-2022-5cbd6de569
-
FEDORA-2022-5e637f6cc6
-
FEDORA-2022-5ef0bd9a27
-
FEDORA-2022-6716cd0da2
-
FEDORA-2022-739c7a0058
-
FEDORA-2022-741325e9a0
-
FEDORA-2022-8bf5635efc
-
FEDORA-2022-9986fbb3d7
-
FEDORA-2022-9a9a638d09
-
FEDORA-2022-a4c9009f3e
-
FEDORA-2022-b0bd0219ff
-
FEDORA-2022-ba365d3703
-
FEDORA-2022-c87047f163
-
FEDORA-2022-d37fb34309
-
FEDORA-2022-e674d52438
-
FEDORA-2022-ea8f4e232d
-
FEDORA-2022-fae3ecee19
-
FEDORA-2023-e8c27ba884
-
FEDORA-2024-80e062d21a
-
FEDORA-2024-9cc0e0c63e
-
FEDORA-2024-d652859efb
-
FREEBSD:079B3641-C4BD-11EB-A22A-693F0544AE52
-
GLSA-202208-02
-
GLSA-202407-12
-
GO-2021-0100
-
GO-2021-0239
-
GO-2021-0241
-
GO-2021-0242
-
GO-2021-0356
-
GO-2022-1008
-
openSUSE-SU-2021:0950-1
-
openSUSE-SU-2021:2186-1
-
openSUSE-SU-2021:2214-1
-
RHBA-2022:0348
-
RHSA-2021:4154
-
RHSA-2021:4156
-
RHSA-2021:4226
-
RHSA-2022:7457
-
RHSA-2022:7469
-
RHSA-2022:7822
-
RHSA-2022:7954
-
RHSA-2022:7955
-
RHSA-2022:8431
-
RHSA-2023:2802
-
RHSA-2024:2988
-
RLBA-2022:0348
-
RLSA-2021:4154
-
RLSA-2022:7457
-
RLSA-2022:7469
-
RLSA-2022:7822
-
SUSE-SU-2021:2186-1
-
SUSE-SU-2021:2214-1
-
SUSE-SU-2022:1507-1
-
SUSE-SU-2022:1689-1
-
SUSE-SU-2022:2834-1
-
SUSE-SU-2022:2839-1
-
SUSE-SU-2022:2839-2
-
SUSE-SU-2022:3312-1
-
SUSE-SU-2022:3655-1
-
SUSE-SU-2022:3766-1
-
SUSE-SU-2022:3819-1
-
SUSE-SU-2022:3820-1
-
SUSE-SU-2022:4349-1
-
SUSE-SU-2022:4350-1
-
SUSE-SU-2022:4409-1
-
SUSE-SU-2022:4463-1
-
SUSE-SU-2023:0187-1
-
SUSE-SU-2023:0326-1
-
SUSE-SU-2023:2183-1
-
SUSE-SU-2023:2185-1
-
SUSE-SU-2023:2187-1
-
SUSE-SU-2023:2579-1
-
SUSE-SU-2023:4099-1
-
SUSE-SU-2024:0191-1
-
USN-6295-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1939485 |
|
|
| Bugzilla | 1989564 |
|
|
| Bugzilla | 1989570 |
|
|
| Bugzilla | 1989575 |
|
|
| Bugzilla | 2064702 |
|
|
| Bugzilla | 2121445 |
|
|
| Bugzilla | 2121453 |
|
|
| RHSA | RHSA-2022:8008 |
|
|
| CVE | CVE-2021-20291 |
|
|
| CVE | CVE-2021-33195 |
|
|
| CVE | CVE-2021-33197 |
|
|
| CVE | CVE-2021-33198 |
|
|
| CVE | CVE-2022-27191 |
|
|
| CVE | CVE-2022-2989 |
|
|
| CVE | CVE-2022-2990 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-9 | redhat |
buildah
|
< 1.27.0-2.el9 | redhat-9 | x86_64 | |
| Affected | pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-9 | redhat |
buildah
|
< 1.27.0-2.el9 | redhat-9 | s390x | |
| Affected | pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-9 | redhat |
buildah
|
< 1.27.0-2.el9 | redhat-9 | ppc64le | |
| Affected | pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-9 | redhat |
buildah
|
< 1.27.0-2.el9 | redhat-9 | aarch64 | |
| Affected | pkg:rpm/redhat/buildah-tests?arch=x86_64&distro=redhat-9 | redhat |
buildah-tests
|
< 1.27.0-2.el9 | redhat-9 | x86_64 | |
| Affected | pkg:rpm/redhat/buildah-tests?arch=s390x&distro=redhat-9 | redhat |
buildah-tests
|
< 1.27.0-2.el9 | redhat-9 | s390x | |
| Affected | pkg:rpm/redhat/buildah-tests?arch=ppc64le&distro=redhat-9 | redhat |
buildah-tests
|
< 1.27.0-2.el9 | redhat-9 | ppc64le | |
| Affected | pkg:rpm/redhat/buildah-tests?arch=aarch64&distro=redhat-9 | redhat |
buildah-tests
|
< 1.27.0-2.el9 | redhat-9 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |