Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.3423.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:3423-1)
Summary:The remote host is missing an update for the 'buildah' package(s) announced via the SUSE-SU-2020:3423-1 advisory.
Description:Summary:
The remote host is missing an update for the 'buildah' package(s) announced via the SUSE-SU-2020:3423-1 advisory.

Vulnerability Insight:
This update for buildah fixes the following issues:

buildah was updated to v1.17.0 (bsc#1165184):

Handle cases where other tools mount/unmount containers

overlay.MountReadOnly: support RO overlay mounts

overlay: use fusermount for rootless umounts

overlay: fix umount

Switch default log level of Buildah to Warn. Users need to see these
messages

Drop error messages about OCI/Docker format to Warning level

build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2

tests/testreport: adjust for API break in storage v1.23.6

build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7

build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6

copier: put: ignore Typeflag='g'

Use curl to get repo file (fix #2714)

build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0

build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1

Remove docs that refer to bors, since we're not using it

Buildah bud should not use stdin by default

bump containerd, docker, and golang.org/x/sys

Makefile: cross: remove windows.386 target

copier.copierHandlerPut: don't check length when there are errors

Stop excessive wrapping

CI: require that conformance tests pass

bump(github.com/openshift/imagebuilder) to v1.1.8

Skip tlsVerify insecure BUILD_REGISTRY_SOURCES

Fix build path wrong containers/podman#7993

refactor pullpolicy to avoid deps

build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0

CI: run gating tasks with a lot more memory

ADD and COPY: descend into excluded directories, sometimes

copier: add more context to a couple of error messages

copier: check an error earlier

copier: log stderr output as debug on success

Update nix pin with make nixpkgs

Set directory ownership when copied with ID mapping

build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0

build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0

Cirrus: Remove bors artifacts

Sort build flag definitions alphabetically

ADD: only expand archives at the right time

Remove configuration for bors

Shell Completion for podman build flags

Bump c/common to v0.24.0

New CI check: xref --help vs man pages

CI: re-enable several linters

Move --userns-uid-map/--userns-gid-map description into buildah man page

add: preserve ownerships and permissions on ADDed archives

Makefile: tweak the cross-compile target

Bump containers/common to v0.23.0

chroot: create bind mount targets 0755 instead of 0700

Change call to Split() to safer SplitN()

chroot: fix handling of errno seccomp rules

build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0

Add In Progress section to contributing

integration tests: make sure tests run in ${topdir}/tests

Run(): ignore containers.conf's environment configuration

Warn when setting healthcheck in OCI format

Cirrus: Skip git-validate on branches

tools: update git-validation to the ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'buildah' package(s) on SUSE Linux Enterprise Module for Containers 15-SP2, SUSE Linux Enterprise Module for Containers 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-10214
Common Vulnerability Exposure (CVE) ID: CVE-2020-10696
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.