suse-su-2020:3423-1
Vulnerability from csaf_suse
Published
2020-11-19 15:11
Modified
2020-11-19 15:11
Summary
Security update for buildah
Notes
Title of the patch
Security update for buildah
Description of the patch
This update for buildah fixes the following issues:
buildah was updated to v1.17.0 (bsc#1165184):
* Handle cases where other tools mount/unmount containers
* overlay.MountReadOnly: support RO overlay mounts
* overlay: use fusermount for rootless umounts
* overlay: fix umount
* Switch default log level of Buildah to Warn. Users need to see these messages
* Drop error messages about OCI/Docker format to Warning level
* build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2
* tests/testreport: adjust for API break in storage v1.23.6
* build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7
* build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6
* copier: put: ignore Typeflag='g'
* Use curl to get repo file (fix #2714)
* build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0
* build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1
* Remove docs that refer to bors, since we're not using it
* Buildah bud should not use stdin by default
* bump containerd, docker, and golang.org/x/sys
* Makefile: cross: remove windows.386 target
* copier.copierHandlerPut: don't check length when there are errors
* Stop excessive wrapping
* CI: require that conformance tests pass
* bump(github.com/openshift/imagebuilder) to v1.1.8
* Skip tlsVerify insecure BUILD_REGISTRY_SOURCES
* Fix build path wrong containers/podman#7993
* refactor pullpolicy to avoid deps
* build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0
* CI: run gating tasks with a lot more memory
* ADD and COPY: descend into excluded directories, sometimes
* copier: add more context to a couple of error messages
* copier: check an error earlier
* copier: log stderr output as debug on success
* Update nix pin with make nixpkgs
* Set directory ownership when copied with ID mapping
* build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
* build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0
* Cirrus: Remove bors artifacts
* Sort build flag definitions alphabetically
* ADD: only expand archives at the right time
* Remove configuration for bors
* Shell Completion for podman build flags
* Bump c/common to v0.24.0
* New CI check: xref --help vs man pages
* CI: re-enable several linters
* Move --userns-uid-map/--userns-gid-map description into buildah man page
* add: preserve ownerships and permissions on ADDed archives
* Makefile: tweak the cross-compile target
* Bump containers/common to v0.23.0
* chroot: create bind mount targets 0755 instead of 0700
* Change call to Split() to safer SplitN()
* chroot: fix handling of errno seccomp rules
* build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
* Add In Progress section to contributing
* integration tests: make sure tests run in ${topdir}/tests
* Run(): ignore containers.conf's environment configuration
* Warn when setting healthcheck in OCI format
* Cirrus: Skip git-validate on branches
* tools: update git-validation to the latest commit
* tools: update golangci-lint to v1.18.0
* Add a few tests of push command
* Add(): fix handling of relative paths with no ContextDir
* build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0
* Lint: Use same linters as podman
* Validate: reference HEAD
* Fix buildah mount to display container names not ids
* Update nix pin with make nixpkgs
* Add missing --format option in buildah from man page
* Fix up code based on codespell
* build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7
* build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5
* Improve buildah completions
* Cirrus: Fix validate commit epoch
* Fix bash completion of manifest flags
* Uniform some man pages
* Update Buildah Tutorial to address BZ1867426
* Update bash completion of manifest add sub command
* copier.Get(): hard link targets shouldn't be relative paths
* build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2
* Pass timestamp down to history lines
* Timestamp gets updated everytime you inspect an image
* bud.bats: use absolute paths in newly-added tests
* contrib/cirrus/lib.sh: don't use CN for the hostname
* tests: Add some tests
* Update manifest add man page
* Extend flags of manifest add
* build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4
* build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
* CI: expand cross-compile checks
Update to v1.16.2:
* fix build on 32bit arches
* containerImageRef.NewImageSource(): don't always force timestamps
* Add fuse module warning to image readme
* Heed our retry delay option values when retrying commit/pull/push
* Switch to containers/common for seccomp
* Use --timestamp rather then --omit-timestamp
* docs: remove outdated notice
* docs: remove outdated notice
* build-using-dockerfile: add a hidden --log-rusage flag
* build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
* Discard ReportWriter if user sets options.Quiet
* build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3
* Fix ownership of content copied using COPY --from
* newTarDigester: zero out timestamps in tar headers
* Update nix pin with `make nixpkgs`
* bud.bats: correct .dockerignore integration tests
* Use pipes for copying
* run: include stdout in error message
* run: use the correct error for errors.Wrapf
* copier: un-export internal types
* copier: add Mkdir()
* in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE
* docs/buildah-commit.md: tweak some wording, add a --rm example
* imagebuildah: don’t blank out destination names when COPYing
* Replace retry functions with common/pkg/retry
* StageExecutor.historyMatches: compare timestamps using .Equal
* Update vendor of containers/common
* Fix errors found in coverity scan
* Change namespace handling flags to better match podman commands
* conformance testing: ignore buildah.BuilderIdentityAnnotation labels
* Vendor in containers/storage v1.23.0
* Add buildah.IsContainer interface
* Avoid feeding run_buildah to pipe
* fix(buildahimage): add xz dependency in buildah image
* Bump github.com/containers/common from 0.15.2 to 0.18.0
* Howto for rootless image building from OpenShift
* Add --omit-timestamp flag to buildah bud
* Update nix pin with `make nixpkgs`
* Shutdown storage on failures
* Handle COPY --from when an argument is used
* Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0
* Cirrus: Use newly built VM images
* Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92
* Enhance the .dockerignore man pages
* conformance: add a test for COPY from subdirectory
* fix bug manifest inspct
* Add documentation for .dockerignore
* Add BuilderIdentityAnnotation to identify buildah version
* DOC: Add quay.io/containers/buildah image to README.md
* Update buildahimages readme
* fix spelling mistake in 'info' command result display
* Don't bind /etc/host and /etc/resolv.conf if network is not present
* blobcache: avoid an unnecessary NewImage()
* Build static binary with `buildGoModule`
* copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit
* tarFilterer: handle multiple archives
* Fix a race we hit during conformance tests
* Rework conformance testing
* Update 02-registries-repositories.md
* test-unit: invoke cmd/buildah tests with --flags
* parse: fix a type mismatch in a test
* Fix compilation of tests/testreport/testreport
* build.sh: log the version of Go that we're using
* test-unit: increase the test timeout to 40/45 minutes
* Add the 'copier' package
* Fix & add notes regarding problematic language in codebase
* Add dependency on github.com/stretchr/testify/require
* CompositeDigester: add the ability to filter tar streams
* BATS tests: make more robust
* vendor golang.org/x/text@v0.3.3
* Switch golang 1.12 to golang 1.13
* imagebuildah: wait for stages that might not have even started yet
* chroot, run: not fail on bind mounts from /sys
* chroot: do not use setgroups if it is blocked
* Set engine env from containers.conf
* imagebuildah: return the right stage's image as the 'final' image
* Fix a help string
* Deduplicate environment variables
* switch containers/libpod to containers/podman
* Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3
* Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
* Mask out /sys/dev to prevent information leak
* linux: skip errors from the runtime kill
* Mask over the /sys/fs/selinux in mask branch
* Add VFS additional image store to container
* tests: add auth tests
* Allow 'readonly' as alias to 'ro' in mount options
* Ignore OS X specific consistency mount option
* Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
* Bump github.com/containers/common from 0.14.0 to 0.15.2
* Rootless Buildah should default to IsolationOCIRootless
* imagebuildah: fix inheriting multi-stage builds
* Make imagebuildah.BuildOptions.Architecture/OS optional
* Make imagebuildah.BuildOptions.Jobs optional
* Resolve a possible race in imagebuildah.Executor.startStage()
* Switch scripts to use containers.conf
* Bump openshift/imagebuilder to v1.1.6
* Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5
* buildah, bud: support --jobs=N for parallel execution
* executor: refactor build code inside new function
* Add bud regression tests
* Cirrus: Fix missing htpasswd in registry img
* docs: clarify the 'triples' format
* CHANGELOG.md: Fix markdown formatting
* Add nix derivation for static builds
* Bump to v1.16.0-dev
- Update to v1.15.1
* Mask over the /sys/fs/selinux in mask branch
* chroot: do not use setgroups if it is blocked
* chroot, run: not fail on bind mounts from /sys
* Allow 'readonly' as alias to 'ro' in mount options
* Add VFS additional image store to container
* vendor golang.org/x/text@v0.3.3
* Make imagebuildah.BuildOptions.Architecture/OS optional
Update to v1.15.0:
* Add CVE-2020-10696 to CHANGELOG.md and changelog.txt
* fix lighttpd example
* remove dependency on openshift struct
* Warn on unset build arguments
* vendor: update seccomp/containers-golang to v0.4.1
* Updated docs
* clean up comments
* update exit code for tests
* Implement commit for encryption
* implementation of encrypt/decrypt push/pull/bud/from
* fix resolve docker image name as transport
* Add preliminary profiling support to the CLI
* Evaluate symlinks in build context directory
* fix error info about get signatures for containerImageSource
* Add Security Policy
* Cirrus: Fixes from review feedback
* imagebuildah: stages shouldn't count as their base images
* Update containers/common v0.10.0
* Add registry to buildahimage Dockerfiles
* Cirrus: Use pre-installed VM packages + F32
* Cirrus: Re-enable all distro versions
* Cirrus: Update to F31 + Use cache images
* golangci-lint: Disable gosimple
* Lower number of golangci-lint threads
* Fix permissions on containers.conf
* Don't force tests to use runc
* Return exit code from failed containers
* cgroup_manager should be under [engine]
* Use c/common/pkg/auth in login/logout
* Cirrus: Temporarily disable Ubuntu 19 testing
* Add containers.conf to stablebyhand build
* Update gitignore to exclude test Dockerfiles
* Remove warning for systemd inside of container
Update to v1.14.6:
* Make image history work correctly with new args handling
* Don't add args to the RUN environment from the Builder
Update to v1.14.5:
* Revert FIPS mode change
Update to v1.14.4:
* Update unshare man page to fix script example
* Fix compilation errors on non linux platforms
* Preserve volume uid and gid through subsequent commands
* Fix potential CVE in tarfile w/ symlink
* Fix .dockerignore with globs and ! commands
Update to v1.14.2:
* Search for local runtime per values in containers.conf
* Set correct ownership on working directory
* Improve remote manifest retrieval
* Correct a couple of incorrect format specifiers
* manifest push --format: force an image type, not a list type
* run: adjust the order in which elements are added to $
* getDateAndDigestAndSize(): handle creation time not being set
* Make the commit id clear like Docker
* Show error on copied file above context directory in build
* pull/from/commit/push: retry on most failures
* Repair buildah so it can use containers.conf on the server side
* Fixing formatting & build instructions
* Fix XDG_RUNTIME_DIR for authfile
* Show validation command-line
Update to v1.14.0:
* getDateAndDigestAndSize(): use manifest.Digest
* Touch up os/arch doc
* chroot: handle slightly broken seccomp defaults
* buildahimage: specify fuse-overlayfs mount options
* parse: don't complain about not being able to rename something to itself
* Fix build for 32bit platforms
* Allow users to set OS and architecture on bud
* Fix COPY in containerfile with envvar
* Add --sign-by to bud/commit/push, --remove-signatures for pull/push
* Add support for containers.conf
* manifest push: add --format option
Update to v1.13.1:
* copyFileWithTar: close source files at the right time
* copy: don't digest files that we ignore
* Check for .dockerignore specifically
* Don't setup excludes, if their is only one pattern to match
* set HOME env to /root on chroot-isolation by default
* docs: fix references to containers-*.5
* fix bug Add check .dockerignore COPY file
* buildah bud --volume: run from tmpdir, not source dir
* Fix imageNamePrefix to give consistent names in buildah-from
* cpp: use -traditional and -undef flags
* discard outputs coming from onbuild command on buildah-from --quiet
* make --format columnizing consistent with buildah images
* Fix option handling for volumes in build
* Rework overlay pkg for use with libpod
* Fix buildahimage builds for buildah
* Add support for FIPS-Mode backends
* Set the TMPDIR for pulling/pushing image to $TMPDIR
Update to v1.12.0:
* Allow ADD to use http src
* imgtype: reset storage opts if driver overridden
* Start using containers/common
* overlay.bats typo: fuse-overlays should be fuse-overlayfs
* chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()
* bind: don't complain about missing mountpoints
* imgtype: check earlier for expected manifest type
* Add history names support
Update to v1.11.6:
* Handle missing equal sign in --from and --chown flags for COPY/ADD
* bud COPY does not download URL
* Fix .dockerignore exclude regression
* commit(docker): always set ContainerID and ContainerConfig
* Touch up commit man page image parameter
* Add builder identity annotations.
Update to v1.11.5:
* buildah: add 'manifest' command
* pkg/supplemented: add a package for grouping images together
* pkg/manifests: add a manifest list build/manipulation API
* Update for ErrUnauthorizedForCredentials API change in containers/image
* Update for manifest-lists API changes in containers/image
* version: also note the version of containers/image
* Move to containers/image v5.0.0
* Enable --device directory as src device
* Add clarification to the Tutorial for new users
* Silence 'using cache' to ensure -q is fully quiet
* Move runtime flag to bud from common
* Commit: check for storage.ErrImageUnknown using errors.Cause()
* Fix crash when invalid COPY --from flag is specified.
Update to v1.11.4:
* buildah: add a 'manifest' command
* pkg/manifests: add a manifest list build/manipulation API
* Update for ErrUnauthorizedForCredentials API change in containers/image
* Update for manifest-lists API changes in containers/image
* Move to containers/image v5.0.0
* Enable --device directory as src device
* Add clarification to the Tutorial for new users
* Silence 'using cache' to ensure -q is fully quiet
* Move runtime flag to bud from common
* Commit: check for storage.ErrImageUnknown using errors.Cause()
* Fix crash when invalid COPY --from flag is specified.
Update to v1.11.3:
* Add cgroups2
* Add support for retrieving context from stdin '-'
* Added tutorial on how to include Buildah as library
* Fix --build-args handling
* Print build 'STEP' line to stdout, not stderr
* Use Containerfile by default
Update to v1.11.2:
* Add some cleanup code
* Move devices code to unit specific directory.
Update to v1.11.1:
* Add --devices flag to bud and from
* Add support for /run/.containerenv
* Allow mounts.conf entries for equal source and destination paths
* Fix label and annotation for 1-line Dockerfiles
* Preserve file and directory mount permissions
* Replace --debug=false with --log-level=error
* Set TMPDIR to /var/tmp by default
* Truncate output of too long image names
* Ignore EmptyLayer if Squash is set
Update to v1.11.0:
* Add --digestfile and Re-add push statement as debug
* Add --log-level command line option and deprecate --debug
* Add security-related volume options to validator
* Allow buildah bud to be called without arguments
* Allow to override build date with SOURCE_DATE_EPOCH
* Correctly detect ExitError values from Run()
* Disable empty logrus timestamps to reduce logger noise
* Fix directory pull image names
* Fix handling of /dev/null masked devices
* Fix possible runtime panic on bud
* Update bud/from help to contain indicator for --dns=none
* Update documentation about bud
* Update shebangs to take env into consideration
* Use content digests in ADD/COPY history entries
* add support for cgroupsV2
* add: add a DryRun flag to AddAndCopyOptions
* add: handle hard links when copying with .dockerignore
* add: teach copyFileWithTar() about symlinks and directories
* imagebuilder: fix detection of referenced stage roots
* pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES
* run_linux: fix mounting /sys in a userns
Update to v1.10.1:
* Add automatic apparmor tag discovery
* Add overlayfs to fuse-overlayfs tip
* Bug fix for volume minus syntax
* Bump container/storage v1.13.1 and containers/image v3.0.1
* Bump containers/image to v3.0.2 to fix keyring issue
* Fix bug whereby --get-login has no effect
* Bump github.com/containernetworking/cni to v0.7.1
- Add appamor-pattern requirement
- Update build process to match the latest repository architecture
- Update to v1.10.0
* vendor github.com/containers/image@v3.0.0
* Remove GO111MODULE in favor of -mod=vendor
* Vendor in containers/storage v1.12.16
* Add '-' minus syntax for removal of config values
* tests: enable overlay tests for rootless
* rootless, overlay: use fuse-overlayfs
* vendor github.com/containers/image@v2.0.1
* Added '-' syntax to remove volume config option
* delete successfully pushed message
* Add golint linter and apply fixes
* vendor github.com/containers/storage@v1.12.15
* Change wait to sleep in buildahimage readme
* Handle ReadOnly images when deleting images
* Add support for listing read/only images
* from/import: record the base image's digest, if it has one
* Fix CNI version retrieval to not require network connection
* Add misspell linter and apply fixes
* Add goimports linter and apply fixes
* Add stylecheck linter and apply fixes
* Add unconvert linter and apply fixes
* image: make sure we don't try to use zstd compression
* run.bats: skip the 'z' flag when testing --mount
* Update to runc v1.0.0-rc8
* Update to match updated runtime-tools API
* bump github.com/opencontainers/runtime-tools to v0.9.0
* Build e2e tests using the proper build tags
* Add unparam linter and apply fixes
* Run: correct a typo in the --cap-add help text
* unshare: add a --mount flag
* fix push check image name is not empty
* add: fix slow copy with no excludes
* Add errcheck linter and fix missing error check
* Improve tests/tools/Makefile parallelism and abstraction
* Fix response body not closed resource leak
* Switch to golangci-lint
* Add gomod instructions and mailing list links
* On Masked path, check if /dev/null already mounted before mounting
* Update to containers/storage v1.12.13
* Refactor code in package imagebuildah
* Add rootless podman with NFS issue in documentation
* Add --mount for buildah run
* import method ValidateVolumeOpts from libpod
* Fix typo
* Makefile: set GO111MODULE=off
* rootless: add the built-in slirp DNS server
* Update docker/libnetwork to get rid of outdated sctp package
* Update buildah-login.md
* migrate to go modules
* install.md: mention go modules
* tests/tools: go module for test binaries
* fix --volume splits comma delimited option
* Add bud test for RUN with a priv'd command
* vendor logrus v1.4.2
* pkg/cli: panic when flags can't be hidden
* pkg/unshare: check all errors
* pull: check error during report write
* run_linux.go: ignore unchecked errors
* conformance test: catch copy error
* chroot/run_test.go: export funcs to actually be executed
* tests/imgtype: ignore error when shutting down the store
* testreport: check json error
* bind/util.go: remove unused func
* rm chroot/util.go
* imagebuildah: remove unused dedupeStringSlice
* StageExecutor: EnsureContainerPath: catch error from SecureJoin()
* imagebuildah/build.go: return instead of branching
* rmi: avoid redundant branching
* conformance tests: nilness: allocate map
* imagebuildah/build.go: avoid redundant filepath.Join()
* imagebuildah/build.go: avoid redundant os.Stat()
* imagebuildah: omit comparison to bool
* fix 'ineffectual assignment' lint errors
* docker: ignore 'repeats json tag' lint error
* pkg/unshare: use ... instead of iterating a slice
* conformance: bud test: use raw strings for regexes
* conformance suite: remove unused func/var
* buildah test suite: remove unused vars/funcs
* testreport: fix golangci-lint errors
* util: remove redundant return statement
* chroot: only log clean-up errors
* images_test: ignore golangci-lint error
* blobcache: log error when draining the pipe
* imagebuildah: check errors in deferred calls
* chroot: fix error handling in deferred funcs
* cmd: check all errors
* chroot/run_test.go: check errors
* chroot/run.go: check errors in deferred calls
* imagebuildah.Executor: remove unused onbuild field
* docker/types.go: remove unused struct fields
* util: use strings.ContainsRune instead of index check
* Cirrus: Initial implementation
* buildah-run: fix-out-of-range panic (2)
* Update containers/image to v2.0.0
* run: fix hang with run and --isolation=chroot
* run: fix hang when using run
* chroot: drop unused function call
* remove --> before imgageID on build
* Always close stdin pipe
* Write deny to setgroups when doing single user mapping
* Avoid including linux/memfd.h
* Add a test for the symlink pointing to a directory
* Add missing continue
* Fix the handling of symlinks to absolute paths
* Only set default network sysctls if not rootless
* Support --dns=none like podman
* fix bug --cpu-shares parsing typo
* Fix validate complaint
* Update vendor on containers/storage to v1.12.10
* Create directory paths for COPY thereby ensuring correct perms
* imagebuildah: use a stable sort for comparing build args
* imagebuildah: tighten up cache checking
* bud.bats: add a test verying the order of --build-args
* add -t to podman run
* imagebuildah: simplify screening by top layers
* imagebuildah: handle ID mappings for COPY --from
* imagebuildah: apply additionalTags ourselves
* bud.bats: test additional tags with cached images
* bud.bats: add a test for WORKDIR and COPY with absolute destinations
* Cleanup Overlay Mounts content
* Add support for file secret mounts
* Add ability to skip secrets in mounts file
* allow 32bit builds
* fix tutorial instructions
* imagebuilder: pass the right contextDir to Add()
* add: use fileutils.PatternMatcher for .dockerignore
* bud.bats: add another .dockerignore test
* unshare: fallback to single usermapping
* addHelperSymlink: clear the destination on os.IsExist errors
* bud.bats: test replacing symbolic links
* imagebuildah: fix handling of destinations that end with '/'
* bud.bats: test COPY with a final '/' in the destination
* linux: add check for sysctl before using it
* unshare: set _CONTAINERS_ROOTLESS_GID
* Rework buildahimamges
* build context: support https git repos
* Add a test for ENV special chars behaviour
* Check in new Dockerfiles
* Apply custom SHELL during build time
* config: expand variables only at the command line
* SetEnv: we only need to expand v once
* Add default /root if empty on chroot iso
* Add support for Overlay volumes into the container.
* Export buildah validate volume functions so it can share code with libpod
* Bump baseline test to F30
* Fix rootless handling of /dev/shm size
* Avoid fmt.Printf() in the library
* imagebuildah: tighten cache checking back up
* Handle WORKDIR with dangling target
* Default Authfile to proper path
* Make buildah run --isolation follow BUILDAH_ISOLATION environment
* Vendor in latest containers/storage and containers/image
* getParent/getChildren: handle layerless images
* imagebuildah: recognize cache images for layerless images
* bud.bats: test scratch images with --layers caching
* Get CHANGELOG.md updates
* Add some symlinks to test our .dockerignore logic
* imagebuildah: addHelper: handle symbolic links
* commit/push: use an everything-allowed policy
* Correct manpage formatting in files section
* Remove must be root statement from buildah doc
* Change image names to stable, testing and upstream
* Don't create directory on container
* Replace kubernetes/pause in tests with k8s.gcr.io/pause
* imagebuildah: don't remove intermediate images if we need them
* Rework buildahimagegit to buildahimageupstream
* Fix Transient Mounts
* Handle WORKDIRs that are symlinks
* allow podman to build a client for windows
* Touch up 1.9-dev to 1.9.0-dev
* Resolve symlink when checking container path
* commit: commit on every instruction, but not always with layers
* CommitOptions: drop the unused OnBuild field
* makeImageRef: pass in the whole CommitOptions structure
* cmd: API cleanup: stores before images
* run: check if SELinux is enabled
* Fix buildahimages Dockerfiles to include support for additionalimages mounted from host.
* Detect changes in rootdir
* Fix typo in buildah-pull(1)
* Vendor in latest containers/storage
* Keep track of any build-args used during buildah bud --layers
* commit: always set a parent ID
* imagebuildah: rework unused-argument detection
* fix bug dest path when COPY .dockerignore
* Move Host IDMAppings code from util to unshare
* Add BUILDAH_ISOLATION rootless back
* Travis CI: fail fast, upon error in any step
* imagebuildah: only commit images for intermediate stages if we have to
* Use errors.Cause() when checking for IsNotExist errors
* auto pass http_proxy to container
* imagebuildah: don't leak image structs
* Add Dockerfiles for buildahimages
* Bump to Replace golang 1.10 with 1.12
* add --dns* flags to buildah bud
* Add hack/build_speed.sh test speeds on building container images
* Create buildahimage Dockerfile for Quay
* rename 'is' to 'expect_output'
* squash.bats: test squashing in multi-layered builds
* bud.bats: test COPY --from in a Dockerfile while using the cache
* commit: make target image names optional
* Fix bud-args to allow comma separation
* oops, missed some tests in commit.bats
* new helper: expect_line_count
* New tests for #1467 (string slices in cmdline opts)
* Workarounds for dealing with travis; review feedback
* BATS tests - extensive but minor cleanup
* imagebuildah: defer pulling images for COPY --from
* imagebuildah: centralize COMMIT and image ID output
* Travis: do not use traviswait
* imagebuildah: only initialize imagebuilder configuration once per stage
* Make cleaner error on Dockerfile build errors
* unshare: move to pkg/
* unshare: move some code from cmd/buildah/unshare
* Fix handling of Slices versus Arrays
* imagebuildah: reorganize stage and per-stage logic
* imagebuildah: add empty layers for instructions
* Add missing step in installing into Ubuntu
* fix bug in .dockerignore support
* imagebuildah: deduplicate prepended 'FROM' instructions
* Touch up intro
* commit: set created-by to the shell if it isn't set
* commit: check that we always set a 'created-by'
* docs/buildah.md: add 'containers-' prefixes under 'SEE ALSO'
Update to v1.7.2
* Updates vendored containers/storage to latest version
* rootless: by default use the host network namespace
- Full changelog: https://github.com/containers/buildah/releases/tag/v1.6
Patchnames
SUSE-2020-3423,SUSE-SLE-Module-Containers-15-SP1-2020-3423,SUSE-SLE-Module-Containers-15-SP2-2020-3423
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nbuildah was updated to v1.17.0 (bsc#1165184):\n\n* Handle cases where other tools mount/unmount containers\n* overlay.MountReadOnly: support RO overlay mounts\n* overlay: use fusermount for rootless umounts\n* overlay: fix umount\n* Switch default log level of Buildah to Warn. Users need to see these messages\n* Drop error messages about OCI/Docker format to Warning level\n* build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2\n* tests/testreport: adjust for API break in storage v1.23.6\n* build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7\n* build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6\n* copier: put: ignore Typeflag=\u0027g\u0027\n* Use curl to get repo file (fix #2714)\n* build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0\n* build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1\n* Remove docs that refer to bors, since we\u0027re not using it\n* Buildah bud should not use stdin by default\n* bump containerd, docker, and golang.org/x/sys\n* Makefile: cross: remove windows.386 target\n* copier.copierHandlerPut: don\u0027t check length when there are errors\n* Stop excessive wrapping\n* CI: require that conformance tests pass\n* bump(github.com/openshift/imagebuilder) to v1.1.8\n* Skip tlsVerify insecure BUILD_REGISTRY_SOURCES\n* Fix build path wrong containers/podman#7993\n* refactor pullpolicy to avoid deps\n* build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0\n* CI: run gating tasks with a lot more memory\n* ADD and COPY: descend into excluded directories, sometimes\n* copier: add more context to a couple of error messages\n* copier: check an error earlier\n* copier: log stderr output as debug on success\n* Update nix pin with make nixpkgs\n* Set directory ownership when copied with ID mapping\n* build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0\n* build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0\n* Cirrus: Remove bors artifacts\n* Sort build flag definitions alphabetically\n* ADD: only expand archives at the right time\n* Remove configuration for bors\n* Shell Completion for podman build flags\n* Bump c/common to v0.24.0\n* New CI check: xref --help vs man pages\n* CI: re-enable several linters\n* Move --userns-uid-map/--userns-gid-map description into buildah man page\n* add: preserve ownerships and permissions on ADDed archives\n* Makefile: tweak the cross-compile target\n* Bump containers/common to v0.23.0\n* chroot: create bind mount targets 0755 instead of 0700\n* Change call to Split() to safer SplitN()\n* chroot: fix handling of errno seccomp rules\n* build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0\n* Add In Progress section to contributing\n* integration tests: make sure tests run in ${topdir}/tests\n* Run(): ignore containers.conf\u0027s environment configuration\n* Warn when setting healthcheck in OCI format\n* Cirrus: Skip git-validate on branches\n* tools: update git-validation to the latest commit\n* tools: update golangci-lint to v1.18.0\n* Add a few tests of push command\n* Add(): fix handling of relative paths with no ContextDir\n* build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0\n* Lint: Use same linters as podman\n* Validate: reference HEAD\n* Fix buildah mount to display container names not ids\n* Update nix pin with make nixpkgs\n* Add missing --format option in buildah from man page\n* Fix up code based on codespell\n* build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7\n* build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5\n* Improve buildah completions\n* Cirrus: Fix validate commit epoch\n* Fix bash completion of manifest flags\n* Uniform some man pages\n* Update Buildah Tutorial to address BZ1867426\n* Update bash completion of manifest add sub command\n* copier.Get(): hard link targets shouldn\u0027t be relative paths\n* build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2\n* Pass timestamp down to history lines\n* Timestamp gets updated everytime you inspect an image\n* bud.bats: use absolute paths in newly-added tests\n* contrib/cirrus/lib.sh: don\u0027t use CN for the hostname\n* tests: Add some tests\n* Update manifest add man page\n* Extend flags of manifest add\n* build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4\n* build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1\n* CI: expand cross-compile checks\n\nUpdate to v1.16.2:\n\n* fix build on 32bit arches\n* containerImageRef.NewImageSource(): don\u0027t always force timestamps\n* Add fuse module warning to image readme\n* Heed our retry delay option values when retrying commit/pull/push\n* Switch to containers/common for seccomp\n* Use --timestamp rather then --omit-timestamp\n* docs: remove outdated notice\n* docs: remove outdated notice\n* build-using-dockerfile: add a hidden --log-rusage flag\n* build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2\n* Discard ReportWriter if user sets options.Quiet\n* build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3\n* Fix ownership of content copied using COPY --from\n* newTarDigester: zero out timestamps in tar headers\n* Update nix pin with `make nixpkgs`\n* bud.bats: correct .dockerignore integration tests\n* Use pipes for copying\n* run: include stdout in error message\n* run: use the correct error for errors.Wrapf\n* copier: un-export internal types\n* copier: add Mkdir()\n* in_podman: don\u0027t get tripped up by $CIRRUS_CHANGE_TITLE\n* docs/buildah-commit.md: tweak some wording, add a --rm example\n* imagebuildah: don\u2019t blank out destination names when COPYing\n* Replace retry functions with common/pkg/retry\n* StageExecutor.historyMatches: compare timestamps using .Equal\n* Update vendor of containers/common\n* Fix errors found in coverity scan\n* Change namespace handling flags to better match podman commands\n* conformance testing: ignore buildah.BuilderIdentityAnnotation labels\n* Vendor in containers/storage v1.23.0\n* Add buildah.IsContainer interface\n* Avoid feeding run_buildah to pipe\n* fix(buildahimage): add xz dependency in buildah image\n* Bump github.com/containers/common from 0.15.2 to 0.18.0\n* Howto for rootless image building from OpenShift\n* Add --omit-timestamp flag to buildah bud\n* Update nix pin with `make nixpkgs`\n* Shutdown storage on failures\n* Handle COPY --from when an argument is used\n* Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0\n* Cirrus: Use newly built VM images\n* Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92\n* Enhance the .dockerignore man pages\n* conformance: add a test for COPY from subdirectory\n* fix bug manifest inspct\n* Add documentation for .dockerignore\n* Add BuilderIdentityAnnotation to identify buildah version\n* DOC: Add quay.io/containers/buildah image to README.md\n* Update buildahimages readme\n* fix spelling mistake in \u0027info\u0027 command result display\n* Don\u0027t bind /etc/host and /etc/resolv.conf if network is not present\n* blobcache: avoid an unnecessary NewImage()\n* Build static binary with `buildGoModule`\n* copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit\n* tarFilterer: handle multiple archives\n* Fix a race we hit during conformance tests\n* Rework conformance testing\n* Update 02-registries-repositories.md\n* test-unit: invoke cmd/buildah tests with --flags\n* parse: fix a type mismatch in a test\n* Fix compilation of tests/testreport/testreport\n* build.sh: log the version of Go that we\u0027re using\n* test-unit: increase the test timeout to 40/45 minutes\n* Add the \u0027copier\u0027 package\n* Fix \u0026 add notes regarding problematic language in codebase\n* Add dependency on github.com/stretchr/testify/require\n* CompositeDigester: add the ability to filter tar streams\n* BATS tests: make more robust\n* vendor golang.org/x/text@v0.3.3\n* Switch golang 1.12 to golang 1.13\n* imagebuildah: wait for stages that might not have even started yet\n* chroot, run: not fail on bind mounts from /sys\n* chroot: do not use setgroups if it is blocked\n* Set engine env from containers.conf\n* imagebuildah: return the right stage\u0027s image as the \u0027final\u0027 image\n* Fix a help string\n* Deduplicate environment variables\n* switch containers/libpod to containers/podman\n* Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3\n* Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0\n* Mask out /sys/dev to prevent information leak\n* linux: skip errors from the runtime kill\n* Mask over the /sys/fs/selinux in mask branch\n* Add VFS additional image store to container\n* tests: add auth tests\n* Allow \u0027readonly\u0027 as alias to \u0027ro\u0027 in mount options\n* Ignore OS X specific consistency mount option\n* Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0\n* Bump github.com/containers/common from 0.14.0 to 0.15.2\n* Rootless Buildah should default to IsolationOCIRootless\n* imagebuildah: fix inheriting multi-stage builds\n* Make imagebuildah.BuildOptions.Architecture/OS optional\n* Make imagebuildah.BuildOptions.Jobs optional\n* Resolve a possible race in imagebuildah.Executor.startStage()\n* Switch scripts to use containers.conf\n* Bump openshift/imagebuilder to v1.1.6\n* Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5\n* buildah, bud: support --jobs=N for parallel execution\n* executor: refactor build code inside new function\n* Add bud regression tests\n* Cirrus: Fix missing htpasswd in registry img\n* docs: clarify the \u0027triples\u0027 format\n* CHANGELOG.md: Fix markdown formatting\n* Add nix derivation for static builds\n* Bump to v1.16.0-dev\n\n- Update to v1.15.1\n* Mask over the /sys/fs/selinux in mask branch\n* chroot: do not use setgroups if it is blocked\n* chroot, run: not fail on bind mounts from /sys\n* Allow \u0027readonly\u0027 as alias to \u0027ro\u0027 in mount options\n* Add VFS additional image store to container\n* vendor golang.org/x/text@v0.3.3\n* Make imagebuildah.BuildOptions.Architecture/OS optional\n\nUpdate to v1.15.0:\n\n* Add CVE-2020-10696 to CHANGELOG.md and changelog.txt\n* fix lighttpd example\n* remove dependency on openshift struct\n* Warn on unset build arguments\n* vendor: update seccomp/containers-golang to v0.4.1\n* Updated docs\n* clean up comments\n* update exit code for tests\n* Implement commit for encryption\n* implementation of encrypt/decrypt push/pull/bud/from\n* fix resolve docker image name as transport\n* Add preliminary profiling support to the CLI\n* Evaluate symlinks in build context directory\n* fix error info about get signatures for containerImageSource\n* Add Security Policy\n* Cirrus: Fixes from review feedback\n* imagebuildah: stages shouldn\u0027t count as their base images\n* Update containers/common v0.10.0\n* Add registry to buildahimage Dockerfiles\n* Cirrus: Use pre-installed VM packages + F32\n* Cirrus: Re-enable all distro versions\n* Cirrus: Update to F31 + Use cache images\n* golangci-lint: Disable gosimple\n* Lower number of golangci-lint threads\n* Fix permissions on containers.conf\n* Don\u0027t force tests to use runc\n* Return exit code from failed containers\n* cgroup_manager should be under [engine]\n* Use c/common/pkg/auth in login/logout\n* Cirrus: Temporarily disable Ubuntu 19 testing\n* Add containers.conf to stablebyhand build\n* Update gitignore to exclude test Dockerfiles\n* Remove warning for systemd inside of container\n\nUpdate to v1.14.6:\n\n* Make image history work correctly with new args handling\n* Don\u0027t add args to the RUN environment from the Builder\n\nUpdate to v1.14.5:\n\n* Revert FIPS mode change\n\nUpdate to v1.14.4:\n\n* Update unshare man page to fix script example\n* Fix compilation errors on non linux platforms\n* Preserve volume uid and gid through subsequent commands\n* Fix potential CVE in tarfile w/ symlink\n* Fix .dockerignore with globs and ! commands\n\nUpdate to v1.14.2:\n\n* Search for local runtime per values in containers.conf\n* Set correct ownership on working directory\n* Improve remote manifest retrieval\n* Correct a couple of incorrect format specifiers\n* manifest push --format: force an image type, not a list type\n* run: adjust the order in which elements are added to $\n* getDateAndDigestAndSize(): handle creation time not being set\n* Make the commit id clear like Docker\n* Show error on copied file above context directory in build\n* pull/from/commit/push: retry on most failures\n* Repair buildah so it can use containers.conf on the server side\n* Fixing formatting \u0026 build instructions\n* Fix XDG_RUNTIME_DIR for authfile\n* Show validation command-line\n\nUpdate to v1.14.0:\n\n* getDateAndDigestAndSize(): use manifest.Digest\n* Touch up os/arch doc\n* chroot: handle slightly broken seccomp defaults\n* buildahimage: specify fuse-overlayfs mount options\n* parse: don\u0027t complain about not being able to rename something to itself\n* Fix build for 32bit platforms\n* Allow users to set OS and architecture on bud\n* Fix COPY in containerfile with envvar\n* Add --sign-by to bud/commit/push, --remove-signatures for pull/push\n* Add support for containers.conf\n* manifest push: add --format option\n\nUpdate to v1.13.1:\n\n* copyFileWithTar: close source files at the right time\n* copy: don\u0027t digest files that we ignore\n* Check for .dockerignore specifically\n* Don\u0027t setup excludes, if their is only one pattern to match\n* set HOME env to /root on chroot-isolation by default\n* docs: fix references to containers-*.5\n* fix bug Add check .dockerignore COPY file\n* buildah bud --volume: run from tmpdir, not source dir\n* Fix imageNamePrefix to give consistent names in buildah-from\n* cpp: use -traditional and -undef flags\n* discard outputs coming from onbuild command on buildah-from --quiet\n* make --format columnizing consistent with buildah images\n* Fix option handling for volumes in build\n* Rework overlay pkg for use with libpod\n* Fix buildahimage builds for buildah\n* Add support for FIPS-Mode backends\n* Set the TMPDIR for pulling/pushing image to $TMPDIR\n\nUpdate to v1.12.0:\n\n* Allow ADD to use http src\n* imgtype: reset storage opts if driver overridden\n* Start using containers/common\n* overlay.bats typo: fuse-overlays should be fuse-overlayfs\n* chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()\n* bind: don\u0027t complain about missing mountpoints\n* imgtype: check earlier for expected manifest type\n* Add history names support\n\nUpdate to v1.11.6:\n\n* Handle missing equal sign in --from and --chown flags for COPY/ADD\n* bud COPY does not download URL\n* Fix .dockerignore exclude regression\n* commit(docker): always set ContainerID and ContainerConfig\n* Touch up commit man page image parameter\n* Add builder identity annotations.\n\nUpdate to v1.11.5:\n\n* buildah: add \u0027manifest\u0027 command\n* pkg/supplemented: add a package for grouping images together\n* pkg/manifests: add a manifest list build/manipulation API\n* Update for ErrUnauthorizedForCredentials API change in containers/image\n* Update for manifest-lists API changes in containers/image\n* version: also note the version of containers/image\n* Move to containers/image v5.0.0\n* Enable --device directory as src device\n* Add clarification to the Tutorial for new users\n* Silence \u0027using cache\u0027 to ensure -q is fully quiet\n* Move runtime flag to bud from common\n* Commit: check for storage.ErrImageUnknown using errors.Cause()\n* Fix crash when invalid COPY --from flag is specified.\n\nUpdate to v1.11.4:\n\n* buildah: add a \u0027manifest\u0027 command\n* pkg/manifests: add a manifest list build/manipulation API\n* Update for ErrUnauthorizedForCredentials API change in containers/image\n* Update for manifest-lists API changes in containers/image\n* Move to containers/image v5.0.0\n* Enable --device directory as src device\n* Add clarification to the Tutorial for new users\n* Silence \u0027using cache\u0027 to ensure -q is fully quiet\n* Move runtime flag to bud from common\n* Commit: check for storage.ErrImageUnknown using errors.Cause()\n* Fix crash when invalid COPY --from flag is specified.\n\nUpdate to v1.11.3:\n\n* Add cgroups2\n* Add support for retrieving context from stdin \u0027-\u0027\n* Added tutorial on how to include Buildah as library\n* Fix --build-args handling\n* Print build \u0027STEP\u0027 line to stdout, not stderr\n* Use Containerfile by default\n\nUpdate to v1.11.2:\n\n* Add some cleanup code\n* Move devices code to unit specific directory.\n\nUpdate to v1.11.1:\n\n* Add --devices flag to bud and from\n* Add support for /run/.containerenv\n* Allow mounts.conf entries for equal source and destination paths\n* Fix label and annotation for 1-line Dockerfiles\n* Preserve file and directory mount permissions\n* Replace --debug=false with --log-level=error\n* Set TMPDIR to /var/tmp by default\n* Truncate output of too long image names\n* Ignore EmptyLayer if Squash is set\n\nUpdate to v1.11.0:\n\n* Add --digestfile and Re-add push statement as debug\n* Add --log-level command line option and deprecate --debug\n* Add security-related volume options to validator\n* Allow buildah bud to be called without arguments\n* Allow to override build date with SOURCE_DATE_EPOCH\n* Correctly detect ExitError values from Run()\n* Disable empty logrus timestamps to reduce logger noise\n* Fix directory pull image names\n* Fix handling of /dev/null masked devices\n* Fix possible runtime panic on bud\n* Update bud/from help to contain indicator for --dns=none\n* Update documentation about bud\n* Update shebangs to take env into consideration\n* Use content digests in ADD/COPY history entries\n* add support for cgroupsV2\n* add: add a DryRun flag to AddAndCopyOptions\n* add: handle hard links when copying with .dockerignore\n* add: teach copyFileWithTar() about symlinks and directories\n* imagebuilder: fix detection of referenced stage roots\n* pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES\n* run_linux: fix mounting /sys in a userns\n\n\nUpdate to v1.10.1:\n\n* Add automatic apparmor tag discovery\n* Add overlayfs to fuse-overlayfs tip\n* Bug fix for volume minus syntax\n* Bump container/storage v1.13.1 and containers/image v3.0.1\n* Bump containers/image to v3.0.2 to fix keyring issue\n* Fix bug whereby --get-login has no effect\n* Bump github.com/containernetworking/cni to v0.7.1\n- Add appamor-pattern requirement\n\n- Update build process to match the latest repository architecture\n- Update to v1.10.0\n* vendor github.com/containers/image@v3.0.0\n* Remove GO111MODULE in favor of -mod=vendor\n* Vendor in containers/storage v1.12.16\n* Add \u0027-\u0027 minus syntax for removal of config values\n* tests: enable overlay tests for rootless\n* rootless, overlay: use fuse-overlayfs\n* vendor github.com/containers/image@v2.0.1\n* Added \u0027-\u0027 syntax to remove volume config option\n* delete successfully pushed message\n* Add golint linter and apply fixes\n* vendor github.com/containers/storage@v1.12.15\n* Change wait to sleep in buildahimage readme\n* Handle ReadOnly images when deleting images\n* Add support for listing read/only images\n* from/import: record the base image\u0027s digest, if it has one\n* Fix CNI version retrieval to not require network connection\n* Add misspell linter and apply fixes\n* Add goimports linter and apply fixes\n* Add stylecheck linter and apply fixes\n* Add unconvert linter and apply fixes\n* image: make sure we don\u0027t try to use zstd compression\n* run.bats: skip the \u0027z\u0027 flag when testing --mount\n* Update to runc v1.0.0-rc8\n* Update to match updated runtime-tools API\n* bump github.com/opencontainers/runtime-tools to v0.9.0\n* Build e2e tests using the proper build tags\n* Add unparam linter and apply fixes\n* Run: correct a typo in the --cap-add help text\n* unshare: add a --mount flag\n* fix push check image name is not empty\n* add: fix slow copy with no excludes\n* Add errcheck linter and fix missing error check\n* Improve tests/tools/Makefile parallelism and abstraction\n* Fix response body not closed resource leak\n* Switch to golangci-lint\n* Add gomod instructions and mailing list links\n* On Masked path, check if /dev/null already mounted before mounting\n* Update to containers/storage v1.12.13\n* Refactor code in package imagebuildah\n* Add rootless podman with NFS issue in documentation\n* Add --mount for buildah run\n* import method ValidateVolumeOpts from libpod\n* Fix typo\n* Makefile: set GO111MODULE=off\n* rootless: add the built-in slirp DNS server\n* Update docker/libnetwork to get rid of outdated sctp package\n* Update buildah-login.md\n* migrate to go modules\n* install.md: mention go modules\n* tests/tools: go module for test binaries\n* fix --volume splits comma delimited option\n* Add bud test for RUN with a priv\u0027d command\n* vendor logrus v1.4.2\n* pkg/cli: panic when flags can\u0027t be hidden\n* pkg/unshare: check all errors\n* pull: check error during report write\n* run_linux.go: ignore unchecked errors\n* conformance test: catch copy error\n* chroot/run_test.go: export funcs to actually be executed\n* tests/imgtype: ignore error when shutting down the store\n* testreport: check json error\n* bind/util.go: remove unused func\n* rm chroot/util.go\n* imagebuildah: remove unused dedupeStringSlice\n* StageExecutor: EnsureContainerPath: catch error from SecureJoin()\n* imagebuildah/build.go: return instead of branching\n* rmi: avoid redundant branching\n* conformance tests: nilness: allocate map\n* imagebuildah/build.go: avoid redundant filepath.Join()\n* imagebuildah/build.go: avoid redundant os.Stat()\n* imagebuildah: omit comparison to bool\n* fix \u0027ineffectual assignment\u0027 lint errors\n* docker: ignore \u0027repeats json tag\u0027 lint error\n* pkg/unshare: use ... instead of iterating a slice\n* conformance: bud test: use raw strings for regexes\n* conformance suite: remove unused func/var\n* buildah test suite: remove unused vars/funcs\n* testreport: fix golangci-lint errors\n* util: remove redundant return statement\n* chroot: only log clean-up errors\n* images_test: ignore golangci-lint error\n* blobcache: log error when draining the pipe\n* imagebuildah: check errors in deferred calls\n* chroot: fix error handling in deferred funcs\n* cmd: check all errors\n* chroot/run_test.go: check errors\n* chroot/run.go: check errors in deferred calls\n* imagebuildah.Executor: remove unused onbuild field\n* docker/types.go: remove unused struct fields\n* util: use strings.ContainsRune instead of index check\n* Cirrus: Initial implementation\n* buildah-run: fix-out-of-range panic (2)\n* Update containers/image to v2.0.0\n* run: fix hang with run and --isolation=chroot\n* run: fix hang when using run\n* chroot: drop unused function call\n* remove --\u003e before imgageID on build\n* Always close stdin pipe\n* Write deny to setgroups when doing single user mapping\n* Avoid including linux/memfd.h\n* Add a test for the symlink pointing to a directory\n* Add missing continue\n* Fix the handling of symlinks to absolute paths\n* Only set default network sysctls if not rootless\n* Support --dns=none like podman\n* fix bug --cpu-shares parsing typo\n* Fix validate complaint\n* Update vendor on containers/storage to v1.12.10\n* Create directory paths for COPY thereby ensuring correct perms\n* imagebuildah: use a stable sort for comparing build args\n* imagebuildah: tighten up cache checking\n* bud.bats: add a test verying the order of --build-args\n* add -t to podman run\n* imagebuildah: simplify screening by top layers\n* imagebuildah: handle ID mappings for COPY --from\n* imagebuildah: apply additionalTags ourselves\n* bud.bats: test additional tags with cached images\n* bud.bats: add a test for WORKDIR and COPY with absolute destinations\n* Cleanup Overlay Mounts content\n* Add support for file secret mounts\n* Add ability to skip secrets in mounts file\n* allow 32bit builds\n* fix tutorial instructions\n* imagebuilder: pass the right contextDir to Add()\n* add: use fileutils.PatternMatcher for .dockerignore\n* bud.bats: add another .dockerignore test\n* unshare: fallback to single usermapping\n* addHelperSymlink: clear the destination on os.IsExist errors\n* bud.bats: test replacing symbolic links\n* imagebuildah: fix handling of destinations that end with \u0027/\u0027\n* bud.bats: test COPY with a final \u0027/\u0027 in the destination\n* linux: add check for sysctl before using it\n* unshare: set _CONTAINERS_ROOTLESS_GID\n* Rework buildahimamges\n* build context: support https git repos\n* Add a test for ENV special chars behaviour\n* Check in new Dockerfiles\n* Apply custom SHELL during build time\n* config: expand variables only at the command line\n* SetEnv: we only need to expand v once\n* Add default /root if empty on chroot iso\n* Add support for Overlay volumes into the container.\n* Export buildah validate volume functions so it can share code with libpod\n* Bump baseline test to F30\n* Fix rootless handling of /dev/shm size\n* Avoid fmt.Printf() in the library\n* imagebuildah: tighten cache checking back up\n* Handle WORKDIR with dangling target\n* Default Authfile to proper path\n* Make buildah run --isolation follow BUILDAH_ISOLATION environment\n* Vendor in latest containers/storage and containers/image\n* getParent/getChildren: handle layerless images\n* imagebuildah: recognize cache images for layerless images\n* bud.bats: test scratch images with --layers caching\n* Get CHANGELOG.md updates\n* Add some symlinks to test our .dockerignore logic\n* imagebuildah: addHelper: handle symbolic links\n* commit/push: use an everything-allowed policy\n* Correct manpage formatting in files section\n* Remove must be root statement from buildah doc\n* Change image names to stable, testing and upstream\n* Don\u0027t create directory on container\n* Replace kubernetes/pause in tests with k8s.gcr.io/pause\n* imagebuildah: don\u0027t remove intermediate images if we need them\n* Rework buildahimagegit to buildahimageupstream\n* Fix Transient Mounts\n* Handle WORKDIRs that are symlinks\n* allow podman to build a client for windows\n* Touch up 1.9-dev to 1.9.0-dev\n* Resolve symlink when checking container path\n* commit: commit on every instruction, but not always with layers\n* CommitOptions: drop the unused OnBuild field\n* makeImageRef: pass in the whole CommitOptions structure\n* cmd: API cleanup: stores before images\n* run: check if SELinux is enabled\n* Fix buildahimages Dockerfiles to include support for additionalimages mounted from host.\n* Detect changes in rootdir\n* Fix typo in buildah-pull(1)\n* Vendor in latest containers/storage\n* Keep track of any build-args used during buildah bud --layers\n* commit: always set a parent ID\n* imagebuildah: rework unused-argument detection\n* fix bug dest path when COPY .dockerignore\n* Move Host IDMAppings code from util to unshare\n* Add BUILDAH_ISOLATION rootless back\n* Travis CI: fail fast, upon error in any step\n* imagebuildah: only commit images for intermediate stages if we have to\n* Use errors.Cause() when checking for IsNotExist errors\n* auto pass http_proxy to container\n* imagebuildah: don\u0027t leak image structs\n* Add Dockerfiles for buildahimages\n* Bump to Replace golang 1.10 with 1.12\n* add --dns* flags to buildah bud\n* Add hack/build_speed.sh test speeds on building container images\n* Create buildahimage Dockerfile for Quay\n* rename \u0027is\u0027 to \u0027expect_output\u0027\n* squash.bats: test squashing in multi-layered builds\n* bud.bats: test COPY --from in a Dockerfile while using the cache\n* commit: make target image names optional\n* Fix bud-args to allow comma separation\n* oops, missed some tests in commit.bats\n* new helper: expect_line_count\n* New tests for #1467 (string slices in cmdline opts)\n* Workarounds for dealing with travis; review feedback\n* BATS tests - extensive but minor cleanup\n* imagebuildah: defer pulling images for COPY --from\n* imagebuildah: centralize COMMIT and image ID output\n* Travis: do not use traviswait\n* imagebuildah: only initialize imagebuilder configuration once per stage\n* Make cleaner error on Dockerfile build errors\n* unshare: move to pkg/\n* unshare: move some code from cmd/buildah/unshare\n* Fix handling of Slices versus Arrays\n* imagebuildah: reorganize stage and per-stage logic\n* imagebuildah: add empty layers for instructions\n* Add missing step in installing into Ubuntu\n* fix bug in .dockerignore support\n* imagebuildah: deduplicate prepended \u0027FROM\u0027 instructions\n* Touch up intro\n* commit: set created-by to the shell if it isn\u0027t set\n* commit: check that we always set a \u0027created-by\u0027\n* docs/buildah.md: add \u0027containers-\u0027 prefixes under \u0027SEE ALSO\u0027\n\nUpdate to v1.7.2\n\n* Updates vendored containers/storage to latest version\n* rootless: by default use the host network namespace\n\n- Full changelog: https://github.com/containers/buildah/releases/tag/v1.6\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3423,SUSE-SLE-Module-Containers-15-SP1-2020-3423,SUSE-SLE-Module-Containers-15-SP2-2020-3423",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3423-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3423-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203423-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3423-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007820.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165184",
"url": "https://bugzilla.suse.com/1165184"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10214 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2020-11-19T15:11:49Z",
"generator": {
"date": "2020-11-19T15:11:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3423-1",
"initial_release_date": "2020-11-19T15:11:49Z",
"revision_history": [
{
"date": "2020-11-19T15:11:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.aarch64",
"product": {
"name": "buildah-1.17.0-3.6.1.aarch64",
"product_id": "buildah-1.17.0-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.i586",
"product": {
"name": "buildah-1.17.0-3.6.1.i586",
"product_id": "buildah-1.17.0-3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.ppc64le",
"product": {
"name": "buildah-1.17.0-3.6.1.ppc64le",
"product_id": "buildah-1.17.0-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.s390x",
"product": {
"name": "buildah-1.17.0-3.6.1.s390x",
"product_id": "buildah-1.17.0-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.17.0-3.6.1.x86_64",
"product": {
"name": "buildah-1.17.0-3.6.1.x86_64",
"product_id": "buildah-1.17.0-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64"
},
"product_reference": "buildah-1.17.0-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le"
},
"product_reference": "buildah-1.17.0-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x"
},
"product_reference": "buildah-1.17.0-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64"
},
"product_reference": "buildah-1.17.0-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64"
},
"product_reference": "buildah-1.17.0-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le"
},
"product_reference": "buildah-1.17.0-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x"
},
"product_reference": "buildah-1.17.0-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.17.0-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
},
"product_reference": "buildah-1.17.0-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10214"
}
],
"notes": [
{
"category": "general",
"text": "The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10214",
"url": "https://www.suse.com/security/cve/CVE-2019-10214"
},
{
"category": "external",
"summary": "SUSE Bug 1144065 for CVE-2019-10214",
"url": "https://bugzilla.suse.com/1144065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T15:11:49Z",
"details": "moderate"
}
],
"title": "CVE-2019-10214"
},
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:buildah-1.17.0-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP2:buildah-1.17.0-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T15:11:49Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…