エラータID: AXSA:2020-886:03

Release date: 
Tuesday, November 10, 2020 - 16:59
Affected Channels: 
Asianux Server 7 for x86_64

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

Security Fix(es):

* possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to


Update packages.

Additional Info: 



  1. buildah-1.11.6-12.el7.src.rpm
    MD5: 8ec8e10979b3a85fdd52d3c23de737eb
    SHA-256: f0745eb419c682485350a13148ee811599f54a9a635543b5bee42f57436fef8f
    Size: 9.96 MB

Asianux Server 7 for x86_64
  1. buildah-1.11.6-12.el7.x86_64.rpm
    MD5: 16f30addcb2306b8f8c976fa73c668d1
    SHA-256: 26d2a8c06e9b9addd7d1acb31e5344717c40b8ae61c755c5d1acec03ed5e58b8
    Size: 8.81 MB