buildah-1.11.6-12.el7
エラータID: AXSA:2020-886:03
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-14040
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
Update packages.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
N/A
SRPMS
- buildah-1.11.6-12.el7.src.rpm
MD5: 8ec8e10979b3a85fdd52d3c23de737eb
SHA-256: f0745eb419c682485350a13148ee811599f54a9a635543b5bee42f57436fef8f
Size: 9.96 MB
Asianux Server 7 for x86_64
- buildah-1.11.6-12.el7.x86_64.rpm
MD5: 16f30addcb2306b8f8c976fa73c668d1
SHA-256: 26d2a8c06e9b9addd7d1acb31e5344717c40b8ae61c755c5d1acec03ed5e58b8
Size: 8.81 MB