[ALSA-2023:2253] Moderate: buildah security and bug fix update
Release date:
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 buildah-1.29.1-1.el9.aarch64.rpm 3ecb136abb148c45a7fea413b6ab4b228bfdb6577d0c43abdf585b0b8dd320fd
aarch64 buildah-tests-1.29.1-1.el9.aarch64.rpm 954dd6a1645923efbce9e241841da2c92ae05f3c270bf0e57ca095c3c2b10bbc
ppc64le buildah-1.29.1-1.el9.ppc64le.rpm d464c3f9e218652ef2ffe72cb073dcc6c0aa3b01f57488252189b6e38ee3b1a5
ppc64le buildah-tests-1.29.1-1.el9.ppc64le.rpm f4407ec2f8c4eb829a655656ecf25787494e9d6824f68f24fdb93a123f2368ed
s390x buildah-1.29.1-1.el9.s390x.rpm 5996606f57a5e8357c89d8f5f274a2d28d1c50e3a6ac393ef3791c24b2e50d9f
s390x buildah-tests-1.29.1-1.el9.s390x.rpm 803a91a19198392e39eb4d11adbd216c241c6aa614e0f8809c6a2f8d4b6fb22d
x86_64 buildah-1.29.1-1.el9.x86_64.rpm 996a11327780b6c638a62ed459d29dbd7b8576673acd8fc100ac35df67caee93
x86_64 buildah-tests-1.29.1-1.el9.x86_64.rpm ef0c18bf71f6ffa80ebdc069c85d5fc694e28a749215cdbb7e8b15c6c3301f10
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.