SECURITY: Fedora 34 Update: buildah-1.21.4-4.fc34
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-440e34200c
2021-08-02 01:02:57.308399
--------------------------------------------------------------------------------
Name : buildah
Product : Fedora 34
Version : 1.21.4
Release : 4.fc34
URL : https://buildah.io
Summary : A command line tool used for creating OCI Images
Description :
The buildah package provides a command line tool which can be used to
* create a working container from scratch
or
* create a working container from an image as a starting point
* mount/umount a working container's root file system for manipulation
* save container's root file system layer to create a new image
* delete a working container or an image
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-3602
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-4
- ensure consistent version-release and changelog
* Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-1
- bump to v1.21.4
- fix gating test issues
* Thu Jul 22 2021 Lokesh Mandvekar - 1.21.3-3
- try fix for copy-release
* Thu Jul 22 2021 Eduardo Santiago - 1.21.3-2
- Try to deal with new buildah-copy-helper nightmare
* Fri Jul 16 2021 Lokesh Mandvekar - 1.21.3-1
- Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602
- bump to v1.21.3
* Wed Jun 30 2021 Lokesh Mandvekar - 1.21.2-1
- bump to v1.21.2
* Tue Jun 8 2021 RH Container Bot - 1.21.1-1
- autobuilt v1.21.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1969264 - CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation
https://bugzilla.redhat.com/show_bug.cgi?id=1969264
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-440e34200c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
A buildah security update has been released for Fedora 34.