Red Hat Enterprise Linux 9 update for buildah



Published: 2022-11-15
Risk Medium
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2021-20291
CVE-2021-33195
CVE-2021-33197
CVE-2021-33198
CVE-2022-2989
CVE-2022-2990
CVE-2022-27191
CWE-ID CWE-667
CWE-79
CWE-862
CWE-399
CWE-863
CWE-327
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for ARM 64
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

buildah (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU62797

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20291

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Cross-site scripting

EUVDB-ID: #VU56022

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33195

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of data passed from DNS lookups. A remote attacker can send a specially crafted DNS reqponse and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Missing Authorization

EUVDB-ID: #VU56023

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33197

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to an error in some configurations of ReverseProxy (from net/http/httputil). A remote attacker can drop arbitrary headers and bypass authorization process. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Resource management error

EUVDB-ID: #VU56024

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33198

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method.  A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Incorrect authorization

EUVDB-ID: #VU69290

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2989

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect handling of the supplementary groups in the Podman container engine. A local user with direct access to the affected container where supplementary groups are used can set access permissions and execute a binary code in that container.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Incorrect authorization

EUVDB-ID: #VU69291

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2990

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect handling of the supplementary groups in the Buildah container engine. A local user with direct access to the affected container where supplementary groups are used can set access permissions and execute a binary code in that container.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU62039

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27191

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

buildah (Red Hat package): before 1.27.0-2.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:8008

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###