CVE-2021-3602

NameCVE-2021-3602
DescriptionHost environment variables leaked in build container when using chroot isolation
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-containers-buildah (PTS)bullseye, sid1.19.6+dfsg1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-containers-buildahsource(unstable)(unfixed)

Notes

https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main)
https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21)
https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19)

Search for package or bug name: Reporting problems