RHSA-2019:0036-01 -- Redhat source-to-imageID: oval:org.secpod.oval:def:504900 | Date: (C)2021-01-29 (M)2023-02-20 |
Class: PATCH | Family: unix |
Source-to-Image is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image and built source, and is ready to use with the docker run command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more. The following packages have been upgraded to a later upstream version: source-to-image . Security Fix: * source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Michael Hanselmann for reporting this issue.
Platform: |
Red Hat Enterprise Linux 7 |