Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-7822-01

Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

Packet Storm
#vulnerability#mac#linux#red_hat#js#rpm#docker

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID: RHSA-2022:7822-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7822
Issue date: 2022-11-08
CVE Names: CVE-2022-2989 CVE-2022-2990
====================================================================

  1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • podman: possible information disclosure and modification (CVE-2022-2989)

  • buildah: possible information disclosure and modification (CVE-2022-2990)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

  • podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/
    (BZ#2125644)

  • (podman image trust) does not support the new trust type "sigstoreSigned
    " (BZ#2125645)

  • podman kill may deadlock (BZ#2125647)

  • Error: runc: exec failed: unable to start container process: open
    /dev/pts/0: operation not permitted: OCI permission denied [RHEL 8.7]
    (BZ#2125648)

  • containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7]
    (BZ#2125686)

  • ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0]
    (BZ#2129767)

  • Two aardvark-dns instances trying to use the same port on the same
    interface. [rhel-8.7.0.z] (netavark) (BZ#2130234)

  • containers config.json gets empty after sudden power loss (BZ#2130236)

  • PANIC podman API service endpoint handler panic (BZ#2132412)

  • Podman container got global IPv6 address unexpectedly even when macvlan
    network is created for pure IPv4 network (BZ#2133390)

  • Skopeo push image to redhat quay with sigstore was failed (BZ#2136406)

  • Podman push image to redhat quay with sigstore was failed (BZ#2136433)

  • Buildah push image to redhat quay with sigstore was failed (BZ#2136438)

  • Two aardvark-dns instances trying to use the same port on the same
    interface. [rhel-8.8] (aardvark-dns) (BZ#2137295)

Enhancement(s):

  • [RFE]Podman support to perform custom actions on unhealthy containers
    (BZ#2130911)

  • [RFE] python-podman: Podman support to perform custom actions on
    unhealthy containers (BZ#2132360)

  • Podman volume plugin timeout should be configurable (BZ#2132992)

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2121445 - CVE-2022-2989 podman: possible information disclosure and modification
2121453 - CVE-2022-2990 buildah: possible information disclosure and modification
2125644 - podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ [rhel-8.7.0.z]
2125645 - (podman image trust) does not support the new trust type "sigstoreSigned " [rhel-8.7.0.z]
2125647 - podman kill may deadlock [rhel-8.7.0.z]
2125648 - Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [RHEL 8.7] [rhel-8.7.0.z]
2125686 - containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7] [rhel-8.7.0.z]
2129767 - ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0]
2130234 - Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark)
2130236 - containers config.json gets empty after sudden power loss [rhel-8.7.0.z]
2130911 - [RFE]Podman support to perform custom actions on unhealthy containers [rhel-8.7.0.z]
2132360 - [RFE] python-podman: Podman support to perform custom actions on unhealthy containers [rhel-8.7.0.z]
2132412 - PANIC podman API service endpoint handler panic [rhel-8.7.0.z]
2132992 - Podman volume plugin timeout should be configurable [rhel-8.7.0.z]
2133390 - Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network [rhel-8.7.0.z]
2136406 - Skopeo push image to redhat quay with sigstore was failed [rhel-8.7.0.z]
2136433 - Podman push image to redhat quay with sigstore was failed [rhel-8.7.0.z]
2136438 - Buildah push image to redhat quay with sigstore was failed [rhel-8.7.0.z]
2137295 - Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) [rhel-8.7.0.z]

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.src.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.src.rpm
cockpit-podman-53-1.module+el8.7.0+17064+3b31f55c.src.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.src.rpm
container-selinux-2.189.0-1.module+el8.7.0+17064+3b31f55c.src.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.src.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.src.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.src.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.src.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.src.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.src.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.src.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.src.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.src.rpm
python-podman-4.2.1-1.module+el8.7.0+17064+3b31f55c.src.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.src.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.src.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.src.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.src.rpm
udica-0.2.6-3.module+el8.7.0+17064+3b31f55c.src.rpm

aarch64:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.aarch64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm

noarch:
cockpit-podman-53-1.module+el8.7.0+17064+3b31f55c.noarch.rpm
container-selinux-2.189.0-1.module+el8.7.0+17064+3b31f55c.noarch.rpm
podman-docker-4.2.0-4.module+el8.7.0+17064+3b31f55c.noarch.rpm
python3-podman-4.2.1-1.module+el8.7.0+17064+3b31f55c.noarch.rpm
udica-0.2.6-3.module+el8.7.0+17064+3b31f55c.noarch.rpm

ppc64le:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm

s390x:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.s390x.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.s390x.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm

x86_64:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.x86_64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-2989
https://access.redhat.com/security/cve/CVE-2022-2990
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2pSIdzjgjWX9erEAQgQig//V6DFERNvymBJxu9aW0I3CKQyZhH0xs/G
9UskUY5W1I8+4CNIOJH7VawYgcFnLgHQF95NwKi/q5a/sZnFoTjP2d1WpsLZeC3U
nSu2jOjlx1vtAOB4jIZ8iVKgImkRnjtd13+5Fvx1Ic36CZzecbLZNyRLHcPD3hah
PN5Bv15bhQbv72IzJRCld1zH8jHirtiRiKMyoSXpE+9ps/2jMIksl+gIdxNx8lTe
LHNkp/KR9CX+1tXlLIT1WFWJGOHw9LEz+t4CzPVi1yQ96ecaks+UjZlQMyMCMRPo
chnoWaR8JBhNLTyVHTS6bfTA1Oopp8MO+a6c1CrCnu4/AtofUV2h5vBD915kCKPg
luKblXuKZlVe2QQhWcgFuEOnwIMe5du7oaEHHsPAuRpLDr94czWZp+E/yi2y62+J
bv6i4oIbP8wn8WQtxRFK9vtB6awN2Uucy6PjqaCyM8W4xUIO5aHC8b+6tSLr6AoN
p+RyXAfD9y8K6behqN0ttfLdkEcFpjMGvTy903jO3o3LafVVHukUiQ9Mr/daoqoQ
V8MD0/n316BNQyvXoslfYoiTarH2GzLdMiGbMfDHhx8oNXMHfhsjO28l+kgH4syB
fc3/L9O2yt9JusI3Q+1t3oE5PiHx2wJWB0b6i41+wK+U+YaNOLDCNwMy4sKyU0e7
QNrruKCRDck=Bji6
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Gentoo Linux Security Advisory 202407-12

Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.

Ubuntu Security Notice USN-6295-1

Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.

Red Hat Security Advisory 2023-1325-01

Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

Red Hat Security Advisory 2023-1328-01

Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-1327-01

Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.

Red Hat Security Advisory 2023-2802-01

Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2022-8431-01

Red Hat Security Advisory 2022-8431-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-8008-01

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.

RHSA-2022:8431: Red Hat Security Advisory: podman security, bug fix, and enhancement update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification

RHSA-2022:8008: Red Hat Security Advisory: buildah security and bug fix update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...

Red Hat Security Advisory 2022-7457-01

Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.

RHSA-2022:7822: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification

RHSA-2022:7822: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification

RHSA-2022:7457: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...

GHSA-fjm8-m7m6-2fjp: Buildah's incorrect handling of the supplementary groups before v1.27.1 may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

GHSA-4wjj-jwc9-2x96: Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2989: Invalid Bug ID

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Retbleed Fixed in Linux Kernel, Patch Delayed

Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13