Headline
Red Hat Security Advisory 2022-7822-01
Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID: RHSA-2022:7822-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7822
Issue date: 2022-11-08
CVE Names: CVE-2022-2989 CVE-2022-2990
====================================================================
- Summary:
An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.
Security Fix(es):
podman: possible information disclosure and modification (CVE-2022-2989)
buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/
(BZ#2125644)(podman image trust) does not support the new trust type "sigstoreSigned
" (BZ#2125645)podman kill may deadlock (BZ#2125647)
Error: runc: exec failed: unable to start container process: open
/dev/pts/0: operation not permitted: OCI permission denied [RHEL 8.7]
(BZ#2125648)containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7]
(BZ#2125686)ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0]
(BZ#2129767)Two aardvark-dns instances trying to use the same port on the same
interface. [rhel-8.7.0.z] (netavark) (BZ#2130234)containers config.json gets empty after sudden power loss (BZ#2130236)
PANIC podman API service endpoint handler panic (BZ#2132412)
Podman container got global IPv6 address unexpectedly even when macvlan
network is created for pure IPv4 network (BZ#2133390)Skopeo push image to redhat quay with sigstore was failed (BZ#2136406)
Podman push image to redhat quay with sigstore was failed (BZ#2136433)
Buildah push image to redhat quay with sigstore was failed (BZ#2136438)
Two aardvark-dns instances trying to use the same port on the same
interface. [rhel-8.8] (aardvark-dns) (BZ#2137295)
Enhancement(s):
[RFE]Podman support to perform custom actions on unhealthy containers
(BZ#2130911)[RFE] python-podman: Podman support to perform custom actions on
unhealthy containers (BZ#2132360)Podman volume plugin timeout should be configurable (BZ#2132992)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2121445 - CVE-2022-2989 podman: possible information disclosure and modification
2121453 - CVE-2022-2990 buildah: possible information disclosure and modification
2125644 - podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ [rhel-8.7.0.z]
2125645 - (podman image trust) does not support the new trust type "sigstoreSigned " [rhel-8.7.0.z]
2125647 - podman kill may deadlock [rhel-8.7.0.z]
2125648 - Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [RHEL 8.7] [rhel-8.7.0.z]
2125686 - containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7] [rhel-8.7.0.z]
2129767 - ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0]
2130234 - Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark)
2130236 - containers config.json gets empty after sudden power loss [rhel-8.7.0.z]
2130911 - [RFE]Podman support to perform custom actions on unhealthy containers [rhel-8.7.0.z]
2132360 - [RFE] python-podman: Podman support to perform custom actions on unhealthy containers [rhel-8.7.0.z]
2132412 - PANIC podman API service endpoint handler panic [rhel-8.7.0.z]
2132992 - Podman volume plugin timeout should be configurable [rhel-8.7.0.z]
2133390 - Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network [rhel-8.7.0.z]
2136406 - Skopeo push image to redhat quay with sigstore was failed [rhel-8.7.0.z]
2136433 - Podman push image to redhat quay with sigstore was failed [rhel-8.7.0.z]
2136438 - Buildah push image to redhat quay with sigstore was failed [rhel-8.7.0.z]
2137295 - Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) [rhel-8.7.0.z]
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.src.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.src.rpm
cockpit-podman-53-1.module+el8.7.0+17064+3b31f55c.src.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.src.rpm
container-selinux-2.189.0-1.module+el8.7.0+17064+3b31f55c.src.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.src.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.src.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.src.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.src.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.src.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.src.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.src.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.src.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.src.rpm
python-podman-4.2.1-1.module+el8.7.0+17064+3b31f55c.src.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.src.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.src.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.src.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.src.rpm
udica-0.2.6-3.module+el8.7.0+17064+3b31f55c.src.rpm
aarch64:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.aarch64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.aarch64.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.aarch64.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.aarch64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.aarch64.rpm
noarch:
cockpit-podman-53-1.module+el8.7.0+17064+3b31f55c.noarch.rpm
container-selinux-2.189.0-1.module+el8.7.0+17064+3b31f55c.noarch.rpm
podman-docker-4.2.0-4.module+el8.7.0+17064+3b31f55c.noarch.rpm
python3-podman-4.2.1-1.module+el8.7.0+17064+3b31f55c.noarch.rpm
udica-0.2.6-3.module+el8.7.0+17064+3b31f55c.noarch.rpm
ppc64le:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.ppc64le.rpm
s390x:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.s390x.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.s390x.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.s390x.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.s390x.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.s390x.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.s390x.rpm
x86_64:
aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-debugsource-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
buildah-tests-debuginfo-1.27.2-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
containers-common-1-43.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crit-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-debugsource-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crun-1.5-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
crun-debugsource-1.5-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c.x86_64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-catatonit-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-debugsource-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-gvproxy-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-plugins-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-remote-debuginfo-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c.x86_64.rpm
python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c.x86_64.rpm
runc-1.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-debuginfo-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-debugsource-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c.x86_64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-2989
https://access.redhat.com/security/cve/CVE-2022-2990
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2pSIdzjgjWX9erEAQgQig//V6DFERNvymBJxu9aW0I3CKQyZhH0xs/G
9UskUY5W1I8+4CNIOJH7VawYgcFnLgHQF95NwKi/q5a/sZnFoTjP2d1WpsLZeC3U
nSu2jOjlx1vtAOB4jIZ8iVKgImkRnjtd13+5Fvx1Ic36CZzecbLZNyRLHcPD3hah
PN5Bv15bhQbv72IzJRCld1zH8jHirtiRiKMyoSXpE+9ps/2jMIksl+gIdxNx8lTe
LHNkp/KR9CX+1tXlLIT1WFWJGOHw9LEz+t4CzPVi1yQ96ecaks+UjZlQMyMCMRPo
chnoWaR8JBhNLTyVHTS6bfTA1Oopp8MO+a6c1CrCnu4/AtofUV2h5vBD915kCKPg
luKblXuKZlVe2QQhWcgFuEOnwIMe5du7oaEHHsPAuRpLDr94czWZp+E/yi2y62+J
bv6i4oIbP8wn8WQtxRFK9vtB6awN2Uucy6PjqaCyM8W4xUIO5aHC8b+6tSLr6AoN
p+RyXAfD9y8K6behqN0ttfLdkEcFpjMGvTy903jO3o3LafVVHukUiQ9Mr/daoqoQ
V8MD0/n316BNQyvXoslfYoiTarH2GzLdMiGbMfDHhx8oNXMHfhsjO28l+kgH4syB
fc3/L9O2yt9JusI3Q+1t3oE5PiHx2wJWB0b6i41+wK+U+YaNOLDCNwMy4sKyU0e7
QNrruKCRDck=Bji6
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.
Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.
Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.
Red Hat Security Advisory 2022-8431-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.
An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...
Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.