Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-1793-01

Red Hat Security Advisory 2022-1793-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Packet Storm
#vulnerability#linux#red_hat#nodejs#js#docker

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: container-tools:3.0 security and bug fix update
Advisory ID: RHSA-2022:1793-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1793
Issue date: 2022-05-10
CVE Names: CVE-2022-27650
=====================================================================

  1. Summary:

An update for the container-tools:3.0 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • crun: Default inheritable capabilities for linux container should be
    empty (CVE-2022-27650)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2034066 - The toolbox in the 3.0 stream does not provide /etc/containers/toolbox.conf
2035227 - 3.0 stable stream: podman run --pid=host command causes OCI permission error
2066845 - CVE-2022-27650 crun: Default inheritable capabilities for linux container should be empty

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
buildah-1.19.9-3.module+el8.6.0+14694+4f5132e0.src.rpm
cockpit-podman-29-2.module+el8.6.0+14694+4f5132e0.src.rpm
conmon-2.0.26-1.module+el8.6.0+14694+4f5132e0.src.rpm
container-selinux-2.178.0-2.module+el8.6.0+14694+4f5132e0.src.rpm
containernetworking-plugins-0.9.1-1.module+el8.6.0+14694+4f5132e0.src.rpm
criu-3.15-1.module+el8.6.0+14694+4f5132e0.src.rpm
crun-0.18-3.module+el8.6.0+14694+4f5132e0.src.rpm
fuse-overlayfs-1.4.0-2.module+el8.6.0+14694+4f5132e0.src.rpm
libslirp-4.3.1-1.module+el8.6.0+14694+4f5132e0.src.rpm
oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14694+4f5132e0.src.rpm
podman-3.0.1-8.module+el8.6.0+14694+4f5132e0.src.rpm
runc-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.src.rpm
skopeo-1.2.4-1.module+el8.6.0+14694+4f5132e0.src.rpm
slirp4netns-1.1.8-1.module+el8.6.0+14694+4f5132e0.src.rpm
toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.src.rpm
udica-0.2.4-1.module+el8.6.0+14694+4f5132e0.src.rpm

aarch64:
buildah-1.19.9-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
buildah-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
buildah-debugsource-1.19.9-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
buildah-tests-1.19.9-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
conmon-2.0.26-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
conmon-debuginfo-2.0.26-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
conmon-debugsource-2.0.26-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
containernetworking-plugins-0.9.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
crit-3.15-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
criu-3.15-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
criu-debuginfo-3.15-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
criu-debugsource-3.15-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
crun-0.18-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
crun-debuginfo-0.18-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
crun-debugsource-0.18-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
fuse-overlayfs-1.4.0-2.module+el8.6.0+14694+4f5132e0.aarch64.rpm
fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14694+4f5132e0.aarch64.rpm
fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14694+4f5132e0.aarch64.rpm
libslirp-4.3.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
libslirp-debuginfo-4.3.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
libslirp-debugsource-4.3.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
libslirp-devel-4.3.1-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-catatonit-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-catatonit-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-debugsource-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-plugins-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-plugins-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-remote-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-remote-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
podman-tests-3.0.1-8.module+el8.6.0+14694+4f5132e0.aarch64.rpm
python3-criu-3.15-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
runc-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.aarch64.rpm
runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.aarch64.rpm
runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.aarch64.rpm
skopeo-1.2.4-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
skopeo-debuginfo-1.2.4-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
skopeo-debugsource-1.2.4-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
skopeo-tests-1.2.4-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
slirp4netns-1.1.8-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm
toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.aarch64.rpm

noarch:
cockpit-podman-29-2.module+el8.6.0+14694+4f5132e0.noarch.rpm
container-selinux-2.178.0-2.module+el8.6.0+14694+4f5132e0.noarch.rpm
podman-docker-3.0.1-8.module+el8.6.0+14694+4f5132e0.noarch.rpm
udica-0.2.4-1.module+el8.6.0+14694+4f5132e0.noarch.rpm

ppc64le:
buildah-1.19.9-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
buildah-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
buildah-debugsource-1.19.9-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
buildah-tests-1.19.9-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
conmon-2.0.26-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
conmon-debuginfo-2.0.26-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
conmon-debugsource-2.0.26-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
containernetworking-plugins-0.9.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
crit-3.15-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
criu-3.15-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
criu-debuginfo-3.15-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
criu-debugsource-3.15-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
crun-0.18-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
crun-debuginfo-0.18-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
crun-debugsource-0.18-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
fuse-overlayfs-1.4.0-2.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
libslirp-4.3.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
libslirp-debuginfo-4.3.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
libslirp-debugsource-4.3.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
libslirp-devel-4.3.1-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-catatonit-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-catatonit-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-debugsource-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-plugins-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-plugins-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-remote-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-remote-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
podman-tests-3.0.1-8.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
python3-criu-3.15-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
runc-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
skopeo-1.2.4-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
skopeo-debuginfo-1.2.4-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
skopeo-debugsource-1.2.4-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
skopeo-tests-1.2.4-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
slirp4netns-1.1.8-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm
toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.ppc64le.rpm

s390x:
buildah-1.19.9-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
buildah-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
buildah-debugsource-1.19.9-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
buildah-tests-1.19.9-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
conmon-2.0.26-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
conmon-debuginfo-2.0.26-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
conmon-debugsource-2.0.26-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
containernetworking-plugins-0.9.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
crit-3.15-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
criu-3.15-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
criu-debuginfo-3.15-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
criu-debugsource-3.15-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
crun-0.18-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
crun-debuginfo-0.18-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
crun-debugsource-0.18-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
fuse-overlayfs-1.4.0-2.module+el8.6.0+14694+4f5132e0.s390x.rpm
fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14694+4f5132e0.s390x.rpm
fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14694+4f5132e0.s390x.rpm
libslirp-4.3.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
libslirp-debuginfo-4.3.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
libslirp-debugsource-4.3.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
libslirp-devel-4.3.1-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-catatonit-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-catatonit-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-debugsource-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-plugins-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-plugins-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-remote-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-remote-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
podman-tests-3.0.1-8.module+el8.6.0+14694+4f5132e0.s390x.rpm
python3-criu-3.15-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
runc-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.s390x.rpm
runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.s390x.rpm
runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.s390x.rpm
skopeo-1.2.4-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
skopeo-debuginfo-1.2.4-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
skopeo-debugsource-1.2.4-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
skopeo-tests-1.2.4-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
slirp4netns-1.1.8-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.s390x.rpm
toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.s390x.rpm

x86_64:
buildah-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
buildah-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
buildah-debugsource-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
buildah-tests-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
conmon-2.0.26-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
conmon-debuginfo-2.0.26-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
conmon-debugsource-2.0.26-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
containernetworking-plugins-0.9.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
crit-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
criu-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
criu-debuginfo-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
criu-debugsource-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
crun-0.18-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
crun-debuginfo-0.18-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
crun-debugsource-0.18-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
fuse-overlayfs-1.4.0-2.module+el8.6.0+14694+4f5132e0.x86_64.rpm
fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14694+4f5132e0.x86_64.rpm
fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14694+4f5132e0.x86_64.rpm
libslirp-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
libslirp-debuginfo-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
libslirp-debugsource-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
libslirp-devel-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-catatonit-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-catatonit-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-debugsource-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-plugins-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-plugins-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-remote-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-remote-debuginfo-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
podman-tests-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm
python3-criu-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
runc-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.x86_64.rpm
runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.x86_64.rpm
runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.x86_64.rpm
skopeo-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
skopeo-debuginfo-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
skopeo-debugsource-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
skopeo-tests-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
slirp4netns-1.1.8-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm
toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-27650
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnqSIdzjgjWX9erEAQjW4hAAgBhH9FbnTDbqQqfjT8NfdhQsLjD6x5iR
WjXThHQOfOkW1c+c3Yfo1wpLrfoU4v18MXl3zFiWqX7uKw24esjBT/z/x1j8kk3A
xxUxX6PRKMwdTld6VFcp36oGVKPHLAKxxuVmg5yoWuNYcoP8yi5X9p4w9GRiJ9VE
LJNJZyREKUKSfzhj27ZluGu2fcVHsl2IvT8b645AelwXzOwwF4HOKClPZX64kPha
wEZ9joRARzfiBKPaIzGhkj+qrPo6IGYF9QikZy2nzzA/xqWvIAPzpIZ2t8+Z8i2N
d3rhNPMsybzt4Xw9wY2OpVEA5/NAF0oHQO9Q/Iwb606aVDiGxyvvZavupx+HZ9ld
5/bK4nniOYfnrA9N1TiNOuCEgoUjf2163VF6x4Qd6VHwd5uyISD2Y1YsohA6Ev2+
xQOLKlcM6umlecXwSsXOhPzgAbhpIltLePer0Q/ZRar1ddD9DpBEnB7u9SkhTLmn
qD4wuov6DmzHoLGd/gNMrxxmjC+QuzcKNSGQVPDO5p+qhFaoPun7MEFs092Qb9Iq
cGi96utFGRgj2aW9HhmIqhksRgAW22KJsomDcvMIoLIVzva93QuPP8ZUTb9xzdkI
CQV02YBgchvIPZJji2Vle5ELB20NZxvgLZt0IyM6eaiRx/y6uG5o60G5lHMs6Yy2
kVT6DrNnwfg=
=kHBK
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

RHSA-2022:1762: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top' * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27650: crun: Default inheritable capabilities for linux container should be empty...

RHSA-2022:1793: Red Hat Security Advisory: container-tools:3.0 security and bug fix update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27650: crun: Default inheritable capabilities for linux container should be empty

CVE-2022-27650: Invalid Bug ID

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6