Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8431: Red Hat Security Advisory: podman security, bug fix, and enhancement update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2989: podman: possible information disclosure and modification
  • CVE-2022-2990: buildah: possible information disclosure and modification
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#docker

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8431 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: podman security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for podman is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

  • podman: possible information disclosure and modification (CVE-2022-2989)
  • buildah: possible information disclosure and modification (CVE-2022-2990)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2120436)
  • dnf-update broken for podman/catatonit (BZ#2123319)
  • podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2123905)
  • podman kill may deadlock [RHEL 9.1] (BZ#2124716)
  • containers config.json gets empty after sudden power loss (BZ#2136278)
  • PANIC podman API service endpoint handler panic (BZ#2136287)

Enhancement(s):

  • Podman volume plugin timeout should be configurable [rhel-9.1.0 Z] (BZ#2124676)
  • [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2136281)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2120436 - (podman image trust) does not support the new trust type "sigstoreSigned "
  • BZ - 2121445 - CVE-2022-2989 podman: possible information disclosure and modification
  • BZ - 2121453 - CVE-2022-2990 buildah: possible information disclosure and modification
  • BZ - 2123319 - dnf-update broken for podman/catatonit
  • BZ - 2123905 - podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/
  • BZ - 2124676 - Podman volume plugin timeout should be configurable [rhel-9.1.0 Z]
  • BZ - 2124716 - podman kill may deadlock [RHEL 9.1]
  • BZ - 2136278 - containers config.json gets empty after sudden power loss [rhel-9.1.0.z]
  • BZ - 2136281 - [RFE]Podman support to perform custom actions on unhealthy containers [rhel-9.1.0.z]
  • BZ - 2136287 - PANIC podman API service endpoint handler panic [rhel-9.1.0.z]

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

podman-4.2.0-7.el9_1.src.rpm

SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294

x86_64

podman-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 10e434c45e99d2b8401557e25e313d0a2d02ea4d989e18ee8be4e4289cf0ba64

podman-catatonit-4.2.0-7.el9_1.x86_64.rpm

SHA-256: c777877c2b5f3cd69e677a2b250d3019a4d62db79b5a6807eb9ee62e9a033113

podman-catatonit-debuginfo-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 9df194e5dacdb85a99752147ddd134beaef29432b4295c27541274f3fb91a0f6

podman-debuginfo-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 47dd55d0f855631fd6dc5b47030e73ddcee6e09b932fcb66f4289125cfc41c83

podman-debugsource-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 430002aeaea265bee7a70f6b952da7805cdb54e2cd2cbaa969494e74d6159ba7

podman-docker-4.2.0-7.el9_1.noarch.rpm

SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433

podman-gvproxy-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 7bd4788ed5b87d18ad34b3cfe35fb1c94845efc835e28d9085e8cabed69df071

podman-gvproxy-debuginfo-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 5895e80686e891704571fa170dbeadb60312c5665eb4b688ef9bfd1b5f6eb57a

podman-plugins-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 98d196eb8f6c5b1d90da590045dc7aa8464f2b7f92e07f96180dc0b32be869b5

podman-plugins-debuginfo-4.2.0-7.el9_1.x86_64.rpm

SHA-256: a1b862bcc24b80e618e7dead9605bef231350ad12a13a3e79295188e6e05591a

podman-remote-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 817a50083cb13604c81f2ce2b35ffcc1b05678da1392e3f1235fd6a2fd2b9063

podman-remote-debuginfo-4.2.0-7.el9_1.x86_64.rpm

SHA-256: 05d35b7e906a2d302989f45104bbacfe6f7804d3c281d46107922e20d102b8a8

podman-tests-4.2.0-7.el9_1.x86_64.rpm

SHA-256: bd27a08ece434d1b5749c10c845cee7f2c9cdb36e47ebdb993d5accc7c1b8f7d

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

podman-4.2.0-7.el9_1.src.rpm

SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294

s390x

podman-4.2.0-7.el9_1.s390x.rpm

SHA-256: 076aebf1095985805ce68812a3c8602f5260e9ffc8a0b357e33e73ebd8a22071

podman-catatonit-4.2.0-7.el9_1.s390x.rpm

SHA-256: 98170906481deffe29391573f1c23f572dfd6ee9c6d601eaed5e614e70325597

podman-catatonit-debuginfo-4.2.0-7.el9_1.s390x.rpm

SHA-256: f3e54fd4230a531c8e7a16de69f7032e5b9427e054d0b742e4c50d556caeaebf

podman-debuginfo-4.2.0-7.el9_1.s390x.rpm

SHA-256: 5109565ac6017b6b015b28c8901b599d752ef70401291a58d035b4742fb1d539

podman-debugsource-4.2.0-7.el9_1.s390x.rpm

SHA-256: 5decc01c902b7ec1b4e154afafca7207e1a37ce19c7e1e0b0941db11b1735f53

podman-docker-4.2.0-7.el9_1.noarch.rpm

SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433

podman-gvproxy-4.2.0-7.el9_1.s390x.rpm

SHA-256: 15c19ad4314b73f52d0c51b2c2c12cde669389da041bce7465076b899b52e400

podman-gvproxy-debuginfo-4.2.0-7.el9_1.s390x.rpm

SHA-256: de83f414bfadd727cbe55c7d088efa69c7bb9776cdb0539c42eb80a669250951

podman-plugins-4.2.0-7.el9_1.s390x.rpm

SHA-256: 57a3fba67f0730518237cf386e3ff83563b5ca7815bce31d7122d5eebaef92ad

podman-plugins-debuginfo-4.2.0-7.el9_1.s390x.rpm

SHA-256: 9ecac40d6727a864009000a60751305ebe0744bef1402ac81ab7e09d6138a375

podman-remote-4.2.0-7.el9_1.s390x.rpm

SHA-256: 1c8bbaf10e2c8e4117e935d4978cb62b45a5671d9ce0336f34f54e8424e2ea9b

podman-remote-debuginfo-4.2.0-7.el9_1.s390x.rpm

SHA-256: 2d4c242f98797d5395c8a81cbfa2466f996ae6328fa4261ab1dfa1b714500acf

podman-tests-4.2.0-7.el9_1.s390x.rpm

SHA-256: 160f45e48322a46e67eb0d1ade9157a2d75206b50552a5d5b5fb79203a373a34

Red Hat Enterprise Linux for Power, little endian 9

SRPM

podman-4.2.0-7.el9_1.src.rpm

SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294

ppc64le

podman-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: 5af4dfb757c84291a2eb2514560cad28fa602e379818f942488cc999afbeb244

podman-catatonit-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: 07503f94ca7224d6357829059d3d658e1530f98f10097ed6acb3324f176d64f8

podman-catatonit-debuginfo-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: f044a18a4ebfc8c1d94e3cca7f032e095628acc5db02429718884fb8c9f4d5b3

podman-debuginfo-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: aa062d29018bedd587128528284dcb06f8dae4b7cb244866f9f4d58ad66f378f

podman-debugsource-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: b640746c2d1bb1a0461f99bf0ebfd10902ad65e623aa3ca14c47ef60e394c43f

podman-docker-4.2.0-7.el9_1.noarch.rpm

SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433

podman-gvproxy-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: 3982ab59a24714ad1056acc54c2da6e0be3cde4e78a142726055638e846730b4

podman-gvproxy-debuginfo-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: 7655b99c6ace20cd5a7d2b9775671b8ef9e3ff08bd14b1e07d95e6c21779e73d

podman-plugins-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: e729258ca60d857dd60f95b3f4927a73eba8b5cd1496c24323666f15d8f619a5

podman-plugins-debuginfo-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: 9b17e3de6642d4da43ceadb6856e6ffb033199cb3ba4198eff3a480ff71e4cee

podman-remote-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: 912db760ccf9c50c37edec6bb8a4b9619c3c59830d3083c511fe7ca0b31abf41

podman-remote-debuginfo-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: e5d441c76266763c55157675117bfa020f777ed7c9522150a8ccfae142a8e583

podman-tests-4.2.0-7.el9_1.ppc64le.rpm

SHA-256: f188ee419ec664a881357c65b390c557a0d431b343835bab8b43dba7ed4f375d

Red Hat Enterprise Linux for ARM 64 9

SRPM

podman-4.2.0-7.el9_1.src.rpm

SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294

aarch64

podman-4.2.0-7.el9_1.aarch64.rpm

SHA-256: a1dbe350f5b3bb0abf05d10f6e299168a917837d7d0cfc6e5b30d9449d27ef0c

podman-catatonit-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 267e1ba17ce471bf171d3e805e566b8131351f2bd9ae37ca6948506d83f77f87

podman-catatonit-debuginfo-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 543614afe5f39f461648f948cf7b46de3d4a0596e94cf21aa2047c69ca2f2bb7

podman-debuginfo-4.2.0-7.el9_1.aarch64.rpm

SHA-256: fc2943b9da6358ef55a45e9cc7abf78194b9d60c9a298e3b603ffa938b7dfede

podman-debugsource-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 997023273c436620aa1ab0ee0fc75fc0a9427bb7cde897570e2ed7a0c82c3c5d

podman-docker-4.2.0-7.el9_1.noarch.rpm

SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433

podman-gvproxy-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 30766bc8ca7b65a46eb0970e42ad716d9f037a90a0d88c0868244134705aca7d

podman-gvproxy-debuginfo-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 7477144304ec36531d4456b7541863c58a3822e1f135ca7368817b373cf8a9bb

podman-plugins-4.2.0-7.el9_1.aarch64.rpm

SHA-256: f8f77ba8643c735ee53472af40465a15eb7063d886e0a83ebaa31ef7c1c1c465

podman-plugins-debuginfo-4.2.0-7.el9_1.aarch64.rpm

SHA-256: fbb18a93b0c3156523a5b6f95a999fa32217599997e595b2bb3e2dc4818d4040

podman-remote-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 7980ee0223215e4a02f0f01cbebcf7bb058a3421f50036a0baf0e3a8afb16130

podman-remote-debuginfo-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 34c33e7b5125a6dbd81afb596438a4ec96f6a5bb5e2bc35717c9f223b9c115d1

podman-tests-4.2.0-7.el9_1.aarch64.rpm

SHA-256: 3f6ff45b44143175a3b76526b643e226fcd1dead8dcb806180485d3a88881660

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202407-12

Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.

Ubuntu Security Notice USN-6295-1

Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.

Red Hat Security Advisory 2023-1325-01

Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

Red Hat Security Advisory 2023-1328-01

Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1325: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2990: An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has d...

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-1327-01

Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.

Red Hat Security Advisory 2023-2802-01

Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2022-8431-01

Red Hat Security Advisory 2022-8431-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-8008-01

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.

RHSA-2022:8008: Red Hat Security Advisory: buildah security and bug fix update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...

Red Hat Security Advisory 2022-7457-01

Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2022-7822-01

Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-7822-01

Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

RHSA-2022:7822: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification

RHSA-2022:7822: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification

RHSA-2022:7457: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...

GHSA-fjm8-m7m6-2fjp: Buildah's incorrect handling of the supplementary groups before v1.27.1 may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

GHSA-4wjj-jwc9-2x96: Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2989: Invalid Bug ID

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Retbleed Fixed in Linux Kernel, Patch Delayed

Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.