Описание
ELSA-2019-0975: container-tools:rhel8 security and bug fix update (IMPORTANT)
container-selinux [2:2.94-1.git1e99f1d]
- Resolves: #1690286 - bump to v2.94
- Resolves: #1693806, #1689255
[2:2.89-1.git2521d0d]
- bump to v2.89
runc [1.0.0-55.rc5.dev.git2abd837]
- Resolves: CVE-2019-5736
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
buildah
1.5-3.0.1.gite94b4f9.module+el8.0.0+5215+77f672ad
container-selinux
2.94-1.git1e99f1d.module+el8.0.0+5215+77f672ad
containernetworking-plugins
0.7.4-3.git9ebe139.module+el8.0.0+5215+77f672ad
containers-common
0.1.32-3.0.2.git1715c90.module+el8.0.0+5215+77f672ad
fuse-overlayfs
0.3-2.module+el8.0.0+5215+77f672ad
oci-systemd-hook
0.1.15-2.git2d0b8a3.module+el8.0.0+5215+77f672ad
oci-umount
2.3.4-2.git87f9237.module+el8.0.0+5215+77f672ad
podman
1.0.0-2.0.1.git921f98f.module+el8.0.0+5215+77f672ad
podman-docker
1.0.0-2.0.1.git921f98f.module+el8.0.0+5215+77f672ad
runc
1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+5215+77f672ad
skopeo
0.1.32-3.0.2.git1715c90.module+el8.0.0+5215+77f672ad
slirp4netns
0.1-2.dev.gitc4e1bc5.module+el8.0.0+5215+77f672ad
Oracle Linux x86_64
Module container-tools:ol8 is enabled
buildah
1.5-3.0.1.gite94b4f9.module+el8.0.0+5215+77f672ad
container-selinux
2.94-1.git1e99f1d.module+el8.0.0+5215+77f672ad
containernetworking-plugins
0.7.4-3.git9ebe139.module+el8.0.0+5215+77f672ad
containers-common
0.1.32-3.0.2.git1715c90.module+el8.0.0+5215+77f672ad
fuse-overlayfs
0.3-2.module+el8.0.0+5215+77f672ad
oci-systemd-hook
0.1.15-2.git2d0b8a3.module+el8.0.0+5215+77f672ad
oci-umount
2.3.4-2.git87f9237.module+el8.0.0+5215+77f672ad
podman
1.0.0-2.0.1.git921f98f.module+el8.0.0+5215+77f672ad
podman-docker
1.0.0-2.0.1.git921f98f.module+el8.0.0+5215+77f672ad
runc
1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+5215+77f672ad
skopeo
0.1.32-3.0.2.git1715c90.module+el8.0.0+5215+77f672ad
slirp4netns
0.1-2.dev.gitc4e1bc5.module+el8.0.0+5215+77f672ad
Связанные CVE
Связанные уязвимости
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
runc through 1.0-rc6, as used in Docker before 18.09.2 and other produ ...