Описание
ELSA-2020-1926: container-tools:1.0 security and bug fix update (IMPORTANT)
buildah [1.5-4.0.1.gite94b4f9]
- Fixes troubles with oracle registry login [Orabug: 29937283]
[1.5-4.gite94b4f9]
- fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'
- Resolves: #1819431
container-selinux [2:2.124.0-1.gitf958d0c]
- update to 2.124.0
- Resolves: #1816541
[2:2.94-2.git1e99f1d]
- rebuild because of CVE-2019-9512 and CVE-2019-9514
- Resolves: #1766316, #1766215
slirp4netns [0.1-5.dev.gitc4e1bc5]
- backport fix for CVE-2020-7039
- Resolves: #1791578
[0.1-4.dev.gitc4e1bc5]
- actually add CVE-2019-14378 patch to dist-git
- Related: RHELPLAN-25139
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:1.0 is enabled
buildah
1.5-4.0.1.gite94b4f9.module+el8.2.0+7621+b33f33e5
container-selinux
2.124.0-1.gitf958d0c.module+el8.2.0+7621+b33f33e5
containernetworking-plugins
0.7.4-3.git9ebe139.module+el8.2.0+7621+b33f33e5
containers-common
0.1.32-4.0.2.git1715c90.module+el8.2.0+7621+b33f33e5
crit
3.12-9.module+el8.2.0+7621+b33f33e5
criu
3.12-9.module+el8.2.0+7621+b33f33e5
fuse-overlayfs
0.3-5.module+el8.2.0+7621+b33f33e5
oci-systemd-hook
0.1.15-2.git2d0b8a3.module+el8.2.0+7621+b33f33e5
oci-umount
2.3.4-2.git87f9237.module+el8.2.0+7621+b33f33e5
podman
1.0.0-4.git921f98f.module+el8.2.0+7621+b33f33e5
podman-docker
1.0.0-4.git921f98f.module+el8.2.0+7621+b33f33e5
python3-criu
3.12-9.module+el8.2.0+7621+b33f33e5
runc
1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+7621+b33f33e5
skopeo
0.1.32-4.0.2.git1715c90.module+el8.2.0+7621+b33f33e5
slirp4netns
0.1-5.dev.gitc4e1bc5.module+el8.2.0+7621+b33f33e5
Oracle Linux x86_64
Module container-tools:1.0 is enabled
buildah
1.5-4.0.1.gite94b4f9.module+el8.2.0+7621+b33f33e5
container-selinux
2.124.0-1.gitf958d0c.module+el8.2.0+7621+b33f33e5
containernetworking-plugins
0.7.4-3.git9ebe139.module+el8.2.0+7621+b33f33e5
containers-common
0.1.32-4.0.2.git1715c90.module+el8.2.0+7621+b33f33e5
crit
3.12-9.module+el8.2.0+7621+b33f33e5
criu
3.12-9.module+el8.2.0+7621+b33f33e5
fuse-overlayfs
0.3-5.module+el8.2.0+7621+b33f33e5
oci-systemd-hook
0.1.15-2.git2d0b8a3.module+el8.2.0+7621+b33f33e5
oci-umount
2.3.4-2.git87f9237.module+el8.2.0+7621+b33f33e5
podman
1.0.0-4.git921f98f.module+el8.2.0+7621+b33f33e5
podman-docker
1.0.0-4.git921f98f.module+el8.2.0+7621+b33f33e5
python3-criu
3.12-9.module+el8.2.0+7621+b33f33e5
runc
1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+7621+b33f33e5
skopeo
0.1.32-4.0.2.git1715c90.module+el8.2.0+7621+b33f33e5
slirp4netns
0.1-5.dev.gitc4e1bc5.module+el8.2.0+7621+b33f33e5
Связанные CVE
Связанные уязвимости
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
A path traversal flaw was found in Buildah in versions before 1.14.5. ...
