ELSA-2020-1931

Опубликовано: 12 мая 2020

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2020-1931: container-tools:2.0 security update (IMPORTANT)

buildah [1.11.6-7.0.1]

Fixes troubles with oracle registry login [Orabug: 29937283]

[1.11.6-7]

fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'
Resolves: #1819393

conmon [2:2.0.6-1.0.1]

Remove upstream references [Orabug: 30871880]

[2:2.0.6-1]

update to 2.0.6
Related: RHELPLAN-25139

podman [1.6.4-11.0.1]

delivering fix for [Orabug: 29874238] by Nikita Gerasimov nikita.gerasimov@oracle.com

[1.6.4-11]

fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'
Resolves: #1819391

python-podman-api [1.2.0-0.2.gitd0a45fe]

revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL
Related: RHELPLAN-25139

skopeo [0.1.40-9.0.1]

Add oracle registry into the conf file [Orabug: 29845934 31306708]
Fix oracle registry login issues [Orabug: 29937192]

[1:0.1.40-9]

add docker.io into the default registry list
Related: #1810053

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module container-tools:2.0 is enabled

buildah

1.11.6-7.0.1.module+el8.2.0+7618+3a616245

buildah-tests

1.11.6-7.0.1.module+el8.2.0+7618+3a616245

cockpit-podman

11-1.module+el8.2.0+7618+3a616245

conmon

2.0.6-1.0.1.module+el8.2.0+7618+3a616245

container-selinux

2.124.0-1.module+el8.2.0+7618+3a616245

containernetworking-plugins

0.8.3-4.0.1.module+el8.2.0+7618+3a616245

containers-common

0.1.40-9.0.1.module+el8.2.0+7618+3a616245

crit

3.12-9.module+el8.2.0+7618+3a616245

criu

3.12-9.module+el8.2.0+7618+3a616245

fuse-overlayfs

0.7.2-5.module+el8.2.0+7618+3a616245

podman

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

podman-docker

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

podman-remote

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

podman-tests

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

python-podman-api

1.2.0-0.2.gitd0a45fe.module+el8.2.0+7618+3a616245

python3-criu

3.12-9.module+el8.2.0+7618+3a616245

runc

1.0.0-64.rc10.module+el8.2.0+7618+3a616245

skopeo

0.1.40-9.0.1.module+el8.2.0+7618+3a616245

skopeo-tests

0.1.40-9.0.1.module+el8.2.0+7618+3a616245

slirp4netns

0.4.2-3.git21fdece.module+el8.2.0+7618+3a616245

udica

0.2.1-2.module+el8.2.0+7618+3a616245

Oracle Linux x86_64

Module container-tools:2.0 is enabled

buildah

1.11.6-7.0.1.module+el8.2.0+7618+3a616245

buildah-tests

1.11.6-7.0.1.module+el8.2.0+7618+3a616245

cockpit-podman

11-1.module+el8.2.0+7618+3a616245

conmon

2.0.6-1.0.1.module+el8.2.0+7618+3a616245

container-selinux

2.124.0-1.module+el8.2.0+7618+3a616245

containernetworking-plugins

0.8.3-4.0.1.module+el8.2.0+7618+3a616245

containers-common

0.1.40-9.0.1.module+el8.2.0+7618+3a616245

crit

3.12-9.module+el8.2.0+7618+3a616245

criu

3.12-9.module+el8.2.0+7618+3a616245

fuse-overlayfs

0.7.2-5.module+el8.2.0+7618+3a616245

podman

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

podman-docker

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

podman-remote

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

podman-tests

1.6.4-11.0.1.module+el8.2.0+7618+3a616245

python-podman-api

1.2.0-0.2.gitd0a45fe.module+el8.2.0+7618+3a616245

python3-criu

3.12-9.module+el8.2.0+7618+3a616245

runc

1.0.0-64.rc10.module+el8.2.0+7618+3a616245

skopeo

0.1.40-9.0.1.module+el8.2.0+7618+3a616245

skopeo-tests

0.1.40-9.0.1.module+el8.2.0+7618+3a616245

slirp4netns

0.4.2-3.git21fdece.module+el8.2.0+7618+3a616245

udica

0.2.1-2.module+el8.2.0+7618+3a616245

Связанные CVE

CVE-2020-10696

Ссылки на источники

Связанные уязвимости

CVE-2020-10696

CVSS3: 8.8

ubuntu

около 5 лет назад

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.