Описание
ELSA-2020-3053: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)
buildah [1.14.9-1.0.1]
- Fixes troubles with oracle registry login [Orabug: 29937283]
[1.14.9-1]
- update to https://github.com/containers/buildah/releases/tag/v1.14.9
- Related: RHELPLAN-39206
[1.14.8-2]
- make container-selinux a soft dependency
- Related: #1806044
[1.14.8-1]
- update to https://github.com/containers/buildah/releases/tag/v1.14.8
- Related: RHELPLAN-39206
[1.14.7-1]
- initial rhel8-8.2.1 build
- update to https://github.com/containers/buildah/releases/tag/v1.14.7
- Related: RHELPLAN-39206
cockpit-podman [17-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/17
- Related: RHELPLAN-39206
[16-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/v16
- Related: RHELPLAN-39206
[15-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/15
- Related: RHELPLAN-39206
[12-1]
- Configure CPU share for system containers
- Translation updates
conmon [2:2.0.17-1.0.1]
- Remove upstream references [Orabug: 30871880]
[2:2.0.17-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.17
- Related: RHELPLAN-39206
[2:2.0.16-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.16
- Related: RHELPLAN-39206
[2:2.0.15-1]
- update to 2.0.15
- Related: #1821204
containernetworking-plugins [0.8.6-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v0.8.6
- Related: RHELPLAN-39206
[0.8.5-1]
- update to https://github.com/containernetworking/plugins/archive/v0.8.5.tar.gz
- Related: RHELPLAN-39206
container-selinux [2:2.135.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0
- Related: RHELPLAN-39206
[2:2.134.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0
- Related: RHELPLAN-39206
[2:2.132.0-2]
- sync with Fedora and install selinux contexts file into /usr/share/containers/selinux/contexts (thanks to Dan Walsh)
- do not print error in RPM transaction log when customizable_types file is missing
- Related: RHELPLAN-39206
[2:2.132.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.132.0
- Related: RHELPLAN-39206
[2:2.131.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.131.0
- Related: RHELPLAN-39206
[2:2.130.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0
- dont use macros in changelog
- Related: #1821204
criu [3.14-2]
- fix 'Need to fix bugs found by coverity.'
- Resolves: #1838991
[3.14-1]
- update to https://github.com/checkpoint-restore/criu/releases/tag/v3.14
- Related: RHELPLAN-39206
[3.13-1]
- update to 3.13
- Related: RHELPLAN-39206
fuse-overlayfs [1.0.0-2]
- remove bogus Provides from spec
- Related: RHELPLAN-39206
[1.0.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.0.0
- Related: RHELPLAN-39206
libslirp [4.3.0-3]
- fix static analysis issues merged upstream (https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41)
- Related: #1823657
[4.3.0-2]
- initial libslirp build for container-tools 8.2.1 module
- Resolves: #1823657
[4.3.0-1]
- New v4.3.0 release
podman [1.9.3-2.0.1]
- delivering fix for [Orabug: 29874238] by Nikita Gerasimov nikita.gerasimov@oracle.com
[1.9.3-2]
- fix 'Signature verification incorrectly uses mirrors references'
- Resolves: #1829061
[1.9.3-1]
- update to https://github.com/containers/libpod/releases/tag/v1.9.3
- Related: RHELPLAN-39206
[1.9.2-3]
- fix 'Podman support for FIPS Mode requires a bind mount inside the container'
- version the oci-systemd-hook obsolete
- Related: #1784950
- Related: #1836180
[1.9.2-2]
- obsolete oci-systemd-hook package
- Resolves: #1836180
[1.9.2-1]
- update to https://github.com/containers/libpod/releases/tag/v1.9.2
- Related: RHELPLAN-39206
[1.9.1-2]
- make container-selinux a soft dependency
- Related: #1806044
[1.9.1-1]
- update to https://github.com/containers/libpod/releases/tag/v1.9.1
- Related: RHELPLAN-39206
[1.9.0-2]
- remove containers-mounts.conf man page, this is shipped by skopeo: containers-common subpackage
- Related: RHELPLAN-39206
[1.9.0-1]
- update to https://github.com/containers/libpod/releases/tag/v1.9.0
- Related: RHELPLAN-39206
python-podman-api [1.2.0-0.2.gitd0a45fe]
- revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL
- Related: RHELPLAN-25139
[1.2.0-0.1.gitd0a45fe]
- Initial package
runc [1.0.0-66.rc10]
- drop container-selinux runtime dependency
- Related: #1806044
[1.0.0-65.rc10]
- address CVE-2019-19921 by updating to rc10
- Resolves: #1801887
[1.0.0-64.rc9]
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
- Related: RHELPLAN-25139
[1.0.0-63.rc9]
- be sure to use golang >= 1.12.12-4
- Related: RHELPLAN-25139
[1.0.0-62.rc9]
- rebuild because of CVE-2019-9512 and CVE-2019-9514
- Resolves: #1766331, #1766303
[1.0.0-61.rc9]
- update to runc 1.0.0-rc9 release
- amend golang deps
- fixes CVE-2019-16884
- Resolves: #1759651
[1.0.0-60.rc8]
- Resolves: #1721247 - enable fips mode
[1.0.0-59.rc8]
- Resolves: #1720654 - rebase to v1.0.0-rc8
[1.0.0-57.rc5.dev.git2abd837]
- Resolves: #1693424 - podman rootless: cannot specify gid= mount options
[1.0.0-56.rc5.dev.git2abd837]
- change-default-root patch not needed as theres no docker on rhel8
[1.0.0-55.rc5.dev.git2abd837]
- Resolves: CVE-2019-5736
[1.0.0-54.rc5.dev.git2abd837]
- re-enable debuginfo
[1.0.0-53.rc5.dev.git2abd837]
- go toolset not in scl anymore
[1.0.0-52.rc5.dev.git2abd837]
- rebase
skopeo [1:1.0.0-1.0.1]
- Add oracle registry into the conf file [Orabug: 29845934 31306708]
- Fix oracle registry login issues [Orabug: 29937192]
[1:1.0.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.0.0
- Related: RHELPLAN-39206
[1:0.2.0-5]
- follow Dans suggestion to deliver seccomp.json and storage.conf from Fedora and not directly from upstream yet
- Related: RHELPLAN-39206
[1:0.2.0-4]
- re-include ppc64 arch, golang doesnt seem broken there any more
- synchronize man pages and config files with upstream
- Related: RHELPLAN-39206
[1:0.2.0-3]
- include and ship containers.conf
- Resolves: #1826486
[1:0.2.0-2]
- add docker.io into the default registry list
- Related: RHELPLAN-39206
[1:0.2.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v0.2.0
- initial rhel8-8.2.1 build
- Related: RHELPLAN-39206
slirp4netns [1.0.1-1]
- update to https://github.com/rootless-containers/slirp4netns/archive/v1.0.1.tar.gz
- Related: RHELPLAN-39206
[0.4.3-1]
- update to https://github.com/rootless-containers/slirp4netns/archive/v0.4.3.tar.gz
- Related: RHELPLAN-39206
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
buildah
1.14.9-1.0.1.module+el8.2.1+7658+86e51d52
buildah-tests
1.14.9-1.0.1.module+el8.2.1+7658+86e51d52
cockpit-podman
17-1.module+el8.2.1+7658+86e51d52
conmon
2.0.17-1.0.1.module+el8.2.1+7658+86e51d52
container-selinux
2.135.0-1.module+el8.2.1+7658+86e51d52
containernetworking-plugins
0.8.6-1.module+el8.2.1+7658+86e51d52
containers-common
1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
crit
3.14-2.module+el8.2.1+7658+86e51d52
criu
3.14-2.module+el8.2.1+7658+86e51d52
fuse-overlayfs
1.0.0-2.module+el8.2.1+7658+86e51d52
libslirp
4.3.0-3.module+el8.2.1+7658+86e51d52
libslirp-devel
4.3.0-3.module+el8.2.1+7658+86e51d52
podman
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
podman-docker
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
podman-remote
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
podman-tests
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
python-podman-api
1.2.0-0.2.gitd0a45fe.module+el8.2.1+7658+86e51d52
python3-criu
3.14-2.module+el8.2.1+7658+86e51d52
runc
1.0.0-66.rc10.module+el8.2.1+7658+86e51d52
skopeo
1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
skopeo-tests
1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
slirp4netns
1.0.1-1.module+el8.2.1+7658+86e51d52
udica
0.2.1-2.module+el8.2.1+7658+86e51d52
Oracle Linux x86_64
Module container-tools:ol8 is enabled
buildah
1.14.9-1.0.1.module+el8.2.1+7658+86e51d52
buildah-tests
1.14.9-1.0.1.module+el8.2.1+7658+86e51d52
cockpit-podman
17-1.module+el8.2.1+7658+86e51d52
conmon
2.0.17-1.0.1.module+el8.2.1+7658+86e51d52
container-selinux
2.135.0-1.module+el8.2.1+7658+86e51d52
containernetworking-plugins
0.8.6-1.module+el8.2.1+7658+86e51d52
containers-common
1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
crit
3.14-2.module+el8.2.1+7658+86e51d52
criu
3.14-2.module+el8.2.1+7658+86e51d52
fuse-overlayfs
1.0.0-2.module+el8.2.1+7658+86e51d52
libslirp
4.3.0-3.module+el8.2.1+7658+86e51d52
libslirp-devel
4.3.0-3.module+el8.2.1+7658+86e51d52
podman
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
podman-docker
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
podman-remote
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
podman-tests
1.9.3-2.0.1.module+el8.2.1+7658+86e51d52
python-podman-api
1.2.0-0.2.gitd0a45fe.module+el8.2.1+7658+86e51d52
python3-criu
3.14-2.module+el8.2.1+7658+86e51d52
runc
1.0.0-66.rc10.module+el8.2.1+7658+86e51d52
skopeo
1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
skopeo-tests
1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
slirp4netns
1.0.1-1.module+el8.2.1+7658+86e51d52
udica
0.2.1-2.module+el8.2.1+7658+86e51d52
Связанные CVE
Связанные уязвимости
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...
