Описание
ELSA-2021-1796: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)
cockpit-podman [29-2]
- fix gating test failure for cockpit-podman
- Related: #1914884
[29-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29
- Related: #1883490
conmon [2:2.0.26-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.26
- Related: #1883490
container-selinux [2:2.158.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490
crun [0.18-1]
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490
[0.17-2]
- reverting back to 0.17 as theres no glibc-static in RHEL
- Related: #1883490
[0.18-1]
- update to https://github.com/containers/crun/releases/tag/0.18
- Related: #1883490
fuse-overlayfs [1.4.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Related: #1883490
[1.4.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0
- Related: #1883490
oci-seccomp-bpf-hook [1.2.0-2]
- revert back to 1.2.0 - build issues
- Related: #1883490
podman [3.0.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/ad1aaba)
- Resolves: #1921128
- Resolves: #1936927
- Resolves: #1938234
[3.0.1-5]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/fcca86d)
- Resolves: #1936927
[3.0.1-4]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/c67172a)
- Resolves: #1935376
[3.0.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/7a71903)
- Resolves: #1931545
[3.0.1-2]
- update to the latest content of https://github.com/containers/podman/tree/v3.0 (https://github.com/containers/podman/commit/9a2fc37)
- Related: #1883490
[3.0.1-1]
- update to the latest content of https://github.com/containers/podman/tree/v3.0 (https://github.com/containers/podman/commit/7e286bc)
- Related: #1883490
runc [1.0.0-70.rc92]
- add missing Provides: oci-runtime = 1
- Related: #1883490
[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1883490
[1.0.0-68.rc92]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
- Related: #1821193
[1.0.0-67.rc91]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91
- Related: #1821193
[1.0.0-66.rc10]
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193
[1.0.0-65.rc10]
- address CVE-2019-19921 by updating to rc10
- Resolves: #1801887
[1.0.0-64.rc9]
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
- Related: RHELPLAN-25139
skopeo [1.2.2-8.0.1]
- Ignore rhel-shortnames.conf [JIRA: OLDIS-3902]
- Temporarily update shortnames.conf for oraclelinux to point to docker [JIRA: OLDIS-3902]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]
[1:1.2.2-8]
- use runc as default OCI runtime in RHEL8
- Resolves: #1940854
[1:1.2.2-7]
- update documentation and configs according to the current versions of vendored projects
- Related: #1938234
[1:1.2.2-6]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2 (https://github.com/containers/skopeo/commit/e7880c4)
- Related: #1938234
[1:1.2.2-5]
- use infra_image = registry.redhat.io/ubi8/pause in contiainers.conf (unlike previous one ubi8/pause doesnt require authentication)
- Related: #1934947
[1:1.2.2-4]
- quote infra_image registry, otherwise it cant be parsed
- Related: #1934947
[1:1.2.2-3]
- use infra_image = registry.redhat.io/rhel8/pause in contiainers.conf
- Resolves: #1934947
[1:1.2.2-2]
- update rhel-shortnames.conf to include only trusted registries
- Resolves: #1931785
[1:1.2.2-1]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2 (https://github.com/containers/skopeo/commit/e72dd9c)
- Related: #1883490
udica [0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
buildah
1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb
buildah-tests
1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb
cockpit-podman
29-2.module+el8.4.0+20157+b6591bfb
conmon
2.0.26-1.module+el8.4.0+20157+b6591bfb
container-selinux
2.158.0-1.module+el8.4.0+20157+b6591bfb
containernetworking-plugins
0.9.1-1.module+el8.4.0+20157+b6591bfb
containers-common
1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
crit
3.15-1.module+el8.4.0+20157+b6591bfb
criu
3.15-1.module+el8.4.0+20157+b6591bfb
crun
0.18-1.module+el8.4.0+20157+b6591bfb
fuse-overlayfs
1.4.0-2.module+el8.4.0+20157+b6591bfb
libslirp
4.3.1-1.module+el8.4.0+20157+b6591bfb
libslirp-devel
4.3.1-1.module+el8.4.0+20157+b6591bfb
oci-seccomp-bpf-hook
1.2.0-2.module+el8.4.0+20157+b6591bfb
podman
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-catatonit
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-docker
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-plugins
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-remote
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-tests
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
python3-criu
3.15-1.module+el8.4.0+20157+b6591bfb
runc
1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb
skopeo
1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
skopeo-tests
1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
slirp4netns
1.1.8-1.module+el8.4.0+20157+b6591bfb
udica
0.2.4-1.module+el8.4.0+20157+b6591bfb
Oracle Linux x86_64
Module container-tools:ol8 is enabled
buildah
1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb
buildah-tests
1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb
cockpit-podman
29-2.module+el8.4.0+20157+b6591bfb
conmon
2.0.26-1.module+el8.4.0+20157+b6591bfb
container-selinux
2.158.0-1.module+el8.4.0+20157+b6591bfb
containernetworking-plugins
0.9.1-1.module+el8.4.0+20157+b6591bfb
containers-common
1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
crit
3.15-1.module+el8.4.0+20157+b6591bfb
criu
3.15-1.module+el8.4.0+20157+b6591bfb
crun
0.18-1.module+el8.4.0+20157+b6591bfb
fuse-overlayfs
1.4.0-2.module+el8.4.0+20157+b6591bfb
libslirp
4.3.1-1.module+el8.4.0+20157+b6591bfb
libslirp-devel
4.3.1-1.module+el8.4.0+20157+b6591bfb
oci-seccomp-bpf-hook
1.2.0-2.module+el8.4.0+20157+b6591bfb
podman
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-catatonit
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-docker
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-plugins
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-remote
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
podman-tests
3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb
python3-criu
3.15-1.module+el8.4.0+20157+b6591bfb
runc
1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb
skopeo
1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
skopeo-tests
1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
slirp4netns
1.1.8-1.module+el8.4.0+20157+b6591bfb
udica
0.2.4-1.module+el8.4.0+20157+b6591bfb
Связанные CVE
Связанные уязвимости
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...