Описание
ELSA-2021-2371: container-tools:ol8 security update (IMPORTANT)
buildah [1.19.7-2.0.1]
- Fixes troubles with oracle registry login [Orabug: 29937283]
[1.19.7-2]
- revert changes to the state of 3.0-8.4.0
- Related: #1954702
conmon [2:2.0.26-3]
- fix 'Permission on /dev/null are changing from 666 to 777 after running podman as root [rhel-8.4.0.z]'
- Resolves: #1961682
[2:2.0.26-2]
- revert back to the state of 3.0-8.4.0
- Related: #1954702
container-selinux [2:2.162.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0
- Related: #1954702
[2:2.161.1-2]
- do not use lockdown class yet - it is not available in RHEL
- Related: #1954702
[2:2.161.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1
- Related: #1954702
[2:2.160.2-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2
- Related: #1954702
crun [0.18-2]
- revert back to the state of 3.0-8.4.0
- Related: #1954702
fuse-overlayfs [1.4.0-3]
- revert back to the state of 3.0-8.4.0
- Related: #1954702
podman [3.0.1-7.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
[3.0.1-7]
- revert back to the state of 3.0-8.4.0
- Related: #1954702
runc [1.0.0-73.rc93]
- fix 'podman run --pid=host command causes OCI permission error'
- Related: #1954702
[1.0.0-72.rc93]
- fix CVE-2021-30465
- Related: #1954702
[1.0.0-71.rc93]
- upload rc93 tarball
- Related: #1954702
skopeo [1:1.2.2-10.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]
[1:1.2.2-10]
- re-enable release-1.2 branch
- Related: #1954702
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
buildah
1.19.7-2.0.1.module+el8.4.0+20195+0a4a4953
buildah-tests
1.19.7-2.0.1.module+el8.4.0+20195+0a4a4953
cockpit-podman
29-2.module+el8.4.0+20195+0a4a4953
conmon
2.0.26-3.module+el8.4.0+20195+0a4a4953
container-selinux
2.162.0-1.module+el8.4.0+20195+0a4a4953
containernetworking-plugins
0.9.1-1.module+el8.4.0+20195+0a4a4953
containers-common
1.2.2-10.0.1.module+el8.4.0+20195+0a4a4953
crit
3.15-1.module+el8.4.0+20195+0a4a4953
criu
3.15-1.module+el8.4.0+20195+0a4a4953
crun
0.18-2.module+el8.4.0+20195+0a4a4953
fuse-overlayfs
1.4.0-3.module+el8.4.0+20195+0a4a4953
libslirp
4.3.1-1.module+el8.4.0+20195+0a4a4953
libslirp-devel
4.3.1-1.module+el8.4.0+20195+0a4a4953
oci-seccomp-bpf-hook
1.2.0-2.module+el8.4.0+20195+0a4a4953
podman
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-catatonit
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-docker
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-plugins
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-remote
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-tests
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
python3-criu
3.15-1.module+el8.4.0+20195+0a4a4953
runc
1.0.0-73.rc93.module+el8.4.0+20195+0a4a4953
skopeo
1.2.2-10.0.1.module+el8.4.0+20195+0a4a4953
skopeo-tests
1.2.2-10.0.1.module+el8.4.0+20195+0a4a4953
slirp4netns
1.1.8-1.module+el8.4.0+20195+0a4a4953
udica
0.2.4-1.module+el8.4.0+20195+0a4a4953
Oracle Linux x86_64
Module container-tools:ol8 is enabled
buildah
1.19.7-2.0.1.module+el8.4.0+20195+0a4a4953
buildah-tests
1.19.7-2.0.1.module+el8.4.0+20195+0a4a4953
cockpit-podman
29-2.module+el8.4.0+20195+0a4a4953
conmon
2.0.26-3.module+el8.4.0+20195+0a4a4953
container-selinux
2.162.0-1.module+el8.4.0+20195+0a4a4953
containernetworking-plugins
0.9.1-1.module+el8.4.0+20195+0a4a4953
containers-common
1.2.2-10.0.1.module+el8.4.0+20195+0a4a4953
crit
3.15-1.module+el8.4.0+20195+0a4a4953
criu
3.15-1.module+el8.4.0+20195+0a4a4953
crun
0.18-2.module+el8.4.0+20195+0a4a4953
fuse-overlayfs
1.4.0-3.module+el8.4.0+20195+0a4a4953
libslirp
4.3.1-1.module+el8.4.0+20195+0a4a4953
libslirp-devel
4.3.1-1.module+el8.4.0+20195+0a4a4953
oci-seccomp-bpf-hook
1.2.0-2.module+el8.4.0+20195+0a4a4953
podman
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-catatonit
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-docker
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-plugins
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-remote
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
podman-tests
3.0.1-7.0.1.module+el8.4.0+20195+0a4a4953
python3-criu
3.15-1.module+el8.4.0+20195+0a4a4953
runc
1.0.0-73.rc93.module+el8.4.0+20195+0a4a4953
skopeo
1.2.2-10.0.1.module+el8.4.0+20195+0a4a4953
skopeo-tests
1.2.2-10.0.1.module+el8.4.0+20195+0a4a4953
slirp4netns
1.1.8-1.module+el8.4.0+20195+0a4a4953
udica
0.2.4-1.module+el8.4.0+20195+0a4a4953
Связанные CVE
Связанные уязвимости
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...
