ELSA-2021-4221

Опубликовано: 16 нояб. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-4221: container-tools:2.0 security update (MODERATE)

buildah [1.11.6-9.0.1]

Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483]
Fixes troubles with oracle registry login [Orabug: 29937283]

[1.11.6-9]

update to the latest content of https://github.com/containers/buildah/tree/release-1.11-rhel (https://github.com/containers/buildah/commit/6a746dc)
fixes CVE-2021-3602
Related: #1977942

runc [1.0.0-66.rc10]

set GO111MODULE=off to fix build
Related: #1955651

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module container-tools:2.0 is enabled

buildah

1.11.6-9.0.1.module+el8.5.0+20355+d36cb39d

buildah-tests

1.11.6-9.0.1.module+el8.5.0+20355+d36cb39d

cockpit-podman

11-1.module+el8.5.0+20355+d36cb39d

conmon

2.0.15-1.module+el8.5.0+20355+d36cb39d

container-selinux

2.130.0-1.module+el8.5.0+20355+d36cb39d

containernetworking-plugins

0.8.3-4.0.1.module+el8.5.0+20355+d36cb39d

containers-common

0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

crit

3.12-9.module+el8.5.0+20355+d36cb39d

criu

3.12-9.module+el8.5.0+20355+d36cb39d

fuse-overlayfs

0.7.8-1.module+el8.5.0+20355+d36cb39d

podman

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

podman-docker

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

podman-remote

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

podman-tests

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

python-podman-api

1.2.0-0.2.gitd0a45fe.module+el8.5.0+20355+d36cb39d

python3-criu

3.12-9.module+el8.5.0+20355+d36cb39d

runc

1.0.0-66.rc10.module+el8.5.0+20355+d36cb39d

skopeo

0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

skopeo-tests

0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

slirp4netns

0.4.2-3.git21fdece.module+el8.5.0+20355+d36cb39d

udica

0.2.1-2.module+el8.5.0+20355+d36cb39d

Oracle Linux x86_64

Module container-tools:2.0 is enabled

buildah

1.11.6-9.0.1.module+el8.5.0+20355+d36cb39d

buildah-tests

1.11.6-9.0.1.module+el8.5.0+20355+d36cb39d

cockpit-podman

11-1.module+el8.5.0+20355+d36cb39d

conmon

2.0.15-1.module+el8.5.0+20355+d36cb39d

container-selinux

2.130.0-1.module+el8.5.0+20355+d36cb39d

containernetworking-plugins

0.8.3-4.0.1.module+el8.5.0+20355+d36cb39d

containers-common

0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

crit

3.12-9.module+el8.5.0+20355+d36cb39d

criu

3.12-9.module+el8.5.0+20355+d36cb39d

fuse-overlayfs

0.7.8-1.module+el8.5.0+20355+d36cb39d

podman

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

podman-docker

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

podman-remote

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

podman-tests

1.6.4-26.0.1.module+el8.5.0+20355+d36cb39d

python-podman-api

1.2.0-0.2.gitd0a45fe.module+el8.5.0+20355+d36cb39d

python3-criu

3.12-9.module+el8.5.0+20355+d36cb39d

runc

1.0.0-66.rc10.module+el8.5.0+20355+d36cb39d

skopeo

0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

skopeo-tests

0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

slirp4netns

0.4.2-3.git21fdece.module+el8.5.0+20355+d36cb39d

udica

0.2.1-2.module+el8.5.0+20355+d36cb39d

Связанные CVE

CVE-2021-3602

Ссылки на источники

Связанные уязвимости

CVE-2021-3602

CVSS3: 5.5

ubuntu

больше 3 лет назад

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).