Описание
ELSA-2022-1793: container-tools:3.0 security and bug fix update (MODERATE)
buildah [1.19.9-3]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/3808e27)
- Resolves: #2067540
container-selinux [2:2.178.0-2]
- remove conflict on udica - we still ship udica 2.4 in 3.0-8.6.0
- Related: #2067540
[2:2.178.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0
- Related: #2001445
crun [0.18-3]
- fix CVE-2022-27650
- Resolves: #2067565
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:3.0 is enabled
buildah
1.19.9-3.module+el8.6.0+20652+6ea35e6f
buildah-tests
1.19.9-3.module+el8.6.0+20652+6ea35e6f
cockpit-podman
29-2.module+el8.6.0+20652+6ea35e6f
conmon
2.0.26-1.module+el8.6.0+20652+6ea35e6f
container-selinux
2.178.0-2.module+el8.6.0+20652+6ea35e6f
containernetworking-plugins
0.9.1-1.module+el8.6.0+20652+6ea35e6f
containers-common
1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
crit
3.15-1.module+el8.6.0+20652+6ea35e6f
criu
3.15-1.module+el8.6.0+20652+6ea35e6f
crun
0.18-3.module+el8.6.0+20652+6ea35e6f
fuse-overlayfs
1.4.0-2.module+el8.6.0+20652+6ea35e6f
libslirp
4.3.1-1.module+el8.6.0+20652+6ea35e6f
libslirp-devel
4.3.1-1.module+el8.6.0+20652+6ea35e6f
oci-seccomp-bpf-hook
1.2.0-3.module+el8.6.0+20652+6ea35e6f
podman
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-catatonit
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-docker
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-plugins
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-remote
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-tests
3.0.1-8.module+el8.6.0+20652+6ea35e6f
python3-criu
3.15-1.module+el8.6.0+20652+6ea35e6f
runc
1.0.0-73.rc95.module+el8.6.0+20652+6ea35e6f
skopeo
1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
skopeo-tests
1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
slirp4netns
1.1.8-1.module+el8.6.0+20652+6ea35e6f
udica
0.2.4-1.module+el8.6.0+20652+6ea35e6f
Oracle Linux x86_64
Module container-tools:3.0 is enabled
buildah
1.19.9-3.module+el8.6.0+20652+6ea35e6f
buildah-tests
1.19.9-3.module+el8.6.0+20652+6ea35e6f
cockpit-podman
29-2.module+el8.6.0+20652+6ea35e6f
conmon
2.0.26-1.module+el8.6.0+20652+6ea35e6f
container-selinux
2.178.0-2.module+el8.6.0+20652+6ea35e6f
containernetworking-plugins
0.9.1-1.module+el8.6.0+20652+6ea35e6f
containers-common
1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
crit
3.15-1.module+el8.6.0+20652+6ea35e6f
criu
3.15-1.module+el8.6.0+20652+6ea35e6f
crun
0.18-3.module+el8.6.0+20652+6ea35e6f
fuse-overlayfs
1.4.0-2.module+el8.6.0+20652+6ea35e6f
libslirp
4.3.1-1.module+el8.6.0+20652+6ea35e6f
libslirp-devel
4.3.1-1.module+el8.6.0+20652+6ea35e6f
oci-seccomp-bpf-hook
1.2.0-3.module+el8.6.0+20652+6ea35e6f
podman
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-catatonit
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-docker
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-plugins
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-remote
3.0.1-8.module+el8.6.0+20652+6ea35e6f
podman-tests
3.0.1-8.module+el8.6.0+20652+6ea35e6f
python3-criu
3.15-1.module+el8.6.0+20652+6ea35e6f
runc
1.0.0-73.rc95.module+el8.6.0+20652+6ea35e6f
skopeo
1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
skopeo-tests
1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
slirp4netns
1.1.8-1.module+el8.6.0+20652+6ea35e6f
udica
0.2.4-1.module+el8.6.0+20652+6ea35e6f
Связанные CVE
Связанные уязвимости
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
A flaw was found in crun where containers were incorrectly started wit ...
