ELSA-2022-2143

Опубликовано: 19 мая 2022

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2022-2143: container-tools:3.0 security update (IMPORTANT)

podman [3.0.1-9]

update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/801b7e8)
Resolves: #2074143

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module container-tools:3.0 is enabled

buildah

1.19.9-3.module+el8.6.0+20668+bfa6216f

buildah-tests

1.19.9-3.module+el8.6.0+20668+bfa6216f

cockpit-podman

29-2.module+el8.6.0+20668+bfa6216f

conmon

2.0.26-1.module+el8.6.0+20668+bfa6216f

container-selinux

2.178.0-2.module+el8.6.0+20668+bfa6216f

containernetworking-plugins

0.9.1-1.module+el8.6.0+20668+bfa6216f

containers-common

1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f

crit

3.15-1.module+el8.6.0+20668+bfa6216f

criu

3.15-1.module+el8.6.0+20668+bfa6216f

crun

0.18-3.module+el8.6.0+20668+bfa6216f

fuse-overlayfs

1.4.0-2.module+el8.6.0+20668+bfa6216f

libslirp

4.3.1-1.module+el8.6.0+20668+bfa6216f

libslirp-devel

4.3.1-1.module+el8.6.0+20668+bfa6216f

oci-seccomp-bpf-hook

1.2.0-3.module+el8.6.0+20668+bfa6216f

podman

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-catatonit

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-docker

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-plugins

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-remote

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-tests

3.0.1-9.module+el8.6.0+20668+bfa6216f

python3-criu

3.15-1.module+el8.6.0+20668+bfa6216f

runc

1.0.0-73.rc95.module+el8.6.0+20668+bfa6216f

skopeo

1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f

skopeo-tests

1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f

slirp4netns

1.1.8-1.module+el8.6.0+20668+bfa6216f

udica

0.2.4-1.module+el8.6.0+20668+bfa6216f

Oracle Linux x86_64

Module container-tools:3.0 is enabled

buildah

1.19.9-3.module+el8.6.0+20668+bfa6216f

buildah-tests

1.19.9-3.module+el8.6.0+20668+bfa6216f

cockpit-podman

29-2.module+el8.6.0+20668+bfa6216f

conmon

2.0.26-1.module+el8.6.0+20668+bfa6216f

container-selinux

2.178.0-2.module+el8.6.0+20668+bfa6216f

containernetworking-plugins

0.9.1-1.module+el8.6.0+20668+bfa6216f

containers-common

1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f

crit

3.15-1.module+el8.6.0+20668+bfa6216f

criu

3.15-1.module+el8.6.0+20668+bfa6216f

crun

0.18-3.module+el8.6.0+20668+bfa6216f

fuse-overlayfs

1.4.0-2.module+el8.6.0+20668+bfa6216f

libslirp

4.3.1-1.module+el8.6.0+20668+bfa6216f

libslirp-devel

4.3.1-1.module+el8.6.0+20668+bfa6216f

oci-seccomp-bpf-hook

1.2.0-3.module+el8.6.0+20668+bfa6216f

podman

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-catatonit

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-docker

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-plugins

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-remote

3.0.1-9.module+el8.6.0+20668+bfa6216f

podman-tests

3.0.1-9.module+el8.6.0+20668+bfa6216f

python3-criu

3.15-1.module+el8.6.0+20668+bfa6216f

runc

1.0.0-73.rc95.module+el8.6.0+20668+bfa6216f

skopeo

1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f

skopeo-tests

1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f

slirp4netns

1.1.8-1.module+el8.6.0+20668+bfa6216f

udica

0.2.4-1.module+el8.6.0+20668+bfa6216f

Связанные CVE

CVE-2022-1227

Ссылки на источники

Связанные уязвимости

CVE-2022-1227

CVSS3: 8.8

ubuntu

около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.