ELSA-2024-0748

Опубликовано: 14 фев. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-0748: container-tools:4.0 security update (IMPORTANT)

buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-25.0.1]

update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/427a15f)
Resolves: RHEL-17145

running containers python-podman runc [1:1.1.12-1]

update to https://github.com/opencontainers/runc/releases/tag/v1.1.12
Resolves: RHEL-21863

skopeo slirp4netns udica

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module container-tools:4.0 is enabled

aardvark-dns

1.0.1-38.0.1.module+el8.9.0+90148+6046e3c3

buildah

1.24.6-7.module+el8.9.0+90148+6046e3c3

buildah-tests

1.24.6-7.module+el8.9.0+90148+6046e3c3

cockpit-podman

46-1.module+el8.9.0+90148+6046e3c3

conmon

2.1.4-2.module+el8.9.0+90148+6046e3c3

container-selinux

2.205.0-3.module+el8.9.0+90148+6046e3c3

containernetworking-plugins

1.1.1-6.module+el8.9.0+90148+6046e3c3

containers-common

1-38.0.1.module+el8.9.0+90148+6046e3c3

crit

3.15-3.module+el8.9.0+90148+6046e3c3

criu

3.15-3.module+el8.9.0+90148+6046e3c3

criu-devel

3.15-3.module+el8.9.0+90148+6046e3c3

criu-libs

3.15-3.module+el8.9.0+90148+6046e3c3

crun

1.8.7-1.module+el8.9.0+90148+6046e3c3

fuse-overlayfs

1.9-2.module+el8.9.0+90148+6046e3c3

libslirp

4.4.0-1.module+el8.9.0+90148+6046e3c3

libslirp-devel

4.4.0-1.module+el8.9.0+90148+6046e3c3

netavark

1.0.1-38.0.1.module+el8.9.0+90148+6046e3c3

oci-seccomp-bpf-hook

1.2.5-2.module+el8.9.0+90148+6046e3c3

podman

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-catatonit

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-docker

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-gvproxy

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-plugins

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-remote

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-tests

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

python3-criu

3.15-3.module+el8.9.0+90148+6046e3c3

python3-podman

4.0.0-2.module+el8.9.0+90148+6046e3c3

runc

1.1.12-1.module+el8.9.0+90148+6046e3c3

skopeo

1.6.2-9.module+el8.9.0+90148+6046e3c3

skopeo-tests

1.6.2-9.module+el8.9.0+90148+6046e3c3

slirp4netns

1.1.8-3.module+el8.9.0+90148+6046e3c3

udica

0.2.6-4.module+el8.9.0+90148+6046e3c3

Oracle Linux x86_64

Module container-tools:4.0 is enabled

aardvark-dns

1.0.1-38.0.1.module+el8.9.0+90148+6046e3c3

buildah

1.24.6-7.module+el8.9.0+90148+6046e3c3

buildah-tests

1.24.6-7.module+el8.9.0+90148+6046e3c3

cockpit-podman

46-1.module+el8.9.0+90148+6046e3c3

conmon

2.1.4-2.module+el8.9.0+90148+6046e3c3

container-selinux

2.205.0-3.module+el8.9.0+90148+6046e3c3

containernetworking-plugins

1.1.1-6.module+el8.9.0+90148+6046e3c3

containers-common

1-38.0.1.module+el8.9.0+90148+6046e3c3

crit

3.15-3.module+el8.9.0+90148+6046e3c3

criu

3.15-3.module+el8.9.0+90148+6046e3c3

criu-devel

3.15-3.module+el8.9.0+90148+6046e3c3

criu-libs

3.15-3.module+el8.9.0+90148+6046e3c3

crun

1.8.7-1.module+el8.9.0+90148+6046e3c3

fuse-overlayfs

1.9-2.module+el8.9.0+90148+6046e3c3

libslirp

4.4.0-1.module+el8.9.0+90148+6046e3c3

libslirp-devel

4.4.0-1.module+el8.9.0+90148+6046e3c3

netavark

1.0.1-38.0.1.module+el8.9.0+90148+6046e3c3

oci-seccomp-bpf-hook

1.2.5-2.module+el8.9.0+90148+6046e3c3

podman

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-catatonit

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-docker

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-gvproxy

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-plugins

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-remote

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

podman-tests

4.0.2-25.0.1.module+el8.9.0+90148+6046e3c3

python3-criu

3.15-3.module+el8.9.0+90148+6046e3c3

python3-podman

4.0.0-2.module+el8.9.0+90148+6046e3c3

runc

1.1.12-1.module+el8.9.0+90148+6046e3c3

skopeo

1.6.2-9.module+el8.9.0+90148+6046e3c3

skopeo-tests

1.6.2-9.module+el8.9.0+90148+6046e3c3

slirp4netns

1.1.8-3.module+el8.9.0+90148+6046e3c3

udica

0.2.6-4.module+el8.9.0+90148+6046e3c3

Связанные CVE

CVE-2024-21626

CVE-2023-45287

Ссылки на источники

Связанные уязвимости

CVE-2023-45287

CVSS3: 7.5

ubuntu

больше 1 года назад

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

CVE-2023-45287

CVSS3: 7.5

nvd

больше 1 года назад

CVE-2023-45287

CVSS3: 7.5

debian

больше 1 года назад

Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...

CVE-2024-21626

CVSS3: 8.6

ubuntu

больше 1 года назад

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

CVE-2024-21626

CVSS3: 8.6

redhat

больше 1 года назад