ELSA-2024-0752

Опубликовано: 14 фев. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-0752: container-tools:ol8 security update (IMPORTANT)

aardvark-dns buildah [1:1.31.3-3.0.1]

Rebuild with newer dependencies

cockpit-podman conmon containernetworking-plugins [1:1.3.0-8.0.1]

Rebuild with newer dependencies

containers-common [2:1-70.0.2]

Rebuild with newer dependencies

container-selinux criu crun fuse-overlayfs libslirp netavark [2:1.7.0-2]

update to https://github.com/containers/netavark/releases/tag/v1.7.0-rhel

oci-seccomp-bpf-hook podman [3:4.6.1-8.0.1]

update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel

python-podman [4.6.0-2.0.1]

Rebuild with newer dependencies

runc [1:1.1.12-1]

update to https://github.com/opencontainers/runc/releases/tag/v1.1.12
Related: Jira:RHEL-2110

[1:1.1.11-1]

update to https://github.com/opencontainers/runc/releases/tag/v1.1.11
Related: Jira:RHEL-2110

[1:1.1.10-1]

update to https://github.com/opencontainers/runc/releases/tag/v1.1.10
require container-selinux >= 2.224.0 for dmz feature
Related: Jira:RHEL-2110

skopeo [2:1.13.3-3.0.1]

Rebuild with newer dependencies

slirp4netns udica

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module container-tools:ol8 is enabled

aardvark-dns

1.7.0-1.module+el8.9.0+90147+a4870853

buildah

1.31.3-3.0.1.module+el8.9.0+90147+a4870853

buildah-tests

1.31.3-3.0.1.module+el8.9.0+90147+a4870853

cockpit-podman

75-1.module+el8.9.0+90147+a4870853

conmon

2.1.8-1.module+el8.9.0+90147+a4870853

container-selinux

2.221.0-1.module+el8.9.0+90147+a4870853

containernetworking-plugins

1.3.0-8.0.1.module+el8.9.0+90147+a4870853

containers-common

1-70.0.2.module+el8.9.0+90147+a4870853

crit

3.18-4.module+el8.9.0+90147+a4870853

criu

3.18-4.module+el8.9.0+90147+a4870853

criu-devel

3.18-4.module+el8.9.0+90147+a4870853

criu-libs

3.18-4.module+el8.9.0+90147+a4870853

crun

1.8.7-1.module+el8.9.0+90147+a4870853

fuse-overlayfs

1.12-1.module+el8.9.0+90147+a4870853

libslirp

4.4.0-1.module+el8.9.0+90147+a4870853

libslirp-devel

4.4.0-1.module+el8.9.0+90147+a4870853

netavark

1.7.0-2.module+el8.9.0+90147+a4870853

oci-seccomp-bpf-hook

1.2.9-1.module+el8.9.0+90147+a4870853

podman

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-catatonit

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-docker

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-gvproxy

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-plugins

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-remote

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-tests

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

python3-criu

3.18-4.module+el8.9.0+90147+a4870853

python3-podman

4.6.0-2.0.1.module+el8.9.0+90147+a4870853

runc

1.1.12-1.module+el8.9.0+90147+a4870853

skopeo

1.13.3-3.0.1.module+el8.9.0+90147+a4870853

skopeo-tests

1.13.3-3.0.1.module+el8.9.0+90147+a4870853

slirp4netns

1.2.1-1.module+el8.9.0+90147+a4870853

udica

0.2.6-20.module+el8.9.0+90147+a4870853

Oracle Linux x86_64

Module container-tools:ol8 is enabled

aardvark-dns

1.7.0-1.module+el8.9.0+90147+a4870853

buildah

1.31.3-3.0.1.module+el8.9.0+90147+a4870853

buildah-tests

1.31.3-3.0.1.module+el8.9.0+90147+a4870853

cockpit-podman

75-1.module+el8.9.0+90147+a4870853

conmon

2.1.8-1.module+el8.9.0+90147+a4870853

container-selinux

2.221.0-1.module+el8.9.0+90147+a4870853

containernetworking-plugins

1.3.0-8.0.1.module+el8.9.0+90147+a4870853

containers-common

1-70.0.2.module+el8.9.0+90147+a4870853

crit

3.18-4.module+el8.9.0+90147+a4870853

criu

3.18-4.module+el8.9.0+90147+a4870853

criu-devel

3.18-4.module+el8.9.0+90147+a4870853

criu-libs

3.18-4.module+el8.9.0+90147+a4870853

crun

1.8.7-1.module+el8.9.0+90147+a4870853

fuse-overlayfs

1.12-1.module+el8.9.0+90147+a4870853

libslirp

4.4.0-1.module+el8.9.0+90147+a4870853

libslirp-devel

4.4.0-1.module+el8.9.0+90147+a4870853

netavark

1.7.0-2.module+el8.9.0+90147+a4870853

oci-seccomp-bpf-hook

1.2.9-1.module+el8.9.0+90147+a4870853

podman

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-catatonit

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-docker

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-gvproxy

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-plugins

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-remote

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

podman-tests

4.6.1-8.0.1.module+el8.9.0+90147+a4870853

python3-criu

3.18-4.module+el8.9.0+90147+a4870853

python3-podman

4.6.0-2.0.1.module+el8.9.0+90147+a4870853

runc

1.1.12-1.module+el8.9.0+90147+a4870853

skopeo

1.13.3-3.0.1.module+el8.9.0+90147+a4870853

skopeo-tests

1.13.3-3.0.1.module+el8.9.0+90147+a4870853

slirp4netns

1.2.1-1.module+el8.9.0+90147+a4870853

udica

0.2.6-20.module+el8.9.0+90147+a4870853

Связанные CVE

CVE-2024-21626

Ссылки на источники

Связанные уязвимости

CVE-2024-21626

CVSS3: 8.6

ubuntu

больше 1 года назад

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.