Описание
ELSA-2024-2084: container-tools:4.0 security update (IMPORTANT)
buildah [1.24.7-1]
- bump to v1.24.7
- Resolves: RHEL-26767
cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman python-podman runc [1.1.12-1.0.1]
- rebuild with golang 1.20.12 for CVE-2023-39326
skopeo slirp4netns udica
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:4.0 is enabled
aardvark-dns
1.0.1-38.0.1.module+el8.9.0+90313+1336f051
buildah
1.24.7-1.module+el8.9.0+90313+1336f051
buildah-tests
1.24.7-1.module+el8.9.0+90313+1336f051
cockpit-podman
46-1.module+el8.9.0+90313+1336f051
conmon
2.1.4-2.module+el8.9.0+90313+1336f051
container-selinux
2.205.0-3.module+el8.9.0+90313+1336f051
containernetworking-plugins
1.1.1-6.module+el8.9.0+90313+1336f051
containers-common
1-38.0.1.module+el8.9.0+90313+1336f051
crit
3.15-3.module+el8.9.0+90313+1336f051
criu
3.15-3.module+el8.9.0+90313+1336f051
criu-devel
3.15-3.module+el8.9.0+90313+1336f051
criu-libs
3.15-3.module+el8.9.0+90313+1336f051
crun
1.8.7-1.module+el8.9.0+90313+1336f051
fuse-overlayfs
1.9-2.module+el8.9.0+90313+1336f051
libslirp
4.4.0-1.module+el8.9.0+90313+1336f051
libslirp-devel
4.4.0-1.module+el8.9.0+90313+1336f051
netavark
1.0.1-38.0.1.module+el8.9.0+90313+1336f051
oci-seccomp-bpf-hook
1.2.5-2.module+el8.9.0+90313+1336f051
podman
4.0.2-26.module+el8.9.0+90313+1336f051
podman-catatonit
4.0.2-26.module+el8.9.0+90313+1336f051
podman-docker
4.0.2-26.module+el8.9.0+90313+1336f051
podman-gvproxy
4.0.2-26.module+el8.9.0+90313+1336f051
podman-plugins
4.0.2-26.module+el8.9.0+90313+1336f051
podman-remote
4.0.2-26.module+el8.9.0+90313+1336f051
podman-tests
4.0.2-26.module+el8.9.0+90313+1336f051
python3-criu
3.15-3.module+el8.9.0+90313+1336f051
python3-podman
4.0.0-2.module+el8.9.0+90313+1336f051
runc
1.1.12-1.0.1.module+el8.9.0+90313+1336f051
skopeo
1.6.2-9.module+el8.9.0+90313+1336f051
skopeo-tests
1.6.2-9.module+el8.9.0+90313+1336f051
slirp4netns
1.1.8-3.module+el8.9.0+90313+1336f051
udica
0.2.6-4.module+el8.9.0+90313+1336f051
Oracle Linux x86_64
Module container-tools:4.0 is enabled
aardvark-dns
1.0.1-38.0.1.module+el8.9.0+90313+1336f051
buildah
1.24.7-1.module+el8.9.0+90313+1336f051
buildah-tests
1.24.7-1.module+el8.9.0+90313+1336f051
cockpit-podman
46-1.module+el8.9.0+90313+1336f051
conmon
2.1.4-2.module+el8.9.0+90313+1336f051
container-selinux
2.205.0-3.module+el8.9.0+90313+1336f051
containernetworking-plugins
1.1.1-6.module+el8.9.0+90313+1336f051
containers-common
1-38.0.1.module+el8.9.0+90313+1336f051
crit
3.15-3.module+el8.9.0+90313+1336f051
criu
3.15-3.module+el8.9.0+90313+1336f051
criu-devel
3.15-3.module+el8.9.0+90313+1336f051
criu-libs
3.15-3.module+el8.9.0+90313+1336f051
crun
1.8.7-1.module+el8.9.0+90313+1336f051
fuse-overlayfs
1.9-2.module+el8.9.0+90313+1336f051
libslirp
4.4.0-1.module+el8.9.0+90313+1336f051
libslirp-devel
4.4.0-1.module+el8.9.0+90313+1336f051
netavark
1.0.1-38.0.1.module+el8.9.0+90313+1336f051
oci-seccomp-bpf-hook
1.2.5-2.module+el8.9.0+90313+1336f051
podman
4.0.2-26.module+el8.9.0+90313+1336f051
podman-catatonit
4.0.2-26.module+el8.9.0+90313+1336f051
podman-docker
4.0.2-26.module+el8.9.0+90313+1336f051
podman-gvproxy
4.0.2-26.module+el8.9.0+90313+1336f051
podman-plugins
4.0.2-26.module+el8.9.0+90313+1336f051
podman-remote
4.0.2-26.module+el8.9.0+90313+1336f051
podman-tests
4.0.2-26.module+el8.9.0+90313+1336f051
python3-criu
3.15-3.module+el8.9.0+90313+1336f051
python3-podman
4.0.0-2.module+el8.9.0+90313+1336f051
runc
1.1.12-1.0.1.module+el8.9.0+90313+1336f051
skopeo
1.6.2-9.module+el8.9.0+90313+1336f051
skopeo-tests
1.6.2-9.module+el8.9.0+90313+1336f051
slirp4netns
1.1.8-3.module+el8.9.0+90313+1336f051
udica
0.2.6-4.module+el8.9.0+90313+1336f051
Связанные CVE
Связанные уязвимости
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allo ...