Описание
ELSA-2024-2098: container-tools:ol8 security and bug fix update (IMPORTANT)
aardvark-dns buildah [1:1.31.5-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.31 (https://github.com/containers/buildah/commit/5fd539c)
- Resolves: RHEL-26772
[1:1.31.3-3]
- Make the module buildable again
- Resolves: RHEL-16299
[1:1.31.3-2]
- Rebuild with golang 1.20.10 for CVE-2023-39321
- Related: Jira:RHEL-4512
cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman python-podman runc skopeo slirp4netns udica
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
aardvark-dns
1.7.0-1.module+el8.9.0+90281+a2e5717b
buildah
1.31.5-1.module+el8.9.0+90314+83d0cf83
buildah-tests
1.31.5-1.module+el8.9.0+90314+83d0cf83
cockpit-podman
75-1.module+el8.9.0+90281+a2e5717b
conmon
2.1.8-1.module+el8.9.0+90281+a2e5717b
container-selinux
2.229.0-1.module+el8.9.0+90281+a2e5717b
containernetworking-plugins
1.3.0-8.0.1.module+el8.9.0+90281+a2e5717b
containers-common
1-71.0.1.module+el8.9.0+90281+a2e5717b
crit
3.18-4.module+el8.9.0+90281+a2e5717b
criu
3.18-4.module+el8.9.0+90281+a2e5717b
criu-devel
3.18-4.module+el8.9.0+90281+a2e5717b
criu-libs
3.18-4.module+el8.9.0+90281+a2e5717b
crun
1.8.7-1.module+el8.9.0+90281+a2e5717b
fuse-overlayfs
1.12-1.module+el8.9.0+90281+a2e5717b
libslirp
4.4.0-1.module+el8.9.0+90281+a2e5717b
libslirp-devel
4.4.0-1.module+el8.9.0+90281+a2e5717b
netavark
1.7.0-2.module+el8.9.0+90281+a2e5717b
oci-seccomp-bpf-hook
1.2.9-1.module+el8.9.0+90281+a2e5717b
podman
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-catatonit
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-docker
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-gvproxy
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-plugins
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-remote
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-tests
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
python3-criu
3.18-4.module+el8.9.0+90281+a2e5717b
python3-podman
4.6.0-2.0.1.module+el8.9.0+90281+a2e5717b
runc
1.1.12-1.module+el8.9.0+90281+a2e5717b
skopeo
1.13.3-3.0.1.module+el8.9.0+90281+a2e5717b
skopeo-tests
1.13.3-3.0.1.module+el8.9.0+90281+a2e5717b
slirp4netns
1.2.1-1.module+el8.9.0+90281+a2e5717b
udica
0.2.6-20.module+el8.9.0+90281+a2e5717b
Oracle Linux x86_64
Module container-tools:ol8 is enabled
aardvark-dns
1.7.0-1.module+el8.9.0+90281+a2e5717b
buildah
1.31.5-1.module+el8.9.0+90314+83d0cf83
buildah-tests
1.31.5-1.module+el8.9.0+90314+83d0cf83
cockpit-podman
75-1.module+el8.9.0+90281+a2e5717b
conmon
2.1.8-1.module+el8.9.0+90281+a2e5717b
container-selinux
2.229.0-1.module+el8.9.0+90281+a2e5717b
containernetworking-plugins
1.3.0-8.0.1.module+el8.9.0+90281+a2e5717b
containers-common
1-71.0.1.module+el8.9.0+90281+a2e5717b
crit
3.18-4.module+el8.9.0+90281+a2e5717b
criu
3.18-4.module+el8.9.0+90281+a2e5717b
criu-devel
3.18-4.module+el8.9.0+90281+a2e5717b
criu-libs
3.18-4.module+el8.9.0+90281+a2e5717b
crun
1.8.7-1.module+el8.9.0+90281+a2e5717b
fuse-overlayfs
1.12-1.module+el8.9.0+90281+a2e5717b
libslirp
4.4.0-1.module+el8.9.0+90281+a2e5717b
libslirp-devel
4.4.0-1.module+el8.9.0+90281+a2e5717b
netavark
1.7.0-2.module+el8.9.0+90281+a2e5717b
oci-seccomp-bpf-hook
1.2.9-1.module+el8.9.0+90281+a2e5717b
podman
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-catatonit
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-docker
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-gvproxy
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-plugins
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-remote
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
podman-tests
4.6.1-9.0.1.module+el8.9.0+90314+83d0cf83
python3-criu
3.18-4.module+el8.9.0+90281+a2e5717b
python3-podman
4.6.0-2.0.1.module+el8.9.0+90281+a2e5717b
runc
1.1.12-1.module+el8.9.0+90281+a2e5717b
skopeo
1.13.3-3.0.1.module+el8.9.0+90281+a2e5717b
skopeo-tests
1.13.3-3.0.1.module+el8.9.0+90281+a2e5717b
slirp4netns
1.2.1-1.module+el8.9.0+90281+a2e5717b
udica
0.2.6-20.module+el8.9.0+90281+a2e5717b
Связанные CVE
Связанные уязвимости
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allo ...