Описание
ELSA-2025-9142: container-tools:ol8 security update (MODERATE)
aardvark-dns buildah [2:1.33.12-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/cf49e7c)
- fixes 'CVE-2025-22871 container-tools:rhel8/buildah: Request smuggling due to acceptance of invalid chunked data in net/http [rhel-8.10.z]'
- Resolves: RHEL-89239
cockpit-podman conmon containernetworking-plugins [1:1.4.0-6]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89244
containers-common [1-82.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)
container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman [4.9.4-20.0.1]
- Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813]
- Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36756665]
python-podman runc skopeo [2:1.14.5-4]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89254
slirp4netns udica
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:ol8 is enabled
aardvark-dns
1.10.1-2.module+el8.10.0+90618+4905d84b
buildah
1.33.12-2.module+el8.10.0+90618+4905d84b
buildah-tests
1.33.12-2.module+el8.10.0+90618+4905d84b
cockpit-podman
84.1-1.module+el8.10.0+90618+4905d84b
conmon
2.1.10-1.module+el8.10.0+90618+4905d84b
container-selinux
2.229.0-2.module+el8.10.0+90618+4905d84b
containernetworking-plugins
1.4.0-6.module+el8.10.0+90618+4905d84b
containers-common
1-82.0.1.module+el8.10.0+90618+4905d84b
crit
3.18-5.module+el8.10.0+90618+4905d84b
criu
3.18-5.module+el8.10.0+90618+4905d84b
criu-devel
3.18-5.module+el8.10.0+90618+4905d84b
criu-libs
3.18-5.module+el8.10.0+90618+4905d84b
crun
1.14.3-2.module+el8.10.0+90618+4905d84b
fuse-overlayfs
1.13-1.module+el8.10.0+90618+4905d84b
libslirp
4.4.0-2.module+el8.10.0+90618+4905d84b
libslirp-devel
4.4.0-2.module+el8.10.0+90618+4905d84b
netavark
1.10.3-1.module+el8.10.0+90618+4905d84b
oci-seccomp-bpf-hook
1.2.10-1.module+el8.10.0+90618+4905d84b
podman
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-catatonit
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-docker
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-gvproxy
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-plugins
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-remote
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-tests
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
python3-criu
3.18-5.module+el8.10.0+90618+4905d84b
python3-podman
4.9.0-3.module+el8.10.0+90618+4905d84b
runc
1.1.12-6.module+el8.10.0+90618+4905d84b
skopeo
1.14.5-4.module+el8.10.0+90618+4905d84b
skopeo-tests
1.14.5-4.module+el8.10.0+90618+4905d84b
slirp4netns
1.2.3-1.module+el8.10.0+90618+4905d84b
udica
0.2.6-21.module+el8.10.0+90618+4905d84b
Oracle Linux x86_64
Module container-tools:ol8 is enabled
aardvark-dns
1.10.1-2.module+el8.10.0+90618+4905d84b
buildah
1.33.12-2.module+el8.10.0+90618+4905d84b
buildah-tests
1.33.12-2.module+el8.10.0+90618+4905d84b
cockpit-podman
84.1-1.module+el8.10.0+90618+4905d84b
conmon
2.1.10-1.module+el8.10.0+90618+4905d84b
container-selinux
2.229.0-2.module+el8.10.0+90618+4905d84b
containernetworking-plugins
1.4.0-6.module+el8.10.0+90618+4905d84b
containers-common
1-82.0.1.module+el8.10.0+90618+4905d84b
crit
3.18-5.module+el8.10.0+90618+4905d84b
criu
3.18-5.module+el8.10.0+90618+4905d84b
criu-devel
3.18-5.module+el8.10.0+90618+4905d84b
criu-libs
3.18-5.module+el8.10.0+90618+4905d84b
crun
1.14.3-2.module+el8.10.0+90618+4905d84b
fuse-overlayfs
1.13-1.module+el8.10.0+90618+4905d84b
libslirp
4.4.0-2.module+el8.10.0+90618+4905d84b
libslirp-devel
4.4.0-2.module+el8.10.0+90618+4905d84b
netavark
1.10.3-1.module+el8.10.0+90618+4905d84b
oci-seccomp-bpf-hook
1.2.10-1.module+el8.10.0+90618+4905d84b
podman
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-catatonit
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-docker
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-gvproxy
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-plugins
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-remote
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
podman-tests
4.9.4-20.0.1.module+el8.10.0+90618+4905d84b
python3-criu
3.18-5.module+el8.10.0+90618+4905d84b
python3-podman
4.9.0-3.module+el8.10.0+90618+4905d84b
runc
1.1.12-6.module+el8.10.0+90618+4905d84b
skopeo
1.14.5-4.module+el8.10.0+90618+4905d84b
skopeo-tests
1.14.5-4.module+el8.10.0+90618+4905d84b
slirp4netns
1.2.3-1.module+el8.10.0+90618+4905d84b
udica
0.2.6-21.module+el8.10.0+90618+4905d84b
Связанные CVE
Связанные уязвимости
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator ...