RLSA-2019:3403

Опубликовано: 05 нояб. 2019

Источник: rocky

Оценка: Important

Описание

Important: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)
containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
oci-systemd-hook	x86_64	2.git2d0b8a3.module+el8.4.0+557+48ba8b2f	oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f.x86_64.rpm
oci-umount	x86_64	2.git87f9237.module+el8.4.0+557+48ba8b2f	oci-umount-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f.x86_64.rpm

Показывать по

Связанные CVE

CVE-2019-10214

CVE-2019-14378

CVE-2019-9946

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=1655211
Red Hat - 1655211
https://bugzilla.redhat.com/show_bug.cgi?id=1661597
Red Hat - 1661597
https://bugzilla.redhat.com/show_bug.cgi?id=1671023
Red Hat - 1671023
https://bugzilla.redhat.com/show_bug.cgi?id=1672581
Red Hat - 1672581
https://bugzilla.redhat.com/show_bug.cgi?id=1674519
Red Hat - 1674519
https://bugzilla.redhat.com/show_bug.cgi?id=1677251
Red Hat - 1677251
https://bugzilla.redhat.com/show_bug.cgi?id=1677264
Red Hat - 1677264
https://bugzilla.redhat.com/show_bug.cgi?id=1689255
Red Hat - 1689255
https://bugzilla.redhat.com/show_bug.cgi?id=1690514
Red Hat - 1690514
https://bugzilla.redhat.com/show_bug.cgi?id=1691543
Red Hat - 1691543
https://bugzilla.redhat.com/show_bug.cgi?id=1692513
Red Hat - 1692513
https://bugzilla.redhat.com/show_bug.cgi?id=1693154
Red Hat - 1693154
https://bugzilla.redhat.com/show_bug.cgi?id=1693424
Red Hat - 1693424
https://bugzilla.redhat.com/show_bug.cgi?id=1707220
Red Hat - 1707220
https://bugzilla.redhat.com/show_bug.cgi?id=1719626
Red Hat - 1719626
https://bugzilla.redhat.com/show_bug.cgi?id=1719994
Red Hat - 1719994
https://bugzilla.redhat.com/show_bug.cgi?id=1720646
Red Hat - 1720646
https://bugzilla.redhat.com/show_bug.cgi?id=1720654
Red Hat - 1720654
https://bugzilla.redhat.com/show_bug.cgi?id=1721247
Red Hat - 1721247
https://bugzilla.redhat.com/show_bug.cgi?id=1721638
Red Hat - 1721638

Связанные уязвимости

RLSA-2019:3494

rocky

больше 5 лет назад

Important: container-tools:1.0 security and bug fix update

ELSA-2019-3494

oracle-oval

больше 5 лет назад

ELSA-2019-3494: container-tools:1.0 security and bug fix update (IMPORTANT)

ELSA-2019-3403

oracle-oval

больше 5 лет назад

ELSA-2019-3403: container-tools:ol8 security, bug fix, and enhancement update (IMPORTANT)

CVE-2019-10214

CVSS3: 5.9

ubuntu

больше 5 лет назад

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

CVE-2019-10214

CVSS3: 6.4

redhat

почти 6 лет назад

exploitDog

RLSA-2019:3403

Описание

Затронутые продукты

Rocky Linux 8: обновленные пакеты

Связанные CVE

Ссылки на источники

Исправления

Связанные уязвимости