Описание
Important: container-tools:1.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)
-
containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1700877
- Red Hat - 1732508
- Red Hat - 1734745
Связанные уязвимости
ELSA-2019-3494: container-tools:1.0 security and bug fix update (IMPORTANT)
ELSA-2019-3403: container-tools:ol8 security, bug fix, and enhancement update (IMPORTANT)
Important: container-tools:rhel8 security, bug fix, and enhancement update
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.