Описание
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1707078
- Red Hat - 1724946
- Red Hat - 1726442
- Red Hat - 1763007
- Red Hat - 1770037
- Red Hat - 1798278
- Red Hat - 1811773
- Red Hat - 1838233
- Red Hat - 1841485
- Red Hat - 1844199
- Red Hat - 1853455
- Red Hat - 1860176
- Red Hat - 1867892
- Red Hat - 1881894
- Red Hat - 1897282
- Red Hat - 1897594
- Red Hat - 1902979
- Red Hat - 1903813
- Red Hat - 1904549
- Red Hat - 1908883
Связанные уязвимости
ELSA-2021-1796: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...