Описание
Important: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
psgo: Privilege escalation in 'podman top' (CVE-2022-1227)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)
-
crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)
-
buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 1861760
- Red Hat - 1967642
- Red Hat - 1982164
- Red Hat - 1982784
- Red Hat - 1995900
- Red Hat - 1998835
- Red Hat - 2000914
- Red Hat - 2002721
- Red Hat - 2004993
- Red Hat - 2005972
- Red Hat - 2006678
- Red Hat - 2009047
- Red Hat - 2009296
- Red Hat - 2017266
- Red Hat - 2018949
- Red Hat - 2023112
- Red Hat - 2024229
- Red Hat - 2025336
- Red Hat - 2030599
- Red Hat - 2045880
Связанные уязвимости
ELSA-2022-1762: container-tools:ol8 security, bug fix, and enhancement update (IMPORTANT)
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.