Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:7469

Опубликовано: 08 нояб. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

  • runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
aardvark-dnsx86_6435.module+el8.7.0+1077+0e4f03d4aardvark-dns-1.0.1-35.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
buildahx86_642.module+el8.7.0+1077+0e4f03d4buildah-1.24.5-2.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
buildah-testsx86_642.module+el8.7.0+1077+0e4f03d4buildah-tests-1.24.5-2.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
cockpit-podmannoarch1.module+el8.7.0+1077+0e4f03d4cockpit-podman-46-1.module+el8.7.0+1077+0e4f03d4.noarch.rpm
conmonx86_641.module+el8.7.0+1077+0e4f03d4conmon-2.1.4-1.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
containernetworking-pluginsx86_642.module+el8.7.0+1077+0e4f03d4containernetworking-plugins-1.1.1-2.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
containers-commonx86_6435.module+el8.7.0+1077+0e4f03d4containers-common-1-35.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
container-selinuxnoarch1.module+el8.7.0+1076+9b1c11c1container-selinux-2.189.0-1.module+el8.7.0+1076+9b1c11c1.noarch.rpm
critx86_643.module+el8.7.0+1077+0e4f03d4crit-3.15-3.module+el8.7.0+1077+0e4f03d4.x86_64.rpm
criux86_643.module+el8.7.0+1077+0e4f03d4criu-3.15-3.module+el8.7.0+1077+0e4f03d4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-1708
CVE-2022-27191
CVE-2022-29162

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-7469

oracle-oval
больше 2 лет назад

ELSA-2022-7469: container-tools:4.0 security and bug fix update (MODERATE)

rocky логотип

RLSA-2022:7457

rocky
больше 2 лет назад

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

oracle-oval логотип

ELSA-2022-7457

oracle-oval
больше 2 лет назад

ELSA-2022-7457: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2022-1708

CVSS3: 7.5
ubuntu
около 3 лет назад

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

redhat логотип

CVE-2022-1708

CVSS3: 6.8
redhat
около 3 лет назад

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.