Описание
Low: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
podman: possible information disclosure and modification (CVE-2022-2989)
-
buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644)
-
(podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645)
-
podman kill may deadlock (BZ#2125647)
-
Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [Rocky Linux 8.7] (BZ#2125648)
-
containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [Rocky Linux 8.7] (BZ#2125686)
-
ADD Dockerfile reference is not validating HTTP status code [Rocky Linux8-8.7.0] (BZ#2129767)
-
Two aardvark-dns instances trying to use the same port on the same interface. [Rocky Linux-8.7.0.z] (netavark) (BZ#2130234)
-
containers config.json gets empty after sudden power loss (BZ#2130236)
-
PANIC podman API service endpoint handler panic (BZ#2132412)
-
Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390)
-
Skopeo push image to redhat quay with sigstore was failed (BZ#2136406)
-
Podman push image to redhat quay with sigstore was failed (BZ#2136433)
-
Buildah push image to redhat quay with sigstore was failed (BZ#2136438)
-
Two aardvark-dns instances trying to use the same port on the same interface. [Rocky Linux-8.8] (aardvark-dns) (BZ#2137295)
Enhancement(s):
-
[RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911)
-
[RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360)
-
Podman volume plugin timeout should be configurable (BZ#2132992)
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 2121445
- Red Hat - 2121453
- Red Hat - 2125644
- Red Hat - 2125645
- Red Hat - 2125647
- Red Hat - 2125648
- Red Hat - 2125686
- Red Hat - 2129767
- Red Hat - 2130234
- Red Hat - 2130236
- Red Hat - 2130911
- Red Hat - 2132360
- Red Hat - 2132412
- Red Hat - 2132992
- Red Hat - 2133390
- Red Hat - 2136406
- Red Hat - 2136433
- Red Hat - 2136438
- Red Hat - 2137295
Связанные уязвимости
ELSA-2022-8431: podman security, bug fix, and enhancement update (LOW)
ELSA-2022-7822: container-tools:ol8 security, bug fix, and enhancement update (LOW)
ELSA-2022-8008: buildah security and bug fix update (MODERATE)
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.