The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

The containers/image library used by the container tools Podman, Build ...

Security update for skopeo

Security update for skopeo

Security update for podman

Security update for skopeo

Security update for buildah

Security update for skopeo

Security update for podman

Security update for buildah

Security update for skopeo

containers/image library Insufficiently Protects Credentials

Security update for buildah, libcontainers-common, podman

Security update for buildah

Security update for buildah

Important: container-tools:1.0 security and bug fix update

ELSA-2019-3494: container-tools:1.0 security and bug fix update (IMPORTANT)

ELSA-2019-3403: container-tools:ol8 security, bug fix, and enhancement update (IMPORTANT)