Lucene search

K
almalinuxAlmaLinuxALSA-2019:4273
HistoryDec 17, 2019 - 9:20 a.m.

Important: container-tools:1.0 security update

2019-12-1709:20:02
errata.almalinux.org
21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.154 Low

EPSS

Percentile

95.7%

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64containers-common< 0.1.32-6.git1715c90.module_el8.4.0+2478+12421f43containers-common-0.1.32-6.git1715c90.module_el8.4.0+2478+12421f43.x86_64.rpm
almalinux8x86_64containernetworking-plugins< 0.7.4-4.git9ebe139.module_el8.3.0+2044+12421f43containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.3.0+2044+12421f43.x86_64.rpm
almalinux8x86_64runc< 1.0.0-56.rc5.dev.git2abd837.module_el8.3.0+2044+12421f43runc-1.0.0-56.rc5.dev.git2abd837.module_el8.3.0+2044+12421f43.x86_64.rpm
almalinux8x86_64fuse-overlayfs< 0.3-5.module_el8.3.0+2044+12421f43fuse-overlayfs-0.3-5.module_el8.3.0+2044+12421f43.x86_64.rpm
almalinux8x86_64oci-umount< 2.3.4-2.git87f9237.module_el8.3.0+2044+12421f43oci-umount-2.3.4-2.git87f9237.module_el8.3.0+2044+12421f43.x86_64.rpm
almalinux8x86_64oci-systemd-hook< 0.1.15-2.git2d0b8a3.module_el8.3.0+2044+12421f43oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.3.0+2044+12421f43.x86_64.rpm
almalinux8x86_64skopeo< 0.1.32-6.git1715c90.module_el8.4.0+2478+12421f43skopeo-0.1.32-6.git1715c90.module_el8.4.0+2478+12421f43.x86_64.rpm
almalinux8aarch64skopeo< 0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43skopeo-0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43.aarch64.rpm
almalinux8aarch64oci-umount< 2.3.4-2.git87f9237.module_el8.4.0+2496+12421f43oci-umount-2.3.4-2.git87f9237.module_el8.4.0+2496+12421f43.aarch64.rpm
almalinux8aarch64containernetworking-plugins< 0.7.4-4.git9ebe139.module_el8.4.0+2496+12421f43containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.4.0+2496+12421f43.aarch64.rpm
Rows per page:
1-10 of 211

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.154 Low

EPSS

Percentile

95.7%