Low: container-tools:rhel8 security, bug fix, and enhancement update

2022-11-0800:00:00

errata.almalinux.org

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

3.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

16.3%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

podman: possible information disclosure and modification (CVE-2022-2989)
buildah: possible information disclosure and modification (CVE-2022-2990)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644)
(podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645)
podman kill may deadlock (BZ#2125647)
Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [AlmaLinux 8.7] (BZ#2125648)
containers-common-1-44 is missing RPM-GPG-KEY-AlmaLinux-beta [AlmaLinux 8.7] (BZ#2125686)
ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0] (BZ#2129767)
Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark) (BZ#2130234)
containers config.json gets empty after sudden power loss (BZ#2130236)
PANIC podman API service endpoint handler panic (BZ#2132412)
Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390)
Skopeo push image to AlmaLinux quay with sigstore was failed (BZ#2136406)
Podman push image to AlmaLinux quay with sigstore was failed (BZ#2136433)
Buildah push image to AlmaLinux quay with sigstore was failed (BZ#2136438)
Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) (BZ#2137295)

Enhancement(s):

[RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911)
[RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360)
Podman volume plugin timeout should be configurable (BZ#2132992)

OSVersionArchitecturePackageVersionFilename
almalinux8noarchudica< 0.2.6-3.module_el8.7.0+3344+484dae7budica-0.2.6-3.module_el8.7.0+3344+484dae7b.noarch.rpm
almalinux8noarchcockpit-podman< 53-1.module_el8.7.0+3344+484dae7bcockpit-podman-53-1.module_el8.7.0+3344+484dae7b.noarch.rpm
almalinux8noarchcontainer-selinux< 2.189.0-1.module_el8.7.0+3344+5bcd850fcontainer-selinux-2.189.0-1.module_el8.7.0+3344+5bcd850f.noarch.rpm
almalinux8noarchpython3-podman< 4.2.1-1.module_el8.7.0+3344+484dae7bpython3-podman-4.2.1-1.module_el8.7.0+3344+484dae7b.noarch.rpm
almalinux8x86_64criu-libs< 3.15-3.module_el8.6.0+2751+06427ca3criu-libs-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
almalinux8x86_64fuse-overlayfs< 1.9-1.module_el8.6.0+3070+1510fbd1fuse-overlayfs-1.9-1.module_el8.6.0+3070+1510fbd1.x86_64.rpm
almalinux8x86_64skopeo< 1.9.3-1.module_el8.7.0+3344+484dae7bskopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
almalinux8x86_64libslirp-devel< 4.4.0-1.module_el8.6.0+2877+8e437bf5libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm
almalinux8x86_64containernetworking-plugins< 1.1.1-3.module_el8.6.0+3070+1510fbd1containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.x86_64.rpm
almalinux8x86_64aardvark-dns< 1.1.0-5.module_el8.7.0+3344+484dae7baardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	noarch	udica	< 0.2.6-3.module_el8.7.0+3344+484dae7b	udica-0.2.6-3.module_el8.7.0+3344+484dae7b.noarch.rpm
almalinux	8	noarch	cockpit-podman	< 53-1.module_el8.7.0+3344+484dae7b	cockpit-podman-53-1.module_el8.7.0+3344+484dae7b.noarch.rpm
almalinux	8	noarch	container-selinux	< 2.189.0-1.module_el8.7.0+3344+5bcd850f	container-selinux-2.189.0-1.module_el8.7.0+3344+5bcd850f.noarch.rpm
almalinux	8	noarch	python3-podman	< 4.2.1-1.module_el8.7.0+3344+484dae7b	python3-podman-4.2.1-1.module_el8.7.0+3344+484dae7b.noarch.rpm
almalinux	8	x86_64	criu-libs	< 3.15-3.module_el8.6.0+2751+06427ca3	criu-libs-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
almalinux	8	x86_64	fuse-overlayfs	< 1.9-1.module_el8.6.0+3070+1510fbd1	fuse-overlayfs-1.9-1.module_el8.6.0+3070+1510fbd1.x86_64.rpm
almalinux	8	x86_64	skopeo	< 1.9.3-1.module_el8.7.0+3344+484dae7b	skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
almalinux	8	x86_64	libslirp-devel	< 4.4.0-1.module_el8.6.0+2877+8e437bf5	libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm
almalinux	8	x86_64	containernetworking-plugins	< 1.1.1-3.module_el8.6.0+3070+1510fbd1	containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.x86_64.rpm
almalinux	8	x86_64	aardvark-dns	< 1.1.0-5.module_el8.7.0+3344+484dae7b	aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.x86_64.rpm