container-tools:3.0 security update

2021-06-1400:00:00

linux.oracle.com

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

buildah
[1.19.7-1.0.1]

Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
[1.19.7-1]
update to the latest content of https://github.com/containers/buildah/tree/release-1.19
(https://github.com/containers/buildah/commit/a2854ed)
Resolves: #1935376
cockpit-podman
[29-2]
fix gating test failure for cockpit-podman
Related: #1914884
[29-1]
update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29
Related: #1883490
conmon
[2:2.0.26-1]
update to https://github.com/containers/conmon/releases/tag/v2.0.26
Related: #1883490
containernetworking-plugins
[0.9.1-1]
update to https://github.com/containernetworking/plugins/releases/tag/v0.9.1
Related: #1883490
container-selinux
[2:2.158.0-1]
update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
Related: #1883490
criu
[3.15-1]
update to https://github.com/checkpoint-restore/criu/releases/tag/v3.15
Related: #1883490
crun
[0.18-2]
allow to build without glibc-static (thanks to Giuseppe Scrivano)
Related: #1883490
fuse-overlayfs
[1.4.0-2]
disable openat2 syscall again - still unsupported in current RHEL8 kernel
Related: #1883490
[1.4.0-1]
update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0
Related: #1883490
oci-seccomp-bpf-hook
[1.2.0-1]
revert back to 1.2.0 - build issues
Related: #1883490
[1.2.1-1]
update to
https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
require crun >= 0.17
Related: #1883490
podman
[3.0.1-6.0.1]
Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
[3.0.1-6]
update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/ad1aaba)
Resolves: #1921128
Resolves: #1936927
Resolves: #1938234
runc
[1.0.0-71.rc92]
fix CVE-2021-30465
Related: #1955655
[1.0.0-70.rc92]
add missing Provides: oci-runtime = 1
Related: #1883490
[1.0.0-69.rc92]
still use ExcludeArch as go_arches macro is broken for 8.4
Related: #1883490
[1.0.0-68.rc92]
update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
Related: #1821193
skopeo
[1.2.2-7.0.1]
Ignore rhel-shortnames.conf [JIRA: OLDIS-3902]
Temporarily update shortnames.conf for oraclelinux to point to docker [JIRA: OLDIS-3902]
Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
Add oracle registry into the conf file [Orabug: 29845934 31306708]
[1:1.2.2-7]
use runc as default OCI runtime in RHEL8
Resolves: #1940854
slirp4netns
[1.1.8-1]
update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
Related: #1883490
udica
[0.2.4-1]
update to https://github.com/containers/udica/releases/tag/v0.2.4
Related: #1883490

OSVersionArchitecturePackageVersionFilename
oracle linux8srcbuildah< 1.19.7-1.0.1.modulebuildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srccockpit-podman< 29-2.modulecockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srcconmon< 2.0.26-1.moduleconmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srccontainer-selinux< 2.158.0-1.modulecontainer-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srccontainernetworking-plugins< 0.9.1-1.modulecontainernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srccriu< 3.15-1.modulecriu-3.15-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srccrun< 0.18-2.modulecrun-0.18-2.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srcfuse-overlayfs< 1.4.0-2.modulefuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srclibslirp< 4.3.1-1.modulelibslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux8srcoci-seccomp-bpf-hook< 1.2.0-1.moduleoci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	8	src	buildah	< 1.19.7-1.0.1.module	buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	cockpit-podman	< 29-2.module	cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	conmon	< 2.0.26-1.module	conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	container-selinux	< 2.158.0-1.module	container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	containernetworking-plugins	< 0.9.1-1.module	containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	criu	< 3.15-1.module	criu-3.15-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	crun	< 0.18-2.module	crun-0.18-2.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	fuse-overlayfs	< 1.4.0-2.module	fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	libslirp	< 4.3.1-1.module	libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm
oracle linux	8	src	oci-seccomp-bpf-hook	< 1.2.0-1.module	oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm