7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.007 Low
EPSS
Percentile
80.2%
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
buildah: possible information disclosure and modification (CVE-2022-2990)
runc: incorrect handling of inheritable capabilities (CVE-2022-29162)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=1820551
bugzilla.redhat.com/show_bug.cgi?id=1941727
bugzilla.redhat.com/show_bug.cgi?id=1945929
bugzilla.redhat.com/show_bug.cgi?id=1974423
bugzilla.redhat.com/show_bug.cgi?id=1995656
bugzilla.redhat.com/show_bug.cgi?id=1996050
bugzilla.redhat.com/show_bug.cgi?id=2005866
bugzilla.redhat.com/show_bug.cgi?id=2009264
bugzilla.redhat.com/show_bug.cgi?id=2009346
bugzilla.redhat.com/show_bug.cgi?id=2024938
bugzilla.redhat.com/show_bug.cgi?id=2027662
bugzilla.redhat.com/show_bug.cgi?id=2028408
bugzilla.redhat.com/show_bug.cgi?id=2030195
bugzilla.redhat.com/show_bug.cgi?id=2039045
bugzilla.redhat.com/show_bug.cgi?id=2052697
bugzilla.redhat.com/show_bug.cgi?id=2053990
bugzilla.redhat.com/show_bug.cgi?id=2055313
bugzilla.redhat.com/show_bug.cgi?id=2059666
bugzilla.redhat.com/show_bug.cgi?id=2062697
bugzilla.redhat.com/show_bug.cgi?id=2064702
bugzilla.redhat.com/show_bug.cgi?id=2066145
bugzilla.redhat.com/show_bug.cgi?id=2068006
bugzilla.redhat.com/show_bug.cgi?id=2072452
bugzilla.redhat.com/show_bug.cgi?id=2073958
bugzilla.redhat.com/show_bug.cgi?id=2078925
bugzilla.redhat.com/show_bug.cgi?id=2079759
bugzilla.redhat.com/show_bug.cgi?id=2079761
bugzilla.redhat.com/show_bug.cgi?id=2081836
bugzilla.redhat.com/show_bug.cgi?id=2083570
bugzilla.redhat.com/show_bug.cgi?id=2083997
bugzilla.redhat.com/show_bug.cgi?id=2085361
bugzilla.redhat.com/show_bug.cgi?id=2086398
bugzilla.redhat.com/show_bug.cgi?id=2086757
bugzilla.redhat.com/show_bug.cgi?id=2090609
bugzilla.redhat.com/show_bug.cgi?id=2090920
bugzilla.redhat.com/show_bug.cgi?id=2093079
bugzilla.redhat.com/show_bug.cgi?id=2094610
bugzilla.redhat.com/show_bug.cgi?id=2094875
bugzilla.redhat.com/show_bug.cgi?id=2095097
bugzilla.redhat.com/show_bug.cgi?id=2096264
bugzilla.redhat.com/show_bug.cgi?id=2097865
bugzilla.redhat.com/show_bug.cgi?id=2100740
bugzilla.redhat.com/show_bug.cgi?id=2102140
bugzilla.redhat.com/show_bug.cgi?id=2102361
bugzilla.redhat.com/show_bug.cgi?id=2102381
bugzilla.redhat.com/show_bug.cgi?id=2113941
bugzilla.redhat.com/show_bug.cgi?id=2117699
bugzilla.redhat.com/show_bug.cgi?id=2117928
bugzilla.redhat.com/show_bug.cgi?id=2118231
bugzilla.redhat.com/show_bug.cgi?id=2119072
bugzilla.redhat.com/show_bug.cgi?id=2120651
bugzilla.redhat.com/show_bug.cgi?id=2121453
errata.rockylinux.org/RLSA-2022:7457
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.007 Low
EPSS
Percentile
80.2%