(RHSA-2020:1931) Important: container-tools:2.0 security update

2020-04-2816:07:22

access.redhat.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.7%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64criu< 3.12-9.module+el8.2.0+6369+1f4293b4criu-3.12-9.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHatanyppc64lebuildah-tests-debuginfo< 1.11.6-7.module+el8.2.0+6369+1f4293b4buildah-tests-debuginfo-1.11.6-7.module+el8.2.0+6369+1f4293b4.ppc64le.rpm
RedHatanyx86_64fuse-overlayfs< 0.7.2-5.module+el8.2.0+6369+1f4293b4fuse-overlayfs-0.7.2-5.module+el8.2.0+6369+1f4293b4.x86_64.rpm
RedHatanyaarch64podman-remote< 1.6.4-11.module+el8.2.0+6369+1f4293b4podman-remote-1.6.4-11.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHatanyx86_64runc< 1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4runc-1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4.x86_64.rpm
RedHatanyaarch64podman-tests< 1.6.4-11.module+el8.2.0+6369+1f4293b4podman-tests-1.6.4-11.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHatanyppc64lecontainers-common< 0.1.40-9.module+el8.2.0+6373+4950d421containers-common-0.1.40-9.module+el8.2.0+6373+4950d421.ppc64le.rpm
RedHatanyaarch64runc< 1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4runc-1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHatanynoarchcockpit-podman< 11-1.module+el8.2.0+6369+1f4293b4cockpit-podman-11-1.module+el8.2.0+6369+1f4293b4.noarch.rpm
RedHatanys390xcrit< 3.12-9.module+el8.2.0+6369+1f4293b4crit-3.12-9.module+el8.2.0+6369+1f4293b4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	criu	< 3.12-9.module+el8.2.0+6369+1f4293b4	criu-3.12-9.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHat	any	ppc64le	buildah-tests-debuginfo	< 1.11.6-7.module+el8.2.0+6369+1f4293b4	buildah-tests-debuginfo-1.11.6-7.module+el8.2.0+6369+1f4293b4.ppc64le.rpm
RedHat	any	x86_64	fuse-overlayfs	< 0.7.2-5.module+el8.2.0+6369+1f4293b4	fuse-overlayfs-0.7.2-5.module+el8.2.0+6369+1f4293b4.x86_64.rpm
RedHat	any	aarch64	podman-remote	< 1.6.4-11.module+el8.2.0+6369+1f4293b4	podman-remote-1.6.4-11.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHat	any	x86_64	runc	< 1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4	runc-1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4.x86_64.rpm
RedHat	any	aarch64	podman-tests	< 1.6.4-11.module+el8.2.0+6369+1f4293b4	podman-tests-1.6.4-11.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHat	any	ppc64le	containers-common	< 0.1.40-9.module+el8.2.0+6373+4950d421	containers-common-0.1.40-9.module+el8.2.0+6373+4950d421.ppc64le.rpm
RedHat	any	aarch64	runc	< 1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4	runc-1.0.0-64.rc10.module+el8.2.0+6369+1f4293b4.aarch64.rpm
RedHat	any	noarch	cockpit-podman	< 11-1.module+el8.2.0+6369+1f4293b4	cockpit-podman-11-1.module+el8.2.0+6369+1f4293b4.noarch.rpm
RedHat	any	s390x	crit	< 3.12-9.module+el8.2.0+6369+1f4293b4	crit-3.12-9.module+el8.2.0+6369+1f4293b4.s390x.rpm