Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:7457
HistoryNov 08, 2022 - 6:20 a.m.

(RHSA-2022:7457) Moderate: container-tools:rhel8 security, bug fix, and enhancement update

2022-11-0806:20:07
access.redhat.com
23

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.007 Low

EPSS

Percentile

79.2%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

  • cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

  • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

  • buildah: possible information disclosure and modification (CVE-2022-2990)

  • runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64libslirp-debuginfo< 4.4.0-1.module+el8.7.0+16772+33343656libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
RedHatanys390xbuildah-tests-debuginfo< 1.27.0-2.module+el8.7.0+16772+33343656buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
RedHatanys390xnetavark< 1.1.0-6.module+el8.7.0+16772+33343656netavark-1.1.0-6.module+el8.7.0+16772+33343656.s390x.rpm
RedHatanyppc64lebuildah-debuginfo< 1.27.0-2.module+el8.7.0+16772+33343656buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
RedHatanys390xlibslirp-debuginfo< 4.4.0-1.module+el8.7.0+16772+33343656libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
RedHatanys390xcrun< 1.5-1.module+el8.7.0+16772+33343656crun-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
RedHatanyppc64leconmon-debugsource< 2.1.4-1.module+el8.7.0+16772+33343656conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
RedHatanyaarch64python3-criu< 3.15-3.module+el8.7.0+16772+33343656python3-criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
RedHatanyx86_64libslirp-debuginfo< 4.4.0-1.module+el8.7.0+16772+33343656libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
RedHatanys390xlibslirp-devel< 4.4.0-1.module+el8.7.0+16772+33343656libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
Rows per page:
1-10 of 2491

Related

nessus 49
rocky 4
oraclelinux 7
osv 15
redhat 9
almalinux 2
veracode 6
fedora 39
cgr 1
suse 5
ubuntucve 4
amazon 2
cve 5
github 4
prion 5
redhatcve 5
ibm 9
mageia 4
alpinelinux 4
altlinux 5
cbl_mariner 7
debiancve 3
wolfi 1
freebsd 1
redos 1
photon 2
nessus
nessus
CentOS 8 : container-tools:rhel8 (CESA-2022:7457)
2022-11-09 00:00:00
RHEL 8 : container-tools:rhel8 (RHSA-2022:7457)
2022-11-08 00:00:00
Rocky Linux 8 : container-tools:rhel8 (RLSA-2022:7457)
2023-02-16 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
runc security update
2022-11-15 06:15:20
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2022-11-15 00:00:00
container-tools:4.0 security and bug fix update
2022-11-15 00:00:00
runc security update
2022-11-22 00:00:00
osv
osv
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 00:00:00
redhat
redhat
(RHSA-2022:7469) Moderate: container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
(RHSA-2021:4765) Moderate: Release of OpenShift Serverless Client kn 1.19.0
2021-11-23 08:35:04
(RHSA-2022:8090) Low: runc security update
2022-11-15 06:15:20
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 00:00:00
Low: runc security update
2022-11-15 00:00:00
veracode
veracode
Privilege Escalation
2022-05-16 13:23:56
Incorrect Content-type Handling
2021-11-18 06:30:58
Denial Of Service
2021-08-06 20:30:04
fedora
fedora
[SECURITY] Fedora 36 Update: runc-1.1.2-3.fc36
2022-07-31 01:37:21
[SECURITY] Fedora 34 Update: stargz-snapshotter-0.10.1-1.fc34
2021-11-29 01:11:31
[SECURITY] Fedora 35 Update: golang-github-containerd-ttrpc-1.1.0-1.fc35
2021-12-01 01:21:43
cgr
cgr
CVE-2022-29162 vulnerabilities
2024-04-20 09:12:08
suse
suse
Security update for singularity (moderate)
2021-12-04 00:00:00
Security update for go1.16 (moderate)
2021-08-26 00:00:00
Security update for go1.15 (moderate)
2021-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-41190
2021-11-17 00:00:00
CVE-2022-29162
2022-05-17 00:00:00
CVE-2021-36221
2021-08-08 00:00:00
amazon
amazon
Medium: containerd, docker
2021-11-17 15:38:00
Medium: golang
2021-09-30 19:24:00
cve
cve
CVE-2021-41190
2021-11-17 20:15:00
CVE-2022-29162
2022-05-17 21:15:00
CVE-2021-36221
2021-08-08 06:15:00
github
github
Clarify Content-Type handling
2021-11-18 16:13:08
Default inheritable capabilities for linux container should be empty
2022-05-24 17:36:56
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
2022-09-14 00:00:48
prion
prion
Design/Logic Flaw
2021-11-17 20:15:00
Design/Logic Flaw
2022-05-17 21:15:00
Race condition
2021-08-08 06:15:00
redhatcve
redhatcve
CVE-2021-41190
2021-11-19 15:20:21
CVE-2022-29162
2022-06-07 02:29:38
CVE-2021-36221
2022-04-30 13:09:05
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2021-41190)
2021-12-14 14:50:20
Security Bulletin: IBM CICS TX Advanced is vulnerable to an Open Container Initiative Distribution Specification vulnerability (CVE-2021-41190).
2023-02-14 21:04:36
Security Bulletin: IBM CICS TX Standard is vulnerable to an Open Container Initiative Distribution Specification vulnerability (CVE-2021-41190).
2023-02-14 21:14:53
mageia
mageia
Updated docker-containerd packages fix security vulnerability
2021-12-02 19:49:28
Updated opencontainers-runc packages fix security vulnerability
2022-05-21 11:50:18
Updated golang packages fix security vulnerability
2021-09-04 20:01:38
alpinelinux
alpinelinux
CVE-2021-41190
2021-11-17 20:15:00
CVE-2022-29162
2022-05-17 21:15:00
CVE-2021-36221
2021-08-08 06:15:00
altlinux
altlinux
Security fix for the ALT Linux 10 package runc version 1.1.2-alt1
2022-05-12 00:00:00
Security fix for the ALT Linux 10 package golang version 1.16.7-alt1
2021-08-12 00:00:00
Security fix for the ALT Linux 9 package golang version 1.15.15-alt1
2021-08-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-29162 affecting package moby-runc 1.1.0+azure-6
2022-07-14 21:00:02
CVE-2021-36221 affecting package golang 1.15.13-1
2021-09-09 15:03:05
CVE-2022-29162 affecting package moby-runc 1.1.0-1
2022-06-26 03:29:33
debiancve
debiancve
CVE-2022-29162
2022-05-17 21:15:00
CVE-2022-2990
2022-09-13 14:15:00
CVE-2021-36221
2021-08-08 06:15:00
wolfi
wolfi
CVE-2022-29162 vulnerabilities
2024-04-20 09:09:23
freebsd
freebsd
go -- net/http: panic due to racy read of persistConn after handler panic
2021-06-21 00:00:00
redos
redos
ROS-20220620-01
2022-06-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0405
2022-06-14 00:00:00
Important Photon OS Security Update - PHSA-2022-0529
2022-10-19 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.007 Low

EPSS

Percentile

79.2%

JSON
Related for RHSA-2022:7457
nessus49rocky4oraclelinux7osv15redhat9almalinux2veracode6fedora39cgr1suse5ubuntucve4amazon2cve5github4prion5redhatcve5ibm9mageia4alpinelinux4altlinux5cbl_mariner7debiancve3wolfi1freebsd1redos1photon2