(RHSA-2024:2090) Important: container-tools:rhel8 security update

2024-04-2908:31:22

access.redhat.com

container-tools

rhel8

security update

fix

full container escape vulnerability

buildah

podman

skopeo

runc

cve-2024-1753

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

buildah: full container escape at build time (CVE-2024-1753)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64podman< 4.2.0-3.module+el8.6.0+21745+f5f35196podman-4.2.0-3.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHatanys390xpodman-debuginfo< 4.2.0-3.module+el8.6.0+21745+f5f35196podman-debuginfo-4.2.0-3.module+el8.6.0+21745+f5f35196.s390x.rpm
RedHatanys390xoci-seccomp-bpf-hook< 1.2.6-1.module+el8.6.0+21745+f5f35196oci-seccomp-bpf-hook-1.2.6-1.module+el8.6.0+21745+f5f35196.s390x.rpm
RedHatanyaarch64toolbox-debugsource< 0.0.99.3-0.7.module+el8.6.0+21745+f5f35196toolbox-debugsource-0.0.99.3-0.7.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyaarch64libslirp< 4.4.0-1.module+el8.6.0+21745+f5f35196libslirp-4.4.0-1.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyx86_64python3-criu< 3.15-3.module+el8.6.0+21745+f5f35196python3-criu-3.15-3.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHatanyaarch64podman-gvproxy-debuginfo< 4.2.0-3.module+el8.6.0+21745+f5f35196podman-gvproxy-debuginfo-4.2.0-3.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyx86_64oci-seccomp-bpf-hook-debuginfo< 1.2.6-1.module+el8.6.0+21745+f5f35196oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHatanys390xbuildah-tests-debuginfo< 1.26.7-1.module+el8.6.0+21745+f5f35196buildah-tests-debuginfo-1.26.7-1.module+el8.6.0+21745+f5f35196.s390x.rpm
RedHatanyaarch64toolbox-tests< 0.0.99.3-0.7.module+el8.6.0+21745+f5f35196toolbox-tests-0.0.99.3-0.7.module+el8.6.0+21745+f5f35196.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	podman	< 4.2.0-3.module+el8.6.0+21745+f5f35196	podman-4.2.0-3.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHat	any	s390x	podman-debuginfo	< 4.2.0-3.module+el8.6.0+21745+f5f35196	podman-debuginfo-4.2.0-3.module+el8.6.0+21745+f5f35196.s390x.rpm
RedHat	any	s390x	oci-seccomp-bpf-hook	< 1.2.6-1.module+el8.6.0+21745+f5f35196	oci-seccomp-bpf-hook-1.2.6-1.module+el8.6.0+21745+f5f35196.s390x.rpm
RedHat	any	aarch64	toolbox-debugsource	< 0.0.99.3-0.7.module+el8.6.0+21745+f5f35196	toolbox-debugsource-0.0.99.3-0.7.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	aarch64	libslirp	< 4.4.0-1.module+el8.6.0+21745+f5f35196	libslirp-4.4.0-1.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	x86_64	python3-criu	< 3.15-3.module+el8.6.0+21745+f5f35196	python3-criu-3.15-3.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHat	any	aarch64	podman-gvproxy-debuginfo	< 4.2.0-3.module+el8.6.0+21745+f5f35196	podman-gvproxy-debuginfo-4.2.0-3.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	x86_64	oci-seccomp-bpf-hook-debuginfo	< 1.2.6-1.module+el8.6.0+21745+f5f35196	oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHat	any	s390x	buildah-tests-debuginfo	< 1.26.7-1.module+el8.6.0+21745+f5f35196	buildah-tests-debuginfo-1.26.7-1.module+el8.6.0+21745+f5f35196.s390x.rpm
RedHat	any	aarch64	toolbox-tests	< 0.0.99.3-0.7.module+el8.6.0+21745+f5f35196	toolbox-tests-0.0.99.3-0.7.module+el8.6.0+21745+f5f35196.aarch64.rpm