(RHSA-2024:5194) Important: container-tools:rhel8 security update

2024-08-1200:56:26

access.redhat.com

container-tools rhel8 security go-retryablehttp gorilla/schema vulnerability fixes unix podman buildah skopeo runc cvss cve references acknowledgment impact related information_sparse slice deserialization sensitive information log file_memory exhaustion attack.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xpodman-debugsource< 4.4.1-22.module+el8.8.0+22142+4cbed6b3podman-debugsource-4.4.1-22.module+el8.8.0+22142+4cbed6b3.s390x.rpm
RedHatanyx86_64criu-libs< 3.15-4.module+el8.8.0+22142+4cbed6b3criu-libs-3.15-4.module+el8.8.0+22142+4cbed6b3.x86_64.rpm
RedHatanyppc64lecrit< 3.15-4.module+el8.8.0+22142+4cbed6b3crit-3.15-4.module+el8.8.0+22142+4cbed6b3.ppc64le.rpm
RedHatanys390xoci-seccomp-bpf-hook-debuginfo< 1.2.8-1.module+el8.8.0+22142+4cbed6b3oci-seccomp-bpf-hook-debuginfo-1.2.8-1.module+el8.8.0+22142+4cbed6b3.s390x.rpm
RedHatanyx86_64python3-criu< 3.15-4.module+el8.8.0+22142+4cbed6b3python3-criu-3.15-4.module+el8.8.0+22142+4cbed6b3.x86_64.rpm
RedHatanyaarch64fuse-overlayfs-debuginfo< 1.11-1.module+el8.8.0+22142+4cbed6b3fuse-overlayfs-debuginfo-1.11-1.module+el8.8.0+22142+4cbed6b3.aarch64.rpm
RedHatanyaarch64containers-common< 1-66.module+el8.8.0+22142+4cbed6b3containers-common-1-66.module+el8.8.0+22142+4cbed6b3.aarch64.rpm
RedHatanyx86_64fuse-overlayfs-debuginfo< 1.11-1.module+el8.8.0+22142+4cbed6b3fuse-overlayfs-debuginfo-1.11-1.module+el8.8.0+22142+4cbed6b3.x86_64.rpm
RedHatanyaarch64conmon-debugsource< 2.1.6-1.module+el8.8.0+22142+4cbed6b3conmon-debugsource-2.1.6-1.module+el8.8.0+22142+4cbed6b3.aarch64.rpm
RedHatanyx86_64buildah-debugsource< 1.29.3-1.module+el8.8.0+22142+4cbed6b3buildah-debugsource-1.29.3-1.module+el8.8.0+22142+4cbed6b3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390x	podman-debugsource	< 4.4.1-22.module+el8.8.0+22142+4cbed6b3	podman-debugsource-4.4.1-22.module+el8.8.0+22142+4cbed6b3.s390x.rpm
RedHat	any	x86_64	criu-libs	< 3.15-4.module+el8.8.0+22142+4cbed6b3	criu-libs-3.15-4.module+el8.8.0+22142+4cbed6b3.x86_64.rpm
RedHat	any	ppc64le	crit	< 3.15-4.module+el8.8.0+22142+4cbed6b3	crit-3.15-4.module+el8.8.0+22142+4cbed6b3.ppc64le.rpm
RedHat	any	s390x	oci-seccomp-bpf-hook-debuginfo	< 1.2.8-1.module+el8.8.0+22142+4cbed6b3	oci-seccomp-bpf-hook-debuginfo-1.2.8-1.module+el8.8.0+22142+4cbed6b3.s390x.rpm
RedHat	any	x86_64	python3-criu	< 3.15-4.module+el8.8.0+22142+4cbed6b3	python3-criu-3.15-4.module+el8.8.0+22142+4cbed6b3.x86_64.rpm
RedHat	any	aarch64	fuse-overlayfs-debuginfo	< 1.11-1.module+el8.8.0+22142+4cbed6b3	fuse-overlayfs-debuginfo-1.11-1.module+el8.8.0+22142+4cbed6b3.aarch64.rpm
RedHat	any	aarch64	containers-common	< 1-66.module+el8.8.0+22142+4cbed6b3	containers-common-1-66.module+el8.8.0+22142+4cbed6b3.aarch64.rpm
RedHat	any	x86_64	fuse-overlayfs-debuginfo	< 1.11-1.module+el8.8.0+22142+4cbed6b3	fuse-overlayfs-debuginfo-1.11-1.module+el8.8.0+22142+4cbed6b3.x86_64.rpm
RedHat	any	aarch64	conmon-debugsource	< 2.1.6-1.module+el8.8.0+22142+4cbed6b3	conmon-debugsource-2.1.6-1.module+el8.8.0+22142+4cbed6b3.aarch64.rpm
RedHat	any	x86_64	buildah-debugsource	< 1.29.3-1.module+el8.8.0+22142+4cbed6b3	buildah-debugsource-1.29.3-1.module+el8.8.0+22142+4cbed6b3.x86_64.rpm