[ALSA-2019:4273] Important: container-tools:1.0 security update
Type:
security
Severity:
important
Release date:
2019-12-17
Description:
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 skopeo-0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43.aarch64.rpm 02e2ea615c59a32a2b6b0a3d62e5d8b1373c576bedae6438eea77e57c15b5747
aarch64 oci-umount-2.3.4-2.git87f9237.module_el8.4.0+2496+12421f43.aarch64.rpm 770d344d61dc1877c84a45a546afae1a8f23794049e5a2ec2a2da48f0ebf626b
aarch64 containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.4.0+2496+12421f43.aarch64.rpm 7e14f473b99c42b0099eb8869968cc5eb309b8ce43995f1993261972c30d09b6
aarch64 oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.4.0+2496+12421f43.aarch64.rpm 82a7c609f0920121fc1ce28ccf8a437f07063d9b4d2c930cec3d6894d962fe15
aarch64 runc-1.0.0-56.rc5.dev.git2abd837.module_el8.4.0+2496+12421f43.aarch64.rpm 86cc800b6ea8c1dd4255f6b4125165b15aa39bc60660c3e1920a9176ddcd64e5
aarch64 fuse-overlayfs-0.3-5.module_el8.4.0+2496+12421f43.aarch64.rpm 90cde31a5e68574aba6ec587bbcb2a0de1926524b781da2f5cd98a055369d4e5
aarch64 containers-common-0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43.aarch64.rpm b4d1bed8a8776ee28d0b5ec98a6e6e64d19cd4f78bc1103d84630c65ff697053
ppc64le oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082.ppc64le.rpm 3f0297ea60af68d82bac1e3ff0466762adac366c8888335e60681908c5146ba7
ppc64le oci-umount-2.3.4-2.git87f9237.module_el8.5.0+119+9a9ec082.ppc64le.rpm 6a69d33989417b5db165ed7f7d5c377e2da96c932944e9aeb391bb252300e3c1
ppc64le containers-common-0.1.32-6.git1715c90.module_el8.5.0+119+9a9ec082.ppc64le.rpm a19e7264fd87fd26ec220f206df02adb6e3139c0c9c0bdb0b2e27487eb3b81f0
ppc64le runc-1.0.0-56.rc5.dev.git2abd837.module_el8.5.0+119+9a9ec082.ppc64le.rpm b33a8341fd5f7df77af76411d868e11d68ca34fe23a292bbf7e9a0e8393dbe17
ppc64le fuse-overlayfs-0.3-5.module_el8.5.0+119+9a9ec082.ppc64le.rpm b38d3c79f63adfad5e2edafe7104366884d814422b01727e13afcacf34d1e1ab
ppc64le skopeo-0.1.32-6.git1715c90.module_el8.5.0+119+9a9ec082.ppc64le.rpm c21f52f226ed49e01b5986162562e8677f81a1d6ab354a53ddf53d3b0571d958
ppc64le containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.5.0+119+9a9ec082.ppc64le.rpm d55383961c04e85cb5d2af05100b80fcc6a80e969af224403cc557610464625a
x86_64 containers-common-0.1.32-6.git1715c90.module_el8.4.0+2478+12421f43.x86_64.rpm 136c94b21fac16481272af5b5a2062818d62813e6349b88fb0ca4cb7ba6d839e
x86_64 containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.3.0+2044+12421f43.x86_64.rpm 2252d1af8c6812c51bf986453f4a258b5e568163641e74804db6ec7664c724da
x86_64 runc-1.0.0-56.rc5.dev.git2abd837.module_el8.3.0+2044+12421f43.x86_64.rpm 5b1a8e0ed7e4731a2aab6af9cb2909b874fecb8623fa7c58d117980a59f3ef62
x86_64 fuse-overlayfs-0.3-5.module_el8.3.0+2044+12421f43.x86_64.rpm 813eb4acbccfc1f231c6b9b02b01c70196d7b88c309598a270c55383de41bf36
x86_64 oci-umount-2.3.4-2.git87f9237.module_el8.3.0+2044+12421f43.x86_64.rpm 82477f79b1e2569d7909cf5e334b443d2c90c7e7ae710bb25826a793f46c0e6e
x86_64 oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.3.0+2044+12421f43.x86_64.rpm b0316c313c77ab89cb757717f70d4033c6593a3ea657981a4c351d397629218a
x86_64 skopeo-0.1.32-6.git1715c90.module_el8.4.0+2478+12421f43.x86_64.rpm ea8346ed92c2ac3a75187999e82a0d964ec882ff794088277ee2a942b81f5519
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.