ALSA-2022:1565

[ALSA-2022:1565] Moderate: container-tools:3.0 security and bug fix update

Type:

security

Severity:

moderate

Release date:

2022-04-28

Description:

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)

* buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* 3.0 stable stream: podman run --pid=host command causes OCI permission error (BZ#2070961)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	skopeo-tests-1.2.4-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	00aff9986e25b1035c31bc8c1eaa9c9923fdae3ca34c4cd58025894b35a73810
aarch64	skopeo-1.2.4-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	0ad63e2498d49bb384c545900e575e7c881ed8bc6e8f8c9e73a00f116c682096
aarch64	toolbox-tests-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	16784108ed45fc7b449fab89028a3f35fc4a285f7cc8fb8fffeefadbb76486bb
aarch64	criu-3.15-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	183bda468943a18b6ad10f132ac7b8ad92c5ba67382f18c333c8c9aa867498a4
aarch64	podman-plugins-3.0.1-8.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	237d3e5513282ae31f0bfb7fb8e609d80499518b435fa176429346e46d3ccb02
aarch64	python3-criu-3.15-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	2c7f1ee8ae4215d079cff1e2b603282a859335d29bd594ea9af2b34898b61f0b
aarch64	conmon-2.0.26-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	306fe44498a4025085a058d7b4579031779ed4142c440f955e909f6289bd77f1
aarch64	podman-catatonit-3.0.1-8.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	36b8654df0e76790dbbdadb4b7a5846bdbf637eb9da97da4fc95da19dee62df6
aarch64	fuse-overlayfs-1.4.0-2.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	3ca66bf90a7db10bfcb190424d8994f7ce1b9500e48b74b8a372134de734ad81
aarch64	containernetworking-plugins-0.9.1-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	3f0c39e32bbcb770678be8761bf54de06006a20775a7b770a14e52d6a06b3829
aarch64	toolbox-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	6326ac51181d49abba255c70b37255d5ca7775d62b75a79b5feb347e5a1581fb
aarch64	oci-seccomp-bpf-hook-1.2.0-3.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	7002596a5823b220a24a2825ed359567469700fe68233be7bad9a8193dab70f9
aarch64	runc-1.0.0-73.rc95.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	729869a4fe4988174ff7d830d91b074d4a16ed1b33595ba31b879fc58947a9a7
aarch64	crit-3.15-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	9736844ada2bb607243e5c208ad7849c2a30f63c7a355b98d3ec2b58fd0553a7
aarch64	containers-common-1.2.4-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	a2e892af0c9f2f0f5cede506d773b0306091a9b95173cae35cbedb3389e888d9
aarch64	podman-tests-3.0.1-8.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	a75dd26f40372959e2151ec7df7dd8b1e820fe0febf0875e62f0c9066902834b
aarch64	libslirp-devel-4.3.1-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	bf78102e9bec56771abff788e3e9faa89d9851415bd9113306a377b5e4217b09
aarch64	podman-3.0.1-8.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	c832198fb3be6287c4517dbc7533e64586a4701f82599d5e5953d73ef873c985
aarch64	podman-remote-3.0.1-8.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	f102042d148ac6a612b4fe7755aa9b9c2089d76e1ea4c5c91bfb4f762784f506
aarch64	libslirp-4.3.1-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	f719eed0bd389be60c4c101043a6341134725a1dcea82f94b45108a00a3826b0
aarch64	slirp4netns-1.1.8-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	f9f089fce7f81a740a5e0f4b0bd3d6bdf571a5957dde324c949f356db249314e
noarch	cockpit-podman-29-2.module_el8.5.0+2636+8c48f0fc.noarch.rpm	016979285a17c6293967ceafff7d8b0e5d6e7960d3943c524e9cf00c1792c965
noarch	udica-0.2.4-1.module_el8.6.0+2876+9ed4eae2.noarch.rpm	5127ec25a6d4632da80e860fe822430306d9edd11da0e2720e8993208343d5b0
noarch	podman-docker-3.0.1-8.module_el8.5.0+2636+8c48f0fc.noarch.rpm	619f110527b3e7475ddeea9f251daf931f5304c8e901639bb4de4d35fcfcc151
noarch	udica-0.2.4-1.module_el8.5.0+2636+8c48f0fc.noarch.rpm	6caadc37d551e236c18c37de52a25d110c79b9a41ddadf216b93ce8760617751
noarch	podman-docker-3.0.1-8.module_el8.6.0+2876+9ed4eae2.noarch.rpm	90615c91bdf8f887eb20e53cc731207069dd77c87ce27c4962cc33a4c9720bd9
noarch	cockpit-podman-29-2.module_el8.6.0+2876+9ed4eae2.noarch.rpm	ca63901ffa3247a330ba3fdd859e8ce0a9963d6f27c13d2480ec70ad444226c3
noarch	container-selinux-2.167.0-1.module_el8.5.0+2636+8c48f0fc.noarch.rpm	f620e508034e463356cb473778e6b6978f4e0c25aa110483b5910d141737c4e0
ppc64le	podman-plugins-3.0.1-8.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	0ab33e3c1f7eb28c5a1fc3558ded23ab0e42e022badd5e54995e27a440bdf91f
ppc64le	containernetworking-plugins-0.9.1-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	11b3499552b00bd188b40a0adecb3f5bea02a64d93b185ae08c78110cd6a47c4
ppc64le	podman-3.0.1-8.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	3dd4ac868b0fe5f5a8a2720a25cd3896371ddc68c9aea60e8809a63b24a8cb3b
ppc64le	skopeo-tests-1.2.4-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	47935db593fc2bb61c108f0888a08fee0ef7703069ad3d75211764d0ec00ce74
ppc64le	podman-tests-3.0.1-8.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	4ae91561112eff678361cd286b21f9502037726b33a05f83f5a9921101b33a5a
ppc64le	podman-catatonit-3.0.1-8.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	4f68fe1f5d7f5cc55b540f9e7e1ddaf9f90e26c611918ac17647c0574625048a
ppc64le	skopeo-1.2.4-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	6f27dcbe9eb89be88935f524f69389a49b3a7afe0eb525d0c7f8cb52d75a2761
ppc64le	runc-1.0.0-73.rc95.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	7056dcd6815b6c0a9dc1889821ee03f79ee3e561590eba07f86b4124f11327c1
ppc64le	podman-remote-3.0.1-8.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	7517a3793079d908a0ddcfcd22aeef8fc6d3a8f00962cc5ee3b41e4e484902ff
ppc64le	libslirp-4.3.1-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	7e321e8815bb1d11f925c77d7b0804a162490902f67d405602ad4f5220597a61
ppc64le	toolbox-tests-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	8ca142be6f51583f8f1bfbeb2149cb8e289c572c652a263e6b7faa6a5c27e192
ppc64le	python3-criu-3.15-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	900eb64a1ea3f8d7517d19f3f2f017f137e04d3c3da5aaeb4b48f4b3edafb363
ppc64le	slirp4netns-1.1.8-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	94aacc55967ad7e354ce1c8f81cbaf8109b2efe6d84a02ab4f1f86a507a058d2
ppc64le	libslirp-devel-4.3.1-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	9becdb022aca7853e26027a20244f2bedf325eb9f06ce3943d0221d2ceca4f77
ppc64le	oci-seccomp-bpf-hook-1.2.0-3.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	9c0fed6a8e512b704223e1943bbdd239c1189765efc1af24371b7b6541e01cae
ppc64le	crit-3.15-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	aad15709cc1072405bbb1e2e6ae948b251b9cc13875e66424429a83566effdb0
ppc64le	fuse-overlayfs-1.4.0-2.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	aeb1d60d13fe6bb342a77ab92520f16d9b69af29aa486338a6a9cddd68f047e8
ppc64le	criu-3.15-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	be3bb39d472b615ddf851ffd90b90bac650096c32663aed0cb291c2a941f1506
ppc64le	containers-common-1.2.4-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	c0dcfb7a5f6effb06840c3bff8b883df07d9a6571ba63eea1b16254e6d0df404
ppc64le	conmon-2.0.26-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	ea49ffd7a59b2b34d369cce0677c256b1eb46d10b9291c1702c59d5b6a7b76d0
ppc64le	toolbox-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	faeb38785b259ba6b6ff7c6d1f6c87188c0076ea8b106e795c5ca1fa192775d7
x86_64	toolbox-tests-0.0.99.3-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	1178c710b41a15ddcd7c67e409610909bbe1e86ec598fd41b2dc0281f28819eb
x86_64	crun-0.18-2.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	11e4d047ae55420f16b3cde0f611c1c31ad122a96e238bfe2bb884486338c2f5
x86_64	skopeo-tests-1.2.4-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	1afed55a949b8d9acc4ed29c67237a7f33b3762181423ec4c7e8bf0a95fdc44a
x86_64	python3-criu-3.15-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	20dbee54f8ee5eeb720f1a6460d24656735ff9446ce53270c1a3527f04e4a384
x86_64	conmon-2.0.26-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	21346add7cdb8aacf83112c0750bcc1e104a04e0508be0f713bb4102c1f42c6b
x86_64	containers-common-1.2.4-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	2303981da4da24a9fa3d0a1e880e212b5c9ea18c97f14b7d9c7ddfa23ba3082f
x86_64	fuse-overlayfs-1.4.0-2.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	475e489efdf32da0bd8a7c863b80753c7e575bb69ad9a926877743c2487afdee
x86_64	libslirp-4.3.1-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	4b2eb6cb4ef6afed70529d736087b1892f2390dd81df81ce582f72d916de3fa8
x86_64	containernetworking-plugins-0.9.1-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	50da62cb2dcb2def8a3957e05729aa7984f165f30451a05edb627a3727827295
x86_64	toolbox-0.0.99.3-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	638946220540f543f33d2126fad78e7a50ec2d0ac679a9f749c0ee1de785ab29
x86_64	podman-3.0.1-8.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	70f70b43c3e3fc6e9bb8a9a542ffb097f4edb9600fc7f1f813d2f98c5e36c61c
x86_64	slirp4netns-1.1.8-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	7b4154d52c365f585f880458e5ee251c848bb2b2a70a02ccd02a06ce47ee0bc1
x86_64	podman-catatonit-3.0.1-8.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	7f6b3c83b136456295209431069c2c3ebc0a6b584f59c2726285c16f17ae53ba
x86_64	libslirp-devel-4.3.1-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	85ec727a52aad8a05e0eb667c1d76010517a614c24e31d205945d4f15d9da219
x86_64	podman-remote-3.0.1-8.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	87e8783520c8ffe0c56a0dc1b2f96e69a00573c084bd7fa161403d3a069c8d84
x86_64	skopeo-1.2.4-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	8f3f779d5e88512043f12b6af8c595e29d6799ebfa6507e2837cea0f45a0869b
x86_64	crit-3.15-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	9eaa1359bb56095f1d5d82f7bb06b90665ef74e74679828c1a312d0cb2db26e3
x86_64	oci-seccomp-bpf-hook-1.2.0-3.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	a3c8a31cd6229ba3cfb591e347cb1b423849530c2d69aff0d9757586dc56fa24
x86_64	podman-plugins-3.0.1-8.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	c3c5f12731f8138d3beef38fad66b6b86e1ef7b50ce6c0a28bbc0666d3ec3048
x86_64	buildah-tests-1.19.9-2.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	c9b87ddb11dbcb5b24d8abf835a5d36c7ff6a20210aa4b78af6372fb2adf16fa
x86_64	runc-1.0.0-73.rc95.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	d4a14d77fd6ba62c9c91b6c47d08e9555940412670fc326d32316b1f4c828f70
x86_64	podman-tests-3.0.1-8.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	d610d70e84035d9ce6f2e1a983500ae9d9e773ed8b5c9bc30f2069dcfa4b8fb4
x86_64	criu-3.15-1.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	df1dd7a3120bb8bf41039891797b302ed92801d57d2166919e50fd0825c3867f
x86_64	buildah-1.19.9-2.module_el8.5.0+2636+8c48f0fc.x86_64.rpm	ebe5dfc5e4ec7a8924525008c48b3cb8d05980d92f71ddba08026a9d5658542c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.