ALSA-2022:1762

[ALSA-2022:1762] Important: container-tools:rhel8 security, bug fix, and enhancement update

Type:

security

Severity:

important

Release date:

2022-08-03

Description:

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* psgo: Privilege escalation in 'podman top' (CVE-2022-1227)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)
* crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)
* buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	podman-remote-4.0.2-6.module_el8.6.0+2878+e681bc44.aarch64.rpm	089615026e9670fb35580501a58747cb960ac364a152cae1e93f56f4dddc8dce
aarch64	conmon-2.1.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm	0d65eadf6f5c4c3c99bd33f18ddc2975eed70d1e27e49b90df984ab10585b985
aarch64	podman-catatonit-4.0.2-6.module_el8.6.0+2878+e681bc44.aarch64.rpm	0f6a6d65e36026a221f663ed13a6f466a16a67adb11441c478efd12fdcdb2920
aarch64	podman-tests-4.0.2-6.module_el8.6.0+2878+e681bc44.aarch64.rpm	14653c823f26b09a62fa5c12c66d41ffda9a300f8951837a100d03aedd1646b2
aarch64	runc-1.0.3-2.module_el8.6.0+2878+e681bc44.aarch64.rpm	1b3feb68d71ed6e35292ddaf174acf2d32aa85adebfdda71a126d4b0040849f7
aarch64	criu-devel-3.15-3.module_el8.6.0+2751+06427ca3.aarch64.rpm	356ab2a0229ae2b6fe4fe86d271b30253b605841b66b1bdb0ff04e0286f51f3d
aarch64	oci-seccomp-bpf-hook-1.2.3-3.module_el8.6.0+2877+8e437bf5.aarch64.rpm	386de58648196b289baf3f1b5cba629f3ad555eb1bd30aded656a9047acaf251
aarch64	libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm	3b0aa2c305069979ca36d9c4ddce9e680fbacb931037c238c3efd58ad9a78ffc
aarch64	skopeo-1.6.1-2.module_el8.6.0+2877+8e437bf5.aarch64.rpm	4004a84f8a1cc050c570950e0b1f4f854d90d1b92b4d0d193c94c397a7562f42
aarch64	toolbox-0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5.aarch64.rpm	44998b416dde033ea8081b34c96bcbec3519811efb036075fc26fea1357bcbbf
aarch64	aardvark-dns-1.0.1-27.module_el8.6.0+2878+e681bc44.aarch64.rpm	47abab649becbc217423404b3032e764c59d2fd1adf62e176a9cdabc3b54e140
aarch64	podman-plugins-4.0.2-6.module_el8.6.0+2878+e681bc44.aarch64.rpm	4b8434ddef17d7786cf4f39335c7d342b9845e95c5dfa952daa2bf55a369ea91
aarch64	podman-gvproxy-4.0.2-6.module_el8.6.0+2878+e681bc44.aarch64.rpm	4df85233a47682dc5d434b1a6fe8a1bdac2c119e50fa8b9d0566444aabedbda6
aarch64	podman-4.0.2-6.module_el8.6.0+2878+e681bc44.aarch64.rpm	5ad4753655e2ff4bd1dbf6f91b035f0071e933952a379cdce1eb5c8097c93c4c
aarch64	crit-3.15-3.module_el8.6.0+2751+06427ca3.aarch64.rpm	7055982e31c042f06853ab7bbe8a039ce6ec10ac971d0d957788eca71b28fc7e
aarch64	containers-common-1-27.module_el8.6.0+2878+e681bc44.aarch64.rpm	795fddc00f12f507ad5c9e6ce14c07187c3d0691f01daf32429761bb1e3a74e7
aarch64	skopeo-tests-1.6.1-2.module_el8.6.0+2877+8e437bf5.aarch64.rpm	85992dca0449615b0e844e1d1ea93d157daa779be1727e30e960ecff8aab4e00
aarch64	crun-1.4.4-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm	8f81fa97d36fd7ee6efd3451fc94a2ae6c4caaf1369e08354f72016fc22ed365
aarch64	python3-criu-3.15-3.module_el8.6.0+2751+06427ca3.aarch64.rpm	92b360de19bdb7e55f5610fe5aae13c9560f4eba478c3550ae583d3a97bf0ec4
aarch64	fuse-overlayfs-1.8.2-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm	95b4bd5eae18dc818504b15a9a71ac09cecbdba6b4cb6841e8dbc4e4b2db372a
aarch64	buildah-tests-1.24.2-4.module_el8.6.0+2878+e681bc44.aarch64.rpm	9dfd42af12e641319680dac3afc8d027b334261bea99e23510d05f3e0ab90955
aarch64	libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm	9eb5efecbd07336344bad5848739cccb4265171484da302a847c97d5fe979be0
aarch64	slirp4netns-1.1.8-2.module_el8.6.0+2877+8e437bf5.aarch64.rpm	b19d2dd190753e016e76b557056ae7786925003e01f4db71640dfd9f06f5b301
aarch64	toolbox-tests-0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5.aarch64.rpm	c48a5e89c186350e90896125749033c7ea1fc1d01f90d7ff56c5a50b0bac2d0d
aarch64	containernetworking-plugins-1.0.1-2.module_el8.6.0+2878+e681bc44.aarch64.rpm	d044df212b74d6fdbd6a7658ccf60d51b7ef0964f32e1ff228f5ab9b65d11fad
aarch64	criu-libs-3.15-3.module_el8.6.0+2751+06427ca3.aarch64.rpm	de6cbbb9a2b240fa79d77c3c6edcb33448cb24cabfd27aa797cfb2f227146636
aarch64	criu-3.15-3.module_el8.6.0+2751+06427ca3.aarch64.rpm	ea4105c116f5883ecf36a63a57286264e826d9772899408bf3241d89e8fbac83
aarch64	netavark-1.0.1-27.module_el8.6.0+2878+e681bc44.aarch64.rpm	ed8980a9e0cd7e45882a691033f71f61ad9073a0a6f050caee263c031757a57a
aarch64	buildah-1.24.2-4.module_el8.6.0+2878+e681bc44.aarch64.rpm	ff3f6ecd03e4e8de67cd37fe7c7354ff765482976bdf5c724c41f610f6e16310
noarch	python3-podman-4.0.0-1.module_el8.6.0+2877+8e437bf5.noarch.rpm	1aacd6dce9ada0f5125e3ac58f63aec4d1c966441d3dd40e84661d60a682112e
noarch	udica-0.2.6-2.module_el8.6.0+2877+8e437bf5.noarch.rpm	2d8fa700621ff6901aa2ac0cad94c96eee3d971c7044e95ec95576a350ed09d4
noarch	podman-docker-4.0.2-6.module_el8.6.0+2878+e681bc44.noarch.rpm	35818dcb65e922b215be759958c0ddc73a6da205cc96b28e6d2c32bf0e27c37a
noarch	cockpit-podman-43-1.module_el8.6.0+2877+8e437bf5.noarch.rpm	732805f43c6ed83fd608091bbd61ad82a7e532e2ef3840450a69f44e4135489e
noarch	container-selinux-2.179.1-1.module_el8.6.0+2878+e681bc44.noarch.rpm	956f8ea07998d077f41d6a7a96da4298c8fa23fc97d78e5a8c916a7384d8bcc6
ppc64le	crun-1.4.4-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	1850bef5c521d2eab34fdb1b8d53f75b5e182343665be84e526e6805a1cc77f6
ppc64le	fuse-overlayfs-1.8.2-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	1a2b4946c3a1b8feb08c93f3fbe61998ff15b16d6630119857f9d274bb35bfab
ppc64le	podman-remote-4.0.2-6.module_el8.6.0+2878+e681bc44.ppc64le.rpm	1f0320b675c188d4bdf5a14c21993efc15ca0c3931fa9df3a8f859b3c2986bb3
ppc64le	oci-seccomp-bpf-hook-1.2.3-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	2c16ac4ff3c1ee7cee387837ef921c534a8be31013097e5979272845efa04357
ppc64le	libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	38828e0da2e785e5de02ace4d329be1fe0825a0e4741f538b871dbdbd873f875
ppc64le	aardvark-dns-1.0.1-27.module_el8.6.0+2878+e681bc44.ppc64le.rpm	40ef7d53ec999413557a58311cf2879bb25dfc2ed259edd0b04f562ffeae492d
ppc64le	toolbox-0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	45d30bcfff5f07cf9b2a2d58d3242a387466d1e4534b084ddfd673de537d47a9
ppc64le	podman-4.0.2-6.module_el8.6.0+2878+e681bc44.ppc64le.rpm	4e3a32aff8cb8e71fc92ed5b21fc59361d7bfd22ed6c70955846a28038ae988c
ppc64le	criu-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	54f8c67b8625f8a94da53cdf5f83851e62ab4c69f421c7e60ca99caab011958b
ppc64le	slirp4netns-1.1.8-2.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	59db23a2cf9c74111202823114cbc70798c516fb743f643b9b7fd2fe0bf8555b
ppc64le	buildah-1.24.2-4.module_el8.6.0+2878+e681bc44.ppc64le.rpm	64fb3172b47009ee7f867fd16854df47002ba5b98cf8da50c513f28eca33ce56
ppc64le	netavark-1.0.1-27.module_el8.6.0+2878+e681bc44.ppc64le.rpm	6546251fda202b8c03e0a8a36d9f387c3548a1b842b870e746cae0b3095847e6
ppc64le	podman-plugins-4.0.2-6.module_el8.6.0+2878+e681bc44.ppc64le.rpm	69cac1f933b1eeac3d0c0532ab6a040c68c1103dbc70cb7488f1a4455bb12428
ppc64le	criu-devel-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	6c207667aade2720d64b84b12ee7cae822db296a193a84aa530e9de81f0e95a4
ppc64le	containers-common-1-27.module_el8.6.0+2878+e681bc44.ppc64le.rpm	74ee8649affcf632767a1d677332357f86a8979b9a5be92cce851bf0fb2fcc39
ppc64le	python3-criu-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	7976419c3d8db18c68368174d996837ad167d8b7143e88d8b82516b1162d8695
ppc64le	buildah-tests-1.24.2-4.module_el8.6.0+2878+e681bc44.ppc64le.rpm	8d0cafb57fa29a50ef51fb97e9b8566b23342fb201dfe72f7cc7def8e8189db6
ppc64le	libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	8e57fae8da5e0e145622edc64a2e5d76305805ea40710a3ff83b20a9b154cd25
ppc64le	criu-libs-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	8ee9224e88d8b29de4d302c0c40e722fdaa646fefe4b979f02835c1b10117a5b
ppc64le	toolbox-tests-0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	9f11e04092c533ef98b69de54e63412924ee62a6a34b94543961ee36de8a0ccd
ppc64le	podman-gvproxy-4.0.2-6.module_el8.6.0+2878+e681bc44.ppc64le.rpm	a26a8c17b141de02843785b74c293e9ccd1a5dc7a16c4c315fdf875d1e4c70eb
ppc64le	crit-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	a36d7629eee66af5a2d50bf047d0b0083ca29340d22618af1b833d983b85ff7c
ppc64le	containernetworking-plugins-1.0.1-2.module_el8.6.0+2878+e681bc44.ppc64le.rpm	b293eb2eb8b2e242b2ef93a5d1dbecaabf35704f2a7a5207f16b71e1c94a4c03
ppc64le	skopeo-tests-1.6.1-2.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	c1be061efd09cbec51cb0d90c9a5109c7a6582cc68052eaf29324ddc61fde307
ppc64le	runc-1.0.3-2.module_el8.6.0+2878+e681bc44.ppc64le.rpm	dfc8b59fde2d9e78a26c83af9c60f843c65691ebc5493652aa39954de32efa6b
ppc64le	skopeo-1.6.1-2.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	e33ea9e9fed9520cc984688a5da16e843b1cfd4aecda3bb59bba2a8e672adfa7
ppc64le	conmon-2.1.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm	e802aa635d76482a5c852e8c80e5d8faf49a8069d90e47bcfc39d63503eaec59
ppc64le	podman-catatonit-4.0.2-6.module_el8.6.0+2878+e681bc44.ppc64le.rpm	e87f800f8f75661d88c1bb944a1f81edc387de1167103fe7c68aae09800653b3
ppc64le	podman-tests-4.0.2-6.module_el8.6.0+2878+e681bc44.ppc64le.rpm	fd9674dade9b51ae8f494f707166ca4356cd5fc66e9bf560be7444eec1aefce3
x86_64	criu-libs-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm	04ae80cdd853a5d49d6e648d4fcf0dc73bb25704d7afc24ac3af76b06786b4b1
x86_64	podman-gvproxy-4.0.2-6.module_el8.6.0+2878+e681bc44.x86_64.rpm	184d03d88c204f162a798747e95d43af7d0a0b51cdccea3053ab6f31df5bef31
x86_64	skopeo-tests-1.6.1-2.module_el8.6.0+2877+8e437bf5.x86_64.rpm	1c4587af752e6c06d13f169635a6ec9b52619073db7bc4d596e1e6f8b7564962
x86_64	buildah-tests-1.24.2-4.module_el8.6.0+2878+e681bc44.x86_64.rpm	1f0e4159d8e5a19e1db14a82ec6243953884d425324d2e412e7b32100b768b8c
x86_64	toolbox-tests-0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5.x86_64.rpm	2375b4ff5cd53d810af7a3f6004ec86a1ee80e781b34433b61422ec4603c999d
x86_64	netavark-1.0.1-27.module_el8.6.0+2878+e681bc44.x86_64.rpm	2610bf704494968487b99efcbe2745a8dc2d7c74e95949a0ef7a60db4aa68d22
x86_64	libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm	2bda7ff20959fc2c6a059846f63836c69a3871794cd7b5154866ecc6a4545b0c
x86_64	podman-tests-4.0.2-6.module_el8.6.0+2878+e681bc44.x86_64.rpm	2f34a7ffc6e887a2bf70c0ede8b4f633ceb2ad5cb87342b08c09e25ef87d1a48
x86_64	podman-plugins-4.0.2-6.module_el8.6.0+2878+e681bc44.x86_64.rpm	32f1cade26c21940f3673a3b73a40fbcae9adb1fbba27b6fab5e26dc1443e94f
x86_64	crit-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm	4425c86fd1af6b6dc0c8caafbac77caa852b68765d87a84e9eeaa1eeebbfa636
x86_64	podman-4.0.2-6.module_el8.6.0+2878+e681bc44.x86_64.rpm	46f4637f012bdbeb11ad53689fbd2d136489c59a380ea1ac5f7618aa7e80b0aa
x86_64	oci-seccomp-bpf-hook-1.2.3-3.module_el8.6.0+2877+8e437bf5.x86_64.rpm	48fecef3eb3e8f87e104271b9ff3e451b6b958762faf3c652633dcfd368a2dbe
x86_64	criu-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm	60d54bb32f236d7d7029a02278af814324dabcf0992f1ac61f47970e47ceb403
x86_64	slirp4netns-1.1.8-2.module_el8.6.0+2877+8e437bf5.x86_64.rpm	69c5aeb83acc8eefe2f8e6616661164970a63822283e3a1eefab30208fb24c76
x86_64	buildah-1.24.2-4.module_el8.6.0+2878+e681bc44.x86_64.rpm	72943971cb7a48854566afcce9b7cf32a90640cd377dc61bb218be0daffc807b
x86_64	containernetworking-plugins-1.0.1-2.module_el8.6.0+2878+e681bc44.x86_64.rpm	7384b858a5fc64ca5fd160568852fa1ebbf36c52cd7572c86702e2c3e36a6ee5
x86_64	crun-1.4.4-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm	7f2b03aae9305217925c391dbd3b682dc44934e0fba1318d3d43ca1bbec0ec74
x86_64	toolbox-0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5.x86_64.rpm	7fc15e522194d5414ce006c017d2162f5ba49538575694a6ead836f971ac9af9
x86_64	fuse-overlayfs-1.8.2-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm	859ac7b1515b7d4d34e5fceb6b1e113de65f2828775efe638f934b98069d1878
x86_64	aardvark-dns-1.0.1-27.module_el8.6.0+2878+e681bc44.x86_64.rpm	85b6e2fcaba60a42a3013cbb0ec5953521c10eafc56b60ae995eb9f2149512b3
x86_64	skopeo-1.6.1-2.module_el8.6.0+2877+8e437bf5.x86_64.rpm	919513296867023d2b6645a19bb3056ac56c22fecad9e9616082278769b242c8
x86_64	runc-1.0.3-2.module_el8.6.0+2878+e681bc44.x86_64.rpm	972d7f18b1a18c0c314a1d3e3dd15d4c7c0c577372f5bc20efe01610ee7e5462
x86_64	criu-devel-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm	b79b30367b06961e7514f46ea8b4aa82399fdadd2d9ba7a818d2481fe7677349
x86_64	podman-catatonit-4.0.2-6.module_el8.6.0+2878+e681bc44.x86_64.rpm	c130c8202b595a7a8e4a44ee418212e21eff3374025db0c388f8db3d9c2c012e
x86_64	containers-common-1-27.module_el8.6.0+2878+e681bc44.x86_64.rpm	dd7b1027caac82df2acd9e472121c0d1a84d9babbf203dec7a865b27f5251535
x86_64	libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm	e79d04839688384f66c8053a605f5b73e43b256bdb77d4027031ebc8909aacd3
x86_64	conmon-2.1.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm	e9cacd067ddc1324800c6d3467f11a2fbf62a39c8a5da63f07005180b71275ad
x86_64	python3-criu-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm	f08f386c12dcfff2595514fbf41e2489520615bbdd59ad1568ca47a15d49f23b
x86_64	podman-remote-4.0.2-6.module_el8.6.0+2878+e681bc44.x86_64.rpm	f1f2064fbc10df08117ded33bee6b71a35f671f516e5644953fec2d148c73daf

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.