ALSA-2022:7529

[ALSA-2022:7529] Moderate: container-tools:3.0 security update

Type:

security

Severity:

moderate

Release date:

2023-01-03

Description:

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	buildah-1.19.9-6.module_el8.7.0+3297+1eb250cf.aarch64.rpm	087a180d47ebc2ae0b91fbf44496a60ceb6c8cc1f4ee47403154072bf53d2cc1
aarch64	podman-3.0.1-13.module_el8.7.0+3297+1eb250cf.aarch64.rpm	0d447b02cb60d1abe1d76c8113071ebb3309437697af7f3ca5f2d909c7158fbe
aarch64	podman-catatonit-3.0.1-13.module_el8.7.0+3297+1eb250cf.aarch64.rpm	123cfcea3b0a8504fdb0508de2fbfb065be32714a16f724b2884788899cd2b98
aarch64	toolbox-tests-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	16784108ed45fc7b449fab89028a3f35fc4a285f7cc8fb8fffeefadbb76486bb
aarch64	criu-3.15-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	183bda468943a18b6ad10f132ac7b8ad92c5ba67382f18c333c8c9aa867498a4
aarch64	crun-0.18-3.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	20d35afd7246f297545b7d305004ebd7caf269f476b62a7b1b1b12c062078895
aarch64	python3-criu-3.15-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	2c7f1ee8ae4215d079cff1e2b603282a859335d29bd594ea9af2b34898b61f0b
aarch64	podman-tests-3.0.1-13.module_el8.7.0+3297+1eb250cf.aarch64.rpm	3543cc50b88fe6f6f57eedbc9afecc9af9b56335d8e07f8de52f950a6c6660ea
aarch64	fuse-overlayfs-1.4.0-2.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	3ca66bf90a7db10bfcb190424d8994f7ce1b9500e48b74b8a372134de734ad81
aarch64	containernetworking-plugins-0.9.1-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	3f0c39e32bbcb770678be8761bf54de06006a20775a7b770a14e52d6a06b3829
aarch64	buildah-tests-1.19.9-6.module_el8.7.0+3297+1eb250cf.aarch64.rpm	578b7fb50a0d5481f3122a26a8dc9741c638074f9c3efa49e79294d995b20b3b
aarch64	toolbox-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	6326ac51181d49abba255c70b37255d5ca7775d62b75a79b5feb347e5a1581fb
aarch64	skopeo-tests-1.2.4-2.module_el8.7.0+3297+1eb250cf.aarch64.rpm	6b9f19ac21079346819df5d3664545729c8f92d78263689627599efb070d8ec0
aarch64	oci-seccomp-bpf-hook-1.2.0-3.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	7002596a5823b220a24a2825ed359567469700fe68233be7bad9a8193dab70f9
aarch64	runc-1.0.0-73.rc95.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	729869a4fe4988174ff7d830d91b074d4a16ed1b33595ba31b879fc58947a9a7
aarch64	crit-3.15-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	9736844ada2bb607243e5c208ad7849c2a30f63c7a355b98d3ec2b58fd0553a7
aarch64	podman-remote-3.0.1-13.module_el8.7.0+3297+1eb250cf.aarch64.rpm	b405611bdf71e5f80d70eebce92d4632d6f8cb4be4b6dda58c150a3adc938700
aarch64	libslirp-devel-4.3.1-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	bf78102e9bec56771abff788e3e9faa89d9851415bd9113306a377b5e4217b09
aarch64	containers-common-1.2.4-2.module_el8.7.0+3297+1eb250cf.aarch64.rpm	c815d39afe2a133dd779cbf5786d3c35aceb0fd4f957252d8a28e7a5d9178d7a
aarch64	conmon-2.0.26-3.module_el8.7.0+3297+1eb250cf.aarch64.rpm	d4035ac99d0479cd203ab1404e3a50d17b0f2291bfcfbc0ad886842c78984fd4
aarch64	skopeo-1.2.4-2.module_el8.7.0+3297+1eb250cf.aarch64.rpm	e07bd06cdf350b9df725b9f7207df8a6e177b57453fd54e8d13275819c81e23e
aarch64	podman-plugins-3.0.1-13.module_el8.7.0+3297+1eb250cf.aarch64.rpm	f3c619261e6c450ae4f280874a68b0148305113ebb67c0157965b36991033969
aarch64	libslirp-4.3.1-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	f719eed0bd389be60c4c101043a6341134725a1dcea82f94b45108a00a3826b0
aarch64	slirp4netns-1.1.8-1.module_el8.6.0+2876+9ed4eae2.aarch64.rpm	f9f089fce7f81a740a5e0f4b0bd3d6bdf571a5957dde324c949f356db249314e
noarch	container-selinux-2.189.0-1.module_el8.7.0+3406+a17c4180.noarch.rpm	2b05a17f47252ae2816c34ae78e94b307780c58f222d8620c8c37ef300388187
noarch	podman-docker-3.0.1-13.module_el8.7.0+3297+1eb250cf.noarch.rpm	50986d6cb60c8c39aa4baf607a333483a539e781efbf56700d7c3af684d79e00
noarch	udica-0.2.4-1.module_el8.6.0+2876+9ed4eae2.noarch.rpm	5127ec25a6d4632da80e860fe822430306d9edd11da0e2720e8993208343d5b0
noarch	container-selinux-2.189.0-1.module_el8.6.0+3336+00d107d5.noarch.rpm	b1805c64aafcb11b66a77749139ba9d6d1ad3adeac17e4e0d0a7814173fef5dc
noarch	cockpit-podman-29-2.module_el8.6.0+2876+9ed4eae2.noarch.rpm	ca63901ffa3247a330ba3fdd859e8ce0a9963d6f27c13d2480ec70ad444226c3
noarch	container-selinux-2.189.0-1.module_el8.7.0+3297+1eb250cf.noarch.rpm	f9a51ca8f0600508895259569c3816bb3bb2f1357ccc56053063a5d7a58b1ebb
ppc64le	conmon-2.0.26-3.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	0e4875f103b44fc3c2cad5660344e8af96d1d4b643322eb1c7d8a4796aab4bfb
ppc64le	containernetworking-plugins-0.9.1-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	11b3499552b00bd188b40a0adecb3f5bea02a64d93b185ae08c78110cd6a47c4
ppc64le	containers-common-1.2.4-2.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	51cc4ec2760fa590f7f73e98a1226dce48bad707ad3a70a0852de4880106c81f
ppc64le	podman-remote-3.0.1-13.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	5743127bfc2a19c8b5e0bc0f4f85d23f7b06063d9824012c2e7a82a064f07b7f
ppc64le	runc-1.0.0-73.rc95.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	7056dcd6815b6c0a9dc1889821ee03f79ee3e561590eba07f86b4124f11327c1
ppc64le	podman-plugins-3.0.1-13.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	78ff207763301f2ea76057d4dfe0a90ac16684d3d542a1354e1aa9c36e1fb508
ppc64le	libslirp-4.3.1-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	7e321e8815bb1d11f925c77d7b0804a162490902f67d405602ad4f5220597a61
ppc64le	podman-tests-3.0.1-13.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	888beb01602c8065fe07ecc34e2d240151691ae6a1139a3ae2bee2d5f0140f16
ppc64le	toolbox-tests-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	8ca142be6f51583f8f1bfbeb2149cb8e289c572c652a263e6b7faa6a5c27e192
ppc64le	python3-criu-3.15-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	900eb64a1ea3f8d7517d19f3f2f017f137e04d3c3da5aaeb4b48f4b3edafb363
ppc64le	slirp4netns-1.1.8-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	94aacc55967ad7e354ce1c8f81cbaf8109b2efe6d84a02ab4f1f86a507a058d2
ppc64le	skopeo-1.2.4-2.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	99e51b9e64e4c18dd34f3e1f5cb2c97c605a4f0e5a3eeb19e4ac9aca7ba29728
ppc64le	libslirp-devel-4.3.1-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	9becdb022aca7853e26027a20244f2bedf325eb9f06ce3943d0221d2ceca4f77
ppc64le	oci-seccomp-bpf-hook-1.2.0-3.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	9c0fed6a8e512b704223e1943bbdd239c1189765efc1af24371b7b6541e01cae
ppc64le	podman-catatonit-3.0.1-13.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	9edb33e3e217364afdd6efeee486d194b1151ba201fab33dd1846e1b6875d6b7
ppc64le	buildah-1.19.9-6.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	9ff124498d5f3b27d8ba032f6abe10642ce66d7480e2069f329b1e9a7bf39552
ppc64le	podman-3.0.1-13.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	a4c57dedeba3b62b7664bae52e5c04821c9c6644a7684e27bf234015aef77995
ppc64le	crit-3.15-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	aad15709cc1072405bbb1e2e6ae948b251b9cc13875e66424429a83566effdb0
ppc64le	fuse-overlayfs-1.4.0-2.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	aeb1d60d13fe6bb342a77ab92520f16d9b69af29aa486338a6a9cddd68f047e8
ppc64le	criu-3.15-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	be3bb39d472b615ddf851ffd90b90bac650096c32663aed0cb291c2a941f1506
ppc64le	skopeo-tests-1.2.4-2.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	dcea4d42af24daa98d2d64f3235403798409c9e1d4e431cab8e3567824660072
ppc64le	buildah-tests-1.19.9-6.module_el8.7.0+3297+1eb250cf.ppc64le.rpm	e02fcdc8cbca4faf51dd88886f4b5930ffcea500bba8e5023811d30c1fda8fa0
ppc64le	toolbox-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	faeb38785b259ba6b6ff7c6d1f6c87188c0076ea8b106e795c5ca1fa192775d7
ppc64le	crun-0.18-3.module_el8.6.0+2876+9ed4eae2.ppc64le.rpm	fd51afe4d629586e0ad9681e3fbb5e4e5b2d01c5834de05db1ca479845a28f86
s390x	podman-3.0.1-13.module_el8.7.0+3297+1eb250cf.s390x.rpm	062760bbdbc9c397432b8f0623d15e5a73742ddcedeaae15a978bfc9083106c8
s390x	toolbox-tests-0.0.99.3-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	146300e552a2c5398f65a1c520614e81bbf5d372b293ef5fc3cc9170e4ac708d
s390x	skopeo-1.2.4-2.module_el8.7.0+3297+1eb250cf.s390x.rpm	265dc0101e83e5c87d916008485ba328098d09fdfbd48afbbe7dcd0f3b2ea8af
s390x	podman-plugins-3.0.1-13.module_el8.7.0+3297+1eb250cf.s390x.rpm	2cfef59536f860184c1d3b6358df61403576d3df8cb89ee2f9866655dbe08958
s390x	libslirp-4.3.1-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	35ebe73e2602fb36faf49047d3cc15845c0eda223eb3b9416f3a39cb15b47a77
s390x	crun-0.18-3.module_el8.6.0+3136+bfcd65b6.s390x.rpm	402bb3464fa6112259d5c080831d436a9f8263af4f57c88124c36bb899c207b8
s390x	podman-catatonit-3.0.1-13.module_el8.7.0+3297+1eb250cf.s390x.rpm	542bd7dc3ff0272c5c33b676b14abb9cddc670943a15274b35c560b4274f112b
s390x	buildah-tests-1.19.9-6.module_el8.7.0+3297+1eb250cf.s390x.rpm	56e711e0fd161d03bfac86fdf5722a47c332b2cae51939cf684f18612733dc64
s390x	runc-1.0.0-73.rc95.module_el8.6.0+3136+bfcd65b6.s390x.rpm	58dbf92b624b0441fdf90df01b96cb9f5d463b1d2023c2e3d5caeffb8b54334d
s390x	toolbox-0.0.99.3-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	6e0a3bc113ac26bd51debae6ac346c79286ce445dae37d3b5375297e3c405e8a
s390x	skopeo-tests-1.2.4-2.module_el8.7.0+3297+1eb250cf.s390x.rpm	74087fe49f4973fdc12e1faafcd02ace31f0a3ab8ac82532a1e6a61356ac75b4
s390x	containernetworking-plugins-0.9.1-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	82c508d1b321dfa6efa91ade939611c491f8322e8f92fbd99f78cff46884f470
s390x	python3-criu-3.15-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	87dde38ba78f68fdd77da58acf795e8d98af7f5484a54c0c740365da7e4bc41d
s390x	oci-seccomp-bpf-hook-1.2.0-3.module_el8.6.0+3136+bfcd65b6.s390x.rpm	940164b543561dbc18eca4cc4502c53f96a383316f1b6678348293c2cd8cc1fa
s390x	conmon-2.0.26-3.module_el8.7.0+3297+1eb250cf.s390x.rpm	961f0449be43da2d1e1003964a18f1388386572d105be4431409f8e68f531f7a
s390x	libslirp-devel-4.3.1-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	9653699b46e834b602a07ea751aff2d49bc69dce7bc06f82318e54eb42d853bc
s390x	containers-common-1.2.4-2.module_el8.7.0+3297+1eb250cf.s390x.rpm	a3f5e863cfd9e28d497f00a4469b9e05c0985d9396fe3e4831b2f78f8281c6d7
s390x	fuse-overlayfs-1.4.0-2.module_el8.6.0+3136+bfcd65b6.s390x.rpm	b930aeccc13c4b78962ea7bc0cfd87638080a179cbc4645729c7b6ada307bbc9
s390x	crit-3.15-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	c876a1c221aab01c6dc9125e187bdcfe13145571885c044b74831fedd267e5b6
s390x	slirp4netns-1.1.8-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	d4fd33ac6fc285e45742bebb77f7e0b8a21636f5da643d0a98ec9bb01e272b5c
s390x	podman-tests-3.0.1-13.module_el8.7.0+3297+1eb250cf.s390x.rpm	dc79ed10c49dd6385d2139fb0a16713a44519c8d787d058fb3b5d81aee5680d1
s390x	criu-3.15-1.module_el8.6.0+3136+bfcd65b6.s390x.rpm	dfbf95768f25dc5aca1595b9c7af598f19ede5e8c4f8bcc75727fd351a9dc788
s390x	buildah-1.19.9-6.module_el8.7.0+3297+1eb250cf.s390x.rpm	e3abe40e1546ac79557adac13ca0d169055342d7abe9054f6466886067da468c
s390x	podman-remote-3.0.1-13.module_el8.7.0+3297+1eb250cf.s390x.rpm	f16c5a77bcd27b5bd92062b20042b4c4beb2219ab6bf067b250af3c64bf2cd58
x86_64	podman-remote-3.0.1-13.module_el8.7.0+3297+1eb250cf.x86_64.rpm	02b4e422c311f976325669b3d7d6bdb8d9fbde8399ea62d77710ad3456f9ec51
x86_64	podman-plugins-3.0.1-13.module_el8.7.0+3297+1eb250cf.x86_64.rpm	08efa27adbf3e9b3513f2af080c9a08a0141ba842a3b7823468872b1214e6836
x86_64	criu-3.15-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	1ec8368433e7d6bbd4ec3ed6caa3182fd0ee197898f10436b5b47838bbbba77c
x86_64	skopeo-tests-1.2.4-2.module_el8.7.0+3297+1eb250cf.x86_64.rpm	20d21bf0b72855d9a4e0ae521f1c957e6829eddcdd83ac2bc1e84639e5ce72d2
x86_64	podman-catatonit-3.0.1-13.module_el8.7.0+3297+1eb250cf.x86_64.rpm	24d81925495e2b6af8bf0202c51d86041c2617692cdab4adad4cdec391e79bb5
x86_64	libslirp-devel-4.3.1-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	27c0497463caea3a884f35c234bebfa9913644f0836bdebdb5ddf36a8c8705d8
x86_64	containernetworking-plugins-0.9.1-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	27d5db39b7c8fd45330ee33d345f875c1f3fecdbcf0007d403aa6a6cbec13d49
x86_64	toolbox-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	2aaf41ed563f4b751398c56ea3e0d99ed511f33344a52d3dfc6317e6aca38c77
x86_64	fuse-overlayfs-1.4.0-2.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	2bf1066fd6e7def3e753896d866fa1c759ec367d78c8c880b9baf72d08cc69a1
x86_64	buildah-1.19.9-6.module_el8.7.0+3297+1eb250cf.x86_64.rpm	2e73d59ac67a5023e4809d43d4e6cfd164bd5ffe6f474605814fd50ea40ae18b
x86_64	containers-common-1.2.4-2.module_el8.7.0+3297+1eb250cf.x86_64.rpm	38b1681c557f868f25d87ed3bcde1bc0de37efd6405711521e067bff9a1ef658
x86_64	crit-3.15-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	3aaf5f27dcda843a3ec58617a3dae9c84280708e037614ac1c944f68b73a29fa
x86_64	skopeo-1.2.4-2.module_el8.7.0+3297+1eb250cf.x86_64.rpm	40e04acf37c85c0c00e13990a5801c153ba6e5159d1d9ec5d05fddd22312bf42
x86_64	buildah-tests-1.19.9-6.module_el8.7.0+3297+1eb250cf.x86_64.rpm	4bb141759c312b73ab715b2f39d3773d92fdd16a8835577f35ff36881584a2a9
x86_64	crun-0.18-3.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	4df8c9c6160d0d7f5b74ee0fe06c606bdb5f618f5122ad51cdfbcd59a932d65d
x86_64	conmon-2.0.26-3.module_el8.7.0+3297+1eb250cf.x86_64.rpm	4ff521d561ab3189eeec845235f70ac15705123d2e2b6d530b4858b894f36dc6
x86_64	runc-1.0.0-73.rc95.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	7dd3e3e89f6ee33094249b5622dc43c24732b092f86e1c98820ef132dcfb5c9e
x86_64	python3-criu-3.15-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	8d73f6e4d23b62c73efa11f8e61b1e5e9d99518aff894c426d644b2e0ffdee18
x86_64	libslirp-4.3.1-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	9e1495b5d6fb661fcea9e2d6b6a0e2098aa2341924c6d0f0790a7dd9ffded4f0
x86_64	podman-tests-3.0.1-13.module_el8.7.0+3297+1eb250cf.x86_64.rpm	a9e5eefe4e1913045c88bf3039bf33bead456344f9d667650eff5922860a7a68
x86_64	toolbox-tests-0.0.99.3-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	adc6183b70ce5ddc7fee73cec54f0f456ea9d5d46289f617ec24aa6c975a161e
x86_64	podman-3.0.1-13.module_el8.7.0+3297+1eb250cf.x86_64.rpm	ae2f320b6dfc702e818d72cc8133767ec077dcb2d51dc4a492f1e170c5197b9b
x86_64	slirp4netns-1.1.8-1.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	ae330e32cefa5765da6bb66e2805eb85c5042ea98056d9222309322d5f336160
x86_64	oci-seccomp-bpf-hook-1.2.0-3.module_el8.6.0+2876+9ed4eae2.x86_64.rpm	e9939c728def7a9bfb39543ab413fac3946fd348d0671bc5ec99f42ae3fed18d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.