[ALSA-2022:7822] Low: container-tools:rhel8 security, bug fix, and enhancement update
Type:
security
Severity:
low
Release date:
2022-11-15
Description:
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * podman: possible information disclosure and modification (CVE-2022-2989) * buildah: possible information disclosure and modification (CVE-2022-2990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644) * (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645) * podman kill may deadlock (BZ#2125647) * Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [AlmaLinux 8.7] (BZ#2125648) * containers-common-1-44 is missing RPM-GPG-KEY-AlmaLinux-beta [AlmaLinux 8.7] (BZ#2125686) * ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0] (BZ#2129767) * Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark) (BZ#2130234) * containers config.json gets empty after sudden power loss (BZ#2130236) * PANIC podman API service endpoint handler panic (BZ#2132412) * Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390) * Skopeo push image to AlmaLinux quay with sigstore was failed (BZ#2136406) * Podman push image to AlmaLinux quay with sigstore was failed (BZ#2136433) * Buildah push image to AlmaLinux quay with sigstore was failed (BZ#2136438) * Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) (BZ#2137295) Enhancement(s): * [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911) * [RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360) * Podman volume plugin timeout should be configurable (BZ#2132992)
References:
Updated packages:
  • udica-0.2.6-3.module_el8.7.0+3344+484dae7b.noarch.rpm
  • cockpit-podman-53-1.module_el8.7.0+3344+484dae7b.noarch.rpm
  • container-selinux-2.189.0-1.module_el8.7.0+3344+5bcd850f.noarch.rpm
  • python3-podman-4.2.1-1.module_el8.7.0+3344+484dae7b.noarch.rpm
  • aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • slirp4netns-1.2.0-2.module_el8.6.0+3070+1510fbd1.aarch64.rpm
  • criu-libs-3.15-3.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • buildah-1.27.2-2.module_el8.7.0+3348+f3135399.aarch64.rpm
  • podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • toolbox-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.aarch64.rpm
  • skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm
  • container-selinux-2.189.0-1.module_el8.7.0+3407+95aa0ca9.noarch.rpm
  • containers-common-1-43.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • crit-3.15-3.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • podman-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • python3-criu-3.15-3.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.aarch64.rpm
  • runc-1.1.4-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • podman-docker-4.2.0-4.module_el8.7.0+3344+484dae7b.noarch.rpm
  • crun-1.5-1.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm
  • toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.aarch64.rpm
  • buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.aarch64.rpm
  • fuse-overlayfs-1.9-1.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
  • criu-devel-3.15-3.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • criu-3.15-3.module_el8.7.0+3407+95aa0ca9.aarch64.rpm
  • oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.aarch64.rpm
  • criu-libs-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
  • fuse-overlayfs-1.9-1.module_el8.6.0+3070+1510fbd1.x86_64.rpm
  • skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm
  • containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.x86_64.rpm
  • aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • toolbox-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.x86_64.rpm
  • containers-common-1-43.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • crit-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
  • slirp4netns-1.2.0-2.module_el8.6.0+3070+1510fbd1.x86_64.rpm
  • criu-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
  • skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.x86_64.rpm
  • podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • crun-1.5-1.module_el8.6.0+3336+00d107d5.x86_64.rpm
  • conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • runc-1.1.4-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • criu-devel-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
  • buildah-1.27.2-2.module_el8.7.0+3348+f3135399.x86_64.rpm
  • buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.x86_64.rpm
  • podman-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.x86_64.rpm
  • libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm
  • python3-criu-3.15-3.module_el8.6.0+2751+06427ca3.x86_64.rpm
  • podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
  • skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.s390x.rpm
  • containers-common-1-43.module_el8.7.0+3344+484dae7b.s390x.rpm
  • podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
  • netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.s390x.rpm
  • buildah-1.27.2-2.module_el8.7.0+3348+f3135399.s390x.rpm
  • criu-libs-3.15-3.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • runc-1.1.4-1.module_el8.7.0+3344+484dae7b.s390x.rpm
  • crun-1.5-1.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.s390x.rpm
  • toolbox-0.0.99.3-0.6.module_el8.6.0+3128+1510fbd1.s390x.rpm
  • crit-3.15-3.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
  • podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
  • toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3128+1510fbd1.s390x.rpm
  • podman-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
  • aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.s390x.rpm
  • criu-devel-3.15-3.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
  • slirp4netns-1.2.0-2.module_el8.6.0+3128+1510fbd1.s390x.rpm
  • podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
  • python3-criu-3.15-3.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • fuse-overlayfs-1.9-1.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • libslirp-4.4.0-1.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • criu-3.15-3.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • containernetworking-plugins-1.1.1-3.module_el8.6.0+3128+1510fbd1.s390x.rpm
  • conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.s390x.rpm
  • libslirp-devel-4.4.0-1.module_el8.7.0+3407+95aa0ca9.s390x.rpm
  • skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.s390x.rpm
  • oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.s390x.rpm
  • fuse-overlayfs-1.9-1.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
  • netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
  • criu-3.15-3.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.ppc64le.rpm
  • toolbox-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
  • python3-criu-3.15-3.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
  • crun-1.5-1.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • slirp4netns-1.2.0-2.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
  • podman-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • buildah-1.27.2-2.module_el8.7.0+3348+f3135399.ppc64le.rpm
  • crit-3.15-3.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • criu-devel-3.15-3.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • criu-libs-3.15-3.module_el8.7.0+3407+95aa0ca9.ppc64le.rpm
  • runc-1.1.4-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • containers-common-1-43.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
  • podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
  • buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.ppc64le.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.