Oracle Linux Security Advisory ELSA-2023-12579

https://linux.oracle.com/errata/ELSA-2023-12579.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.x86_64.rpm
buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.x86_64.rpm
buildah-tests-1.29.1-2.module+el8.8.0+21056+d98a0860.x86_64.rpm
cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm
conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm
containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm
containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.x86_64.rpm
container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch.rpm
crit-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm
criu-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm
criu-devel-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm
criu-libs-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm
crun-1.8.4-2.module+el8.8.0+21056+d98a0860.x86_64.rpm
fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.x86_64.rpm
libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm
netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.x86_64.rpm
oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm
podman-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm
podman-catatonit-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm
podman-docker-4.4.1-12.module+el8.8.0+21056+d98a0860.noarch.rpm
podman-gvproxy-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm
podman-plugins-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm
podman-remote-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm
podman-tests-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm
python3-criu-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm
python3-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm
runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.x86_64.rpm
skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.x86_64.rpm
skopeo-tests-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.x86_64.rpm
slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.x86_64.rpm
udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.noarch.rpm

aarch64:
aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.aarch64.rpm
buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.aarch64.rpm
buildah-tests-1.29.1-2.module+el8.8.0+21056+d98a0860.aarch64.rpm
cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm
conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm
containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm
containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.aarch64.rpm
container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch.rpm
crit-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm
criu-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm
criu-devel-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm
criu-libs-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm
crun-1.8.4-2.module+el8.8.0+21056+d98a0860.aarch64.rpm
fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.aarch64.rpm
libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm
netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.aarch64.rpm
oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm
podman-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm
podman-catatonit-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm
podman-docker-4.4.1-12.module+el8.8.0+21056+d98a0860.noarch.rpm
podman-gvproxy-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm
podman-plugins-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm
podman-remote-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm
podman-tests-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm
python3-criu-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm
python3-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm
runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.aarch64.rpm
skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.aarch64.rpm
skopeo-tests-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.aarch64.rpm
slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.aarch64.rpm
udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.noarch.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//criu-3.15-3.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//crun-1.8.4-2.module+el8.8.0+21056+d98a0860.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//podman-4.4.1-12.module+el8.8.0+21056+d98a0860.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//python-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.src.rpm

Related CVEs:

CVE-2023-25809
CVE-2023-27561
CVE-2023-28642




Description of changes:

runc
[1:1.1.4-1.0.1]
- rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809
- rootfs: prohibit symlinks that conflicts with readonlyPaths
          and/or maskedPaths to prevent CVE-2023-27561
- Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2023-12579: aardvark-dns Important Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//criu-3.15-3.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//crun-1.8.4-2.module+el8.8.0+21056+d98a0860.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//podman-4.4.1-12.module+el8.8.0+21056+d98a0860.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//python-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.src.rpm

x86_64

aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.x86_64.rpm buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.x86_64.rpm buildah-tests-1.29.1-2.module+el8.8.0+21056+d98a0860.x86_64.rpm cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.x86_64.rpm container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch.rpm crit-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm criu-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm criu-devel-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm criu-libs-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm crun-1.8.4-2.module+el8.8.0+21056+d98a0860.x86_64.rpm fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.x86_64.rpm libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm libslirp-devel-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.x86_64.rpm oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm podman-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm podman-catatonit-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm podman-docker-4.4.1-12.module+el8.8.0+21056+d98a0860.noarch.rpm podman-gvproxy-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm podman-plugins-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm podman-remote-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm podman-tests-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm python3-criu-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm python3-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.x86_64.rpm skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.x86_64.rpm skopeo-tests-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.x86_64.rpm slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.x86_64.rpm udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.noarch.rpm

aarch64

aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.aarch64.rpm buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.aarch64.rpm buildah-tests-1.29.1-2.module+el8.8.0+21056+d98a0860.aarch64.rpm cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.aarch64.rpm container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch.rpm crit-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm criu-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm criu-devel-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm criu-libs-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm crun-1.8.4-2.module+el8.8.0+21056+d98a0860.aarch64.rpm fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.aarch64.rpm libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm libslirp-devel-4.4.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.aarch64.rpm oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm podman-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm podman-catatonit-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm podman-docker-4.4.1-12.module+el8.8.0+21056+d98a0860.noarch.rpm podman-gvproxy-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm podman-plugins-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm podman-remote-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm podman-tests-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm python3-criu-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm python3-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.aarch64.rpm skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.aarch64.rpm skopeo-tests-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.aarch64.rpm slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.aarch64.rpm udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.noarch.rpm

i386

Severity
Related CVEs: CVE-2023-25809 CVE-2023-27561 CVE-2023-28642

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved