Oracle Linux Security Advisory ELSA-2024-0121

https://linux.oracle.com/errata/ELSA-2024-0121.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aardvark-dns-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
buildah-1.24.6-7.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
buildah-tests-1.24.6-7.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
cockpit-podman-46-1.module+el8.9.0+90119+2f9ef15c.noarch.rpm
conmon-2.1.4-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
containernetworking-plugins-1.1.1-6.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
containers-common-1-38.0.1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
container-selinux-2.205.0-3.module+el8.9.0+90119+2f9ef15c.noarch.rpm
crit-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
criu-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
criu-devel-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
criu-libs-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
crun-1.8.7-1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
fuse-overlayfs-1.9-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
libslirp-4.4.0-1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
netavark-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
oci-seccomp-bpf-hook-1.2.5-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
podman-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
podman-catatonit-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
podman-docker-4.0.2-25.module+el8.9.0+90119+2f9ef15c.noarch.rpm
podman-gvproxy-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
podman-plugins-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
podman-remote-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
podman-tests-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
python3-criu-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
python3-podman-4.0.0-2.module+el8.9.0+90119+2f9ef15c.noarch.rpm
runc-1.1.5-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
skopeo-1.6.2-9.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
skopeo-tests-1.6.2-9.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
slirp4netns-1.1.8-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm
udica-0.2.6-4.module+el8.9.0+90119+2f9ef15c.noarch.rpm

aarch64:
aardvark-dns-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
buildah-1.24.6-7.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
buildah-tests-1.24.6-7.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
cockpit-podman-46-1.module+el8.9.0+90119+2f9ef15c.noarch.rpm
conmon-2.1.4-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
containernetworking-plugins-1.1.1-6.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
containers-common-1-38.0.1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
container-selinux-2.205.0-3.module+el8.9.0+90119+2f9ef15c.noarch.rpm
crit-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
criu-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
criu-devel-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
criu-libs-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
crun-1.8.7-1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
fuse-overlayfs-1.9-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
libslirp-4.4.0-1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
netavark-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
oci-seccomp-bpf-hook-1.2.5-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
podman-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
podman-catatonit-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
podman-docker-4.0.2-25.module+el8.9.0+90119+2f9ef15c.noarch.rpm
podman-gvproxy-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
podman-plugins-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
podman-remote-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
podman-tests-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
python3-criu-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
python3-podman-4.0.0-2.module+el8.9.0+90119+2f9ef15c.noarch.rpm
runc-1.1.5-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
skopeo-1.6.2-9.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
skopeo-tests-1.6.2-9.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
slirp4netns-1.1.8-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm
udica-0.2.6-4.module+el8.9.0+90119+2f9ef15c.noarch.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//buildah-1.24.6-7.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//cockpit-podman-46-1.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//conmon-2.1.4-2.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//containernetworking-plugins-1.1.1-6.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//containers-common-1-38.0.1.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//container-selinux-2.205.0-3.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//criu-3.15-3.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//crun-1.8.7-1.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//fuse-overlayfs-1.9-2.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//libslirp-4.4.0-1.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.5-2.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//podman-4.0.2-25.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//python-podman-4.0.0-2.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//runc-1.1.5-2.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//skopeo-1.6.2-9.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//slirp4netns-1.1.8-3.module+el8.9.0+90119+2f9ef15c.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//udica-0.2.6-4.module+el8.9.0+90119+2f9ef15c.src.rpm

Related CVEs:

CVE-2022-2879
CVE-2022-2880
CVE-2022-27664
CVE-2022-41715
CVE-2023-29409
CVE-2023-39318
CVE-2023-39319
CVE-2023-39321
CVE-2023-39322




Description of changes:

buildah
[1:1.24.6-7]
- rebuild for CVE-2023-29406
- Related: #2176055

cockpit-podman
[46-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46
- Related: #2061390

conmon
[2:2.1.4-2]
- update to https://github.com/containers/conmon/releases/tag/v2.1.4
- Related: #2176055

containernetworking-plugins
[1:1.1.1-6]
- Rebuild with golang 1.20.6 or higher
- Related: Jira:RHEL-4507
- Related: Jira:RHEL-7442

containers-common
[1-38.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)

container-selinux
[2:2.205.0-3]
- fix build for stable module
- Related: #2176055

criu
[3.15-3]
- add Requires: criu-libs = %{version}-%{release} in criu-devel
- add gating tests
- Related: #1934415

crun
fuse-overlayfs
[1.9-2]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.9
- Related: #2176055

libslirp
oci-seccomp-bpf-hook
[1.2.5-2]
- fix compatibility with the new bcc
- Related: #2176055

podman
[2:4.0.2-25]
- rebuild with golang 1.20.6+ for CVE-2023-39321 CVE-2023-29409
- Related: Jira:RHEL-4508
- Related: Jira:RHEL-7443

python-podman
[4.0.0-2]
- bump to v4.0.0
- Related: #2176055

runc
[1:1.1.5-2]
- rebuild for following CVEs: CVE-2022-41724
- Resolves: #2179971

skopeo
[2:1.6.2-9]
- rebuild because of CVE-2023-29406
- Resolves: #2236831

slirp4netns
[1.1.8-3]
- fix gating - don't use insecure functions - thanks to Marc-André Lureau
- Related: #2176055

udica
[0.2.6-4]
- sync with stream-container-tools-4.0-rhel-8.8.0
- Related: #2176055


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-0121: container-tools:4.0 Moderate Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

buildah [1:1.24.6-7] - rebuild for CVE-2023-29406 - Related: #2176055 cockpit-podman [46-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: #2061390 conmon [2:2.1.4-2] - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: #2176055 containernetworking-plugins [1:1.1.1-6] - Rebuild with golang 1.20.6 or higher - Related: Jira:RHEL-4507 - Related: Jira:RHEL-7442 containers-common [1-38.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) container-selinux [2:2.205.0-3] - fix build for stable module - Related: #2176055 criu [3.15-3] - add Requires: criu-libs = %{version}-%{release} in criu-devel - add gating tests - Related: #1934415 crun fuse-overlayfs [1.9-2] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.9 - Related: #2176055 libslirp oci-seccomp-bpf-hook [1.2.5-2] - fix compatibility with the new bcc - Related: #2176055 podman [2:4.0.2-25] - rebuild with golang 1.20.6+ for CVE-2023-39321 CVE-2023-29409 - Related: Jira:RHEL-4508 - Related: Jira:RHEL-7443 python-podman [4.0.0-2] - bump to v4.0.0 - Related: #2176055 runc [1:1.1.5-2] - rebuild for following CVEs: CVE-2022-41724 - Resolves: #2179971 skopeo [2:1.6.2-9] - rebuild because of CVE-2023-29406 - Resolves: #2236831 slirp4netns [1.1.8-3] - fix gating - don't use insecure functions - thanks to Marc-André Lureau - Related: #2176055 udica [0.2.6-4] - sync with stream-container-tools-4.0-rhel-8.8.0 - Related: #2176055

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//buildah-1.24.6-7.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//cockpit-podman-46-1.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//conmon-2.1.4-2.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//containernetworking-plugins-1.1.1-6.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//containers-common-1-38.0.1.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//container-selinux-2.205.0-3.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//criu-3.15-3.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//crun-1.8.7-1.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//fuse-overlayfs-1.9-2.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//libslirp-4.4.0-1.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.5-2.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//podman-4.0.2-25.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//python-podman-4.0.0-2.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//runc-1.1.5-2.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//skopeo-1.6.2-9.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//slirp4netns-1.1.8-3.module+el8.9.0+90119+2f9ef15c.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//udica-0.2.6-4.module+el8.9.0+90119+2f9ef15c.src.rpm

x86_64

aardvark-dns-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm buildah-1.24.6-7.module+el8.9.0+90119+2f9ef15c.x86_64.rpm buildah-tests-1.24.6-7.module+el8.9.0+90119+2f9ef15c.x86_64.rpm cockpit-podman-46-1.module+el8.9.0+90119+2f9ef15c.noarch.rpm conmon-2.1.4-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm containernetworking-plugins-1.1.1-6.module+el8.9.0+90119+2f9ef15c.x86_64.rpm containers-common-1-38.0.1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm container-selinux-2.205.0-3.module+el8.9.0+90119+2f9ef15c.noarch.rpm crit-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm criu-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm criu-devel-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm criu-libs-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm crun-1.8.7-1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm fuse-overlayfs-1.9-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm libslirp-4.4.0-1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm libslirp-devel-4.4.0-1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm netavark-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.x86_64.rpm oci-seccomp-bpf-hook-1.2.5-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm podman-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm podman-catatonit-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm podman-docker-4.0.2-25.module+el8.9.0+90119+2f9ef15c.noarch.rpm podman-gvproxy-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm podman-plugins-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm podman-remote-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm podman-tests-4.0.2-25.module+el8.9.0+90119+2f9ef15c.x86_64.rpm python3-criu-3.15-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm python3-podman-4.0.0-2.module+el8.9.0+90119+2f9ef15c.noarch.rpm runc-1.1.5-2.module+el8.9.0+90119+2f9ef15c.x86_64.rpm skopeo-1.6.2-9.module+el8.9.0+90119+2f9ef15c.x86_64.rpm skopeo-tests-1.6.2-9.module+el8.9.0+90119+2f9ef15c.x86_64.rpm slirp4netns-1.1.8-3.module+el8.9.0+90119+2f9ef15c.x86_64.rpm udica-0.2.6-4.module+el8.9.0+90119+2f9ef15c.noarch.rpm

aarch64

aardvark-dns-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm buildah-1.24.6-7.module+el8.9.0+90119+2f9ef15c.aarch64.rpm buildah-tests-1.24.6-7.module+el8.9.0+90119+2f9ef15c.aarch64.rpm cockpit-podman-46-1.module+el8.9.0+90119+2f9ef15c.noarch.rpm conmon-2.1.4-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm containernetworking-plugins-1.1.1-6.module+el8.9.0+90119+2f9ef15c.aarch64.rpm containers-common-1-38.0.1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm container-selinux-2.205.0-3.module+el8.9.0+90119+2f9ef15c.noarch.rpm crit-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm criu-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm criu-devel-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm criu-libs-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm crun-1.8.7-1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm fuse-overlayfs-1.9-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm libslirp-4.4.0-1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm libslirp-devel-4.4.0-1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm netavark-1.0.1-38.0.1.module+el8.9.0+90119+2f9ef15c.aarch64.rpm oci-seccomp-bpf-hook-1.2.5-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm podman-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm podman-catatonit-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm podman-docker-4.0.2-25.module+el8.9.0+90119+2f9ef15c.noarch.rpm podman-gvproxy-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm podman-plugins-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm podman-remote-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm podman-tests-4.0.2-25.module+el8.9.0+90119+2f9ef15c.aarch64.rpm python3-criu-3.15-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm python3-podman-4.0.0-2.module+el8.9.0+90119+2f9ef15c.noarch.rpm runc-1.1.5-2.module+el8.9.0+90119+2f9ef15c.aarch64.rpm skopeo-1.6.2-9.module+el8.9.0+90119+2f9ef15c.aarch64.rpm skopeo-tests-1.6.2-9.module+el8.9.0+90119+2f9ef15c.aarch64.rpm slirp4netns-1.1.8-3.module+el8.9.0+90119+2f9ef15c.aarch64.rpm udica-0.2.6-4.module+el8.9.0+90119+2f9ef15c.noarch.rpm

i386

Severity
Related CVEs: CVE-2022-2879 CVE-2022-2880 CVE-2022-27664 CVE-2022-41715 CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo