Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat: RHSA-2019-3403-01 Important: Security Updates for Container-Tools

red hat
Calendar Grey November 5, 2019
Dist Redhat Esm H88
New release for container-tools:rhel8 in Red Hat Enterprise Linux 8 designated as important, addressing various security vulnerabilities.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Imp...

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)
* containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory Red Hat buffer overflow important module container-tools credential disclosure

References

https://access.redhat.com/security/cve/CVE-2019-10214 https://access.redhat.com/security/cve/CVE-2019-14378 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8.src.rpm cockpit-podman-4-1.module+el8.1.0+4081+b29780af.src.rpm container-selinux-2.107-2.module+el8.1.0+4081+b29780af.src.rpm containernetworking-plugins-0.8.1-2.module+el8.1.0+4081+b29780af.src.rpm fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af.src.rpm oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.src.rpm oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.src.rpm podman-1.4.2-5.module+el8.1.0+4240+893c1ab8.src.rpm python-podman-api-1.2.0-0.1.gitd0a45fe.module+el8.1.0+4081+b29780af.src.rpm runc-1.0.0-60.rc8.module+el8.1.0+4081+b29780af.src.rpm skopeo-0.1.37-5.module+el8.1.0+4240+893c1ab8.src.rpm slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805.src.rpm toolbox-0.0.4-1.module+el8.1.0+4081+b29780af.src.rpm
aarch64: buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8.aarch64.rpm buildah-debuginfo-1.9.0-5.module+el8.1.0+4240+893c1ab8.aarch64.rpm buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8.aarch64.rpm buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8.aarch64.rpm buildah-tests-debuginfo-1.9.0-5.module+el8.1.0+4240+893c1ab8.aarch64.rpm containernetworking-plugins-0.8.1-2.module+el8.1.0+4081+b29780af.aarch64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:3403-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3403
Issue date: 2019-11-05

Topic

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat buffer overflow important module container-tools credential disclosure

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1655211 - podman exec seems to assume console even if -ti is not used

1661597 - Under podman, python recompiles sources even if they are compiled in build time

1671023 - timeout not working with podman pull on rhel8 beta

1672581 - podman does not respect -q option while pulling an image

1674519 - Not able to create volumes using Dockerfile using podman

1677251 - AVC while running php container [x86_64 only]

1677264 - There is no certs.d directory for podman currently

1689255 - don't allow a container to connect to random services

1690514 - rootless unable to access subscription: non-root podman should read /usr/share/containers/mounts.conf

1691543 - rootless unable to access subscription: bad permissions on /usr/share/rhel/secrets

1692513 - unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed

1693154 - Varlink subcommand is missing for podman in rhel-8.0

1693424 - rootless: cannot specify gid= mount options for unmapped gid in rootless containers

1707220 - Add event notifications (blocking cockpit-podman)

1719626 - podman exec rc-code needs to distinguish between stopped containers and non existing ones

1719994 - [8.1.0] Registries.conf not configured to search registry.access.redhat.com

1720646 - python-podman-api needs python-psutil at runtime

1720654 - rebase packages

1721247 - [rhel-8.1.0] build without the `no_openssl` buildtag

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here