RedHat: RHSA-2019-3494:01 Important: container-tools:1.0 security and bug

    Date05 Nov 2019
    CategoryRed Hat
    54
    Posted ByLinuxSecurity Advisories
    An update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: container-tools:1.0 security and bug fix update
    Advisory ID:       RHSA-2019:3494-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3494
    Issue date:        2019-11-05
    CVE Names:         CVE-2019-10214 CVE-2019-14378 
    =====================================================================
    
    1. Summary:
    
    An update for the container-tools:1.0 module is now available for Red Hat
    Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    The container-tools module contains tools for working with containers,
    notably podman, buildah, skopeo, and runc.
    
    Security Fix(es):
    
    * QEMU: slirp: heap buffer overflow during packet reassembly
    (CVE-2019-14378)
    
    * containers/image: not enforcing TLS when sending username+password
    credentials to token servers leading to credential disclosure
    (CVE-2019-10214)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Additional Changes:
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1700877 - [stream 1.0] need to revert fuse-overlayfs commit to sync with rhel8 stream
    1732508 - CVE-2019-10214 containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure
    1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly
    
    6. Package List:
    
    Red Hat Enterprise Linux AppStream (v. 8):
    
    Source:
    buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.src.rpm
    container-selinux-2.94-1.git1e99f1d.module+el8.1.0+3468+011f0ab0.src.rpm
    containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.src.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.src.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.src.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.src.rpm
    podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.src.rpm
    runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.src.rpm
    skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.src.rpm
    slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.src.rpm
    
    aarch64:
    buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.aarch64.rpm
    buildah-debuginfo-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.aarch64.rpm
    buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.aarch64.rpm
    containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    containernetworking-plugins-debuginfo-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.aarch64.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.aarch64.rpm
    podman-debuginfo-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.aarch64.rpm
    podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.aarch64.rpm
    runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    runc-debuginfo-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.aarch64.rpm
    skopeo-debuginfo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.aarch64.rpm
    skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.aarch64.rpm
    slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.aarch64.rpm
    slirp4netns-debuginfo-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.aarch64.rpm
    slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.aarch64.rpm
    
    noarch:
    container-selinux-2.94-1.git1e99f1d.module+el8.1.0+3468+011f0ab0.noarch.rpm
    podman-docker-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.noarch.rpm
    
    ppc64le:
    buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.ppc64le.rpm
    buildah-debuginfo-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.ppc64le.rpm
    buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.ppc64le.rpm
    containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    containernetworking-plugins-debuginfo-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.ppc64le.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.ppc64le.rpm
    podman-debuginfo-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.ppc64le.rpm
    podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.ppc64le.rpm
    runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    runc-debuginfo-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.ppc64le.rpm
    skopeo-debuginfo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.ppc64le.rpm
    skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.ppc64le.rpm
    slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.ppc64le.rpm
    slirp4netns-debuginfo-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.ppc64le.rpm
    slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.ppc64le.rpm
    
    s390x:
    buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.s390x.rpm
    buildah-debuginfo-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.s390x.rpm
    buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.s390x.rpm
    containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.s390x.rpm
    containernetworking-plugins-debuginfo-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.s390x.rpm
    containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.s390x.rpm
    containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.s390x.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.s390x.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.s390x.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.s390x.rpm
    podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.s390x.rpm
    podman-debuginfo-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.s390x.rpm
    podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.s390x.rpm
    runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.s390x.rpm
    runc-debuginfo-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.s390x.rpm
    runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.s390x.rpm
    skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.s390x.rpm
    skopeo-debuginfo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.s390x.rpm
    skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.s390x.rpm
    slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.s390x.rpm
    slirp4netns-debuginfo-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.s390x.rpm
    slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.s390x.rpm
    
    x86_64:
    buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.x86_64.rpm
    buildah-debuginfo-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.x86_64.rpm
    buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183.x86_64.rpm
    containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    containernetworking-plugins-debuginfo-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.x86_64.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.x86_64.rpm
    podman-debuginfo-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.x86_64.rpm
    podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183.x86_64.rpm
    runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    runc-debuginfo-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.x86_64.rpm
    skopeo-debuginfo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.x86_64.rpm
    skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183.x86_64.rpm
    slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.x86_64.rpm
    slirp4netns-debuginfo-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.x86_64.rpm
    slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-10214
    https://access.redhat.com/security/cve/CVE-2019-14378
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXcHppNzjgjWX9erEAQhpvw/+LhqiD235Fg0YqykM76nwHHQ6evjgd0ri
    Lg4lowlbBskSTqQHzFrOW/6vslUCL1fVKNSbV/c+vcAjGfhZTWDreQ9usl/2epkr
    brg8frOCFAUCFAwcniZ3KzvDLG50x2ptqGgMR1B5lYg+dXOaSh130jfTKoSvaPVY
    kZeXhu0Jso5yHrIguu/weiIA2R9YJZ652+79IVFPYbywIbZVIPDXBha6+Jv9ij8M
    beUWxQMcIyzhBNX6w3oJ8gjyUKQVM3D6AgOyw4jzEuuPNpHwJ/KEo/mVGgBdAbSL
    bnkVIgCHVBTU1AZNf5UgxLZcDmNaLCiv6UJze9C+EqjTHHkN0AseDaeaGNOIVbTL
    szb19/PdG/+vPEpNFiKCDEztJklivY55QHcg8B6CFGdCbef+jrdFNbAHcVOLOmMV
    Ds5CK6GK5FbzDaVa7OraZNRnyzZMRNnzKdbpLQ9NxS3QzJR7dblTKGpOBn8fd4/Z
    d+PWSCKSWQ+W2NN3QpPx6j+F0NmrNTFl5MsvbYJhSmTVy4In/ReEXbW23ynA/s89
    WK8A4l09+XM+6wWvK7wMlRM/MdbKvWwPEr88x0/8GJOeho+mbzfF+CcYvaNgzPpk
    z8tsdXM5L3AZM2cglmxiyHEanViRZxpZXEP0AdtprFdIeWD2J2HEqI6F/1YtaGAb
    IGp6vJP9DEI=
    =3OtR
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.