RedHat: RHSA-2020-1360:01 Important: container-tools:1.0 security update

    Date 07 Apr 2020
    235
    Posted By LinuxSecurity Advisories
    An update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: container-tools:1.0 security update
    Advisory ID:       RHSA-2020:1360-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1360
    Issue date:        2020-04-07
    CVE Names:         CVE-2020-7039 
    =====================================================================
    
    1. Summary:
    
    An update for the container-tools:1.0 module is now available for Red Hat
    Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    The container-tools module contains tools for working with containers,
    notably podman, buildah, skopeo, and runc.
    
    Security Fix(es):
    
    * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
    (CVE-2020-7039)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1791551 - CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
    
    6. Package List:
    
    Red Hat Enterprise Linux AppStream (v. 8):
    
    Source:
    buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.src.rpm
    container-selinux-2.94-1.git1e99f1d.module+el8.1.0+3468+011f0ab0.src.rpm
    containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.src.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.src.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.src.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.src.rpm
    podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.src.rpm
    runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.src.rpm
    skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.src.rpm
    slirp4netns-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.src.rpm
    
    aarch64:
    buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.aarch64.rpm
    buildah-debuginfo-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.aarch64.rpm
    buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.aarch64.rpm
    containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.aarch64.rpm
    containernetworking-plugins-debuginfo-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.aarch64.rpm
    containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.aarch64.rpm
    containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.aarch64.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.aarch64.rpm
    podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.aarch64.rpm
    podman-debuginfo-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.aarch64.rpm
    podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.aarch64.rpm
    runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.aarch64.rpm
    runc-debuginfo-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.aarch64.rpm
    runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.aarch64.rpm
    skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.aarch64.rpm
    skopeo-debuginfo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.aarch64.rpm
    skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.aarch64.rpm
    slirp4netns-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.aarch64.rpm
    slirp4netns-debuginfo-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.aarch64.rpm
    slirp4netns-debugsource-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.aarch64.rpm
    
    noarch:
    container-selinux-2.94-1.git1e99f1d.module+el8.1.0+3468+011f0ab0.noarch.rpm
    podman-docker-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.noarch.rpm
    
    ppc64le:
    buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    buildah-debuginfo-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    containernetworking-plugins-debuginfo-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.ppc64le.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.ppc64le.rpm
    podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    podman-debuginfo-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    runc-debuginfo-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.ppc64le.rpm
    skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.ppc64le.rpm
    skopeo-debuginfo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.ppc64le.rpm
    skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.ppc64le.rpm
    slirp4netns-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.ppc64le.rpm
    slirp4netns-debuginfo-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.ppc64le.rpm
    slirp4netns-debugsource-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.ppc64le.rpm
    
    s390x:
    buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.s390x.rpm
    buildah-debuginfo-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.s390x.rpm
    buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.s390x.rpm
    containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.s390x.rpm
    containernetworking-plugins-debuginfo-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.s390x.rpm
    containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.s390x.rpm
    containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.s390x.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.s390x.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.s390x.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.s390x.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.s390x.rpm
    podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.s390x.rpm
    podman-debuginfo-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.s390x.rpm
    podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.s390x.rpm
    runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.s390x.rpm
    runc-debuginfo-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.s390x.rpm
    runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.s390x.rpm
    skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.s390x.rpm
    skopeo-debuginfo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.s390x.rpm
    skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.s390x.rpm
    slirp4netns-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.s390x.rpm
    slirp4netns-debuginfo-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.s390x.rpm
    slirp4netns-debugsource-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.s390x.rpm
    
    x86_64:
    buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.x86_64.rpm
    buildah-debuginfo-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.x86_64.rpm
    buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef.x86_64.rpm
    containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.x86_64.rpm
    containernetworking-plugins-debuginfo-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.x86_64.rpm
    containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef.x86_64.rpm
    containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.x86_64.rpm
    fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    fuse-overlayfs-debuginfo-0.3-5.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0.x86_64.rpm
    podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.x86_64.rpm
    podman-debuginfo-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.x86_64.rpm
    podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef.x86_64.rpm
    runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.x86_64.rpm
    runc-debuginfo-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.x86_64.rpm
    runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef.x86_64.rpm
    skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.x86_64.rpm
    skopeo-debuginfo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.x86_64.rpm
    skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c.x86_64.rpm
    slirp4netns-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.x86_64.rpm
    slirp4netns-debuginfo-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.x86_64.rpm
    slirp4netns-debugsource-0.1-4.dev.gitc4e1bc5.module+el8.1.0+5654+5237a55d.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-7039
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXoyKctzjgjWX9erEAQhmBhAAmotvHKiPMICDVVeZ4FmYDP6msJ/IRnNC
    bqUJhlrq0z/yEeRmmfLAB5mIuU11due9/pNWPoo/dOtm3yHBf6OL/O2fJc5IJeHt
    1OL2SCa4FW6tvUEBnQ5YrBpTFE5vADryvIxoi1SYbqnb2D/puVQgEA8NGPxN/885
    HZYza24wGfP859sZsvSWerL8lrqWhmjaSN2FsxPja1km3ztPDre6JdOqTd1LRBRG
    xPzNH4XJhVic1Qe2gP6QMjTlsmjA5V8TRBQUl36g743yvCiWxpDiSS1o0DfBmwex
    ptZlOAbPMDW2SIAW4lOSoIqd1VWEu8EEABjyuriUQQXmnAmeo58bVJrhiLgKS0h1
    3XxTUuGvslaqbi+jqYFKmRBm/UI+5B/zzXcv3jiwNV/XsYpCiyKyOjILqQSuUVeD
    iHVWn84MPZWmo50oSE7FFzMJPJSrhuL+L1Vvc74EpTYKJRLVo0TJ2O4KqPfUUnO6
    6EL3gIH2IHabesRIjtWOlhwSFDsSW33L9yUh3WxQHg+KqwtBLEcBw+UfMWUkKmdJ
    ZtgOZDF8YfiU9r7DK3tsuizVoCg0ZS1PSllSQFE5xZYM+Oh5fgouLr2kUSFEO2E6
    dLR4rNNeWrCakuj5YZ2V1f9F0Yiw7n8s4DeJlzLuwv1P68xQ9Cv2VaZDW6tv96jr
    PzxluEy+kO8=
    =tzHC
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.