Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat: RHSA-2020-1650-01 Moderate: Container-Tools:rhel8 Security Update

red hat
Calendar Grey April 28, 2020
Dist Redhat Esm H88
A new update for container-tools:rhel8 has been released, classified as moderate due to security vulnerabilities impacting RHEL 8.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921)
* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)
* podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat information leak bug fix DoS container-tools

References

https://access.redhat.com/security/cve/CVE-2019-19921 https://access.redhat.com/security/cve/CVE-2020-1702 https://access.redhat.com/security/cve/CVE-2020-1726 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d.src.rpm cockpit-podman-12-1.module+el8.2.0+5950+6d183a6a.src.rpm conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4.src.rpm container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4.src.rpm containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9.src.rpm criu-3.12-9.module+el8.2.0+5029+3ac48e7d.src.rpm fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d.src.rpm podman-1.6.4-10.module+el8.2.0+6063+e761893a.src.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9.src.rpm runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb.src.rpm skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb.src.rpm slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d.src.rpm toolbox-0.0.7-1.module+el8.2.0+6096+9c3f08f3.src.rpm udica-0.2.1-2.module+el8.2.0+4896+8f613c81.src.rpm
aarch64: buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d.aarch64.rpm buildah-debuginfo-1.11.6-7.module+el8.2.0+5856+b8046c6d.aarch64.rpm buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d.aarch64.rpm buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d.aarch64.rpm buildah-tests-debuginfo-1.11.6-7.module+el8.2.0+5856+b8046c6d.aarch64.rpm conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:1650-01
Product: Red Hat Enterprise Linux
Advisory URL:
Issue date: 2020-04-28

Topic

An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat information leak bug fix DoS container-tools

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1703245 - [RFE] Add button to run terminal within the container

1717357 - buildah images -f "dangling=true" is not working as expect

1731107 - support podman ps filter regular expressions

1732704 - udica should be able to update the generated policy based on AVC denial messages

1732713 - Run container from cockpit-podman with memory limit doesn't work

1748519 - avc: podman run --security-opt label=type:svirt_qemu_net_t

1749999 - podman bash completion error

1754744 - [8.2] Backport Podman's --env-host support to 8.1

1754763 - [8.2] Podman search shows limited numbers of images

1755119 - Read-only podman run errors when one of the volumes it by default mounts as tmpfs are also defined as VOLUME

1756919 - Podman inspect does not parse the keys of the returned JSON

1757693 - Rebase udica to 0.2.0

1757845 - You have to remove that container to be able to reuse that name.: that name is already in use (due to exec user process caused "no such file or directory")

1763454 - libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR

1766774 - podman-1.6.2-1 rootless: Error: slirp4netns failed

1768930 - backport json-file logging support to 1.4.2

1769469 - Selinux won't allow SCTP inter pod communication

1771990 - Varlink subcommand is missing for podman in rhel-8.2

1774755 - syslog getting spammed with `{Created,Removed} slice libcontainer_*`

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here