-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:3053-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3053
Issue date:        2020-07-21
CVE Names:         CVE-2020-1983 
====================================================================
1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

* QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
(CVE-2020-1983)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1703261 - podman containers unable to communicate via IP to one container when use port forward on host
1782408 - [RFE] podman exec support for --env-file
1784950 - Podman support for FIPS Mode requires a bind mount inside the container
1785480 - podman reuses wrong cached image
1806044 - 'yum -y install buildah fuse-overlayfs --exclude container-selinux' throws error
1807379 - podman exec does not reads from stdin
1808483 - Workdir doesn't have correct ownership with podman build
1809648 - Pushing container image built with rootless podman fails with: "file integrity checksum failed"
1810874 - "podman container prune" cannot prune zombie container.
1811779 - RFE: skopeo sync command
1815170 - podman-docker seems packed with wrong path of podman manual.
1815991 - can't update named volume path
1822037 - buildah is not expanding env vars in file paths [stream-container-tools-rhel8-rhel-8.2.1/buildah]
1826486 - specfile: need to include and ship containers.conf
1829061 - Signature verification incorrectly uses mirror’s references
1829825 - CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
1833390 - Podman does not respect configuration in "/etc/containers/registries.conf.d"
1836440 - Signature verification incorrectly uses mirror’s references
1838991 - Need to fix bugs found by coverity.
1839065 - Privileged containers should be unconfined_t

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.src.rpm
cockpit-podman-17-1.module+el8.2.1+6636+bf4db4ab.src.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.src.rpm
container-selinux-2.135.0-1.module+el8.2.1+6849+893e4f4a.src.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.src.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.src.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.src.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.src.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.src.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.1+6465+1a51e8b6.src.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.src.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.src.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.src.rpm
toolbox-0.0.7-1.module+el8.2.1+6465+1a51e8b6.src.rpm
udica-0.2.1-2.module+el8.2.1+6465+1a51e8b6.src.rpm

aarch64:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.aarch64.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm

noarch:
cockpit-podman-17-1.module+el8.2.1+6636+bf4db4ab.noarch.rpm
container-selinux-2.135.0-1.module+el8.2.1+6849+893e4f4a.noarch.rpm
podman-docker-1.9.3-2.module+el8.2.1+6867+366c07d6.noarch.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.1+6465+1a51e8b6.noarch.rpm
toolbox-0.0.7-1.module+el8.2.1+6465+1a51e8b6.noarch.rpm
udica-0.2.1-2.module+el8.2.1+6465+1a51e8b6.noarch.rpm

ppc64le:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.ppc64le.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm

s390x:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.s390x.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm

x86_64:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.x86_64.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-1983
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXxcLUdzjgjWX9erEAQhumg//e0mjaPnL4i8YaLQ90CIs3XO9WzMds5/K
moWIDjeZ5ni2QoSgUf+rXikr1O1qAEnZnmQ9ZKhmVe+EKBWp5K4ewlIanpaSqSpF
susTGjSO4vxwgWu1wD9emNSguquT6bzuKjlxIxUqhSX+4JBKnY1UQCV+5ekQwCPr
hGwDAFzpkJsArKY7Iev00j12D2ZPo7aBO13VHudn2PMMcdDfN/aTznfCrvNj7RLO
mBUWdrvhyaokPki2scJE8J4FNC3t/az5FkamOIsJzINNWNnnZ+QZmIs12ibRiRcg
judVJsGJPG4BImUUZ23pGt4SqSqYJACgp+C+rCa9h+aCpmPugVdkW6uZtwaiE3Xx
7Hc4rAx9aLEVyAF03brJGzUWQacAD/7l1HTUSV5K8W+4KAsLm6uiHf1gi/Kp68Zo
gTXAUBm/s/isoYlnpUx8WzoHLKn7500SwSkcLn/047FT97GUP/hFtnWbNAi1wrtW
3nCBnhqvt8nj0/TwcYld2Z72i+jFCweDJnibVk00lgWwOpqcR53w622JCegIkSjC
G9plRmgGfnPvPTVNz/9PfdzFscybz+Zf8ODU9vozoP4Exn1achLMlh5qP8KrDmkk
BUYrrDr2jnPr2pD5gLpqoeDAWvoVHhzWkGhI9hOlkrKB/yyj/KtyQLN90LjIHYXS
aJyM8UecZZA=MJGX
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-3053:01 Moderate: container-tools:rhel8 security, bug fix,

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.

Summary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-1983 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: buildah-1.14.9-1.module+el8.2.1+6689+748e6520.src.rpm cockpit-podman-17-1.module+el8.2.1+6636+bf4db4ab.src.rpm conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.src.rpm container-selinux-2.135.0-1.module+el8.2.1+6849+893e4f4a.src.rpm containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.src.rpm criu-3.14-2.module+el8.2.1+6750+e53a300c.src.rpm fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.src.rpm libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.src.rpm podman-1.9.3-2.module+el8.2.1+6867+366c07d6.src.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.1+6465+1a51e8b6.src.rpm runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.src.rpm skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.src.rpm slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.src.rpm toolbox-0.0.7-1.module+el8.2.1+6465+1a51e8b6.src.rpm udica-0.2.1-2.module+el8.2.1+6465+1a51e8b6.src.rpm
aarch64: buildah-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.aarch64.rpm containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm crit-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm criu-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm podman-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm
noarch: cockpit-podman-17-1.module+el8.2.1+6636+bf4db4ab.noarch.rpm container-selinux-2.135.0-1.module+el8.2.1+6849+893e4f4a.noarch.rpm podman-docker-1.9.3-2.module+el8.2.1+6867+366c07d6.noarch.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.1+6465+1a51e8b6.noarch.rpm toolbox-0.0.7-1.module+el8.2.1+6465+1a51e8b6.noarch.rpm udica-0.2.1-2.module+el8.2.1+6465+1a51e8b6.noarch.rpm
ppc64le: buildah-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.ppc64le.rpm containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm crit-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm criu-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm podman-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm
s390x: buildah-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.s390x.rpm containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm crit-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm criu-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm podman-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm
x86_64: buildah-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.x86_64.rpm containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm crit-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm criu-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm podman-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2020:3053-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2020:3053

Issued Date: : 2020-07-21

CVE Names: CVE-2020-1983

Topic

An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1703261 - podman containers unable to communicate via IP to one container when use port forward on host

1782408 - [RFE] podman exec support for --env-file

1784950 - Podman support for FIPS Mode requires a bind mount inside the container

1785480 - podman reuses wrong cached image

1806044 - 'yum -y install buildah fuse-overlayfs --exclude container-selinux' throws error

1807379 - podman exec does not reads from stdin

1808483 - Workdir doesn't have correct ownership with podman build

1809648 - Pushing container image built with rootless podman fails with: "file integrity checksum failed"

1810874 - "podman container prune" cannot prune zombie container.

1811779 - RFE: skopeo sync command

1815170 - podman-docker seems packed with wrong path of podman manual.

1815991 - can't update named volume path

1822037 - buildah is not expanding env vars in file paths [stream-container-tools-rhel8-rhel-8.2.1/buildah]

1826486 - specfile: need to include and ship containers.conf

1829061 - Signature verification incorrectly uses mirror’s references

1829825 - CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c

1833390 - Podman does not respect configuration in "/etc/containers/registries.conf.d"

1836440 - Signature verification incorrectly uses mirror’s references

1838991 - Need to fix bugs found by coverity.

1839065 - Privileged containers should be unconfined_t

RedHat: RHSA-2020-3053:01 Moderate: container-tools:rhel8 security, bug fix,

Summary

Summary

Solution

References

Package List

Topic

Topic

Relevant Releases Architectures

Bugs Fixed

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By