Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

RedHat: RHSA-2020-4694 Moderate: container-tools:rhel8 MitM Vulnerability

red hat
Calendar Grey November 4, 2020
Dist Redhat Esm H88
The Red Hat advisory on container-tools:rhel8 highlights moderate security vulnerabilities needing attention. Users should review the provided documentation for necessary fixes and updates.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
* QEMU: slirp: networking out-of-bounds read information disclosure vulnerability (CVE-2020-10756)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory bug fix Red Hat Enterprise Linux networking Moderate container-tools MitM attack

References

https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10756 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.src.rpm cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f.src.rpm conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.src.rpm container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f.src.rpm containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.src.rpm criu-3.14-2.module+el8.3.0+8221+97165c3f.src.rpm crun-0.14.1-2.module+el8.3.0+8221+97165c3f.src.rpm fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.src.rpm libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.src.rpm oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.src.rpm podman-2.0.5-5.module+el8.3.0+8221+97165c3f.src.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f.src.rpm runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.src.rpm skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.src.rpm slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.src.rpm toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f.src.rpm udica-0.2.2-1.module+el8.3.0+8221+97165c3f.src.rpm
aarch64: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:4694-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4694
Issue date: 2020-11-03

Topic

An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix Red Hat Enterprise Linux networking Moderate container-tools MitM attack

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1682970 - [RFE] Default location of setting up HTTP_Proxy for podman

1752079 - podman docker command fails at COPY - overwriting existing file

1785242 - container-tools: Provides: docker gone from podman-docker subpackage

1800815 - "podman login" writes auth.json in a location "skopeo copy" does not expect

1801874 - Podman segmentation error when a Dockerfile specifies an image by its digest

1804193 - Podman support for FIPS Mode requires a bind mount inside the container [container-tools-rhel8-rhel-8.3.0/podman]

1804195 - Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.2.0/podman]

1813845 - [RFE] HTTP/REST API for podman

1814928 - "podman exec -it" will hang with leading keyboard input

1818694 - Golang panic when pushing image to a scaled image-registry

1821193 - Update container-tools 8.3.0 components to stable releases

1822038 - buildah is not expanding env vars in file paths [stream-container-tools-rhel8-rhel-8.3.0/buildah]

1825789 - Crash on filtering anonymous images

1827794 - Podman search does not have pagination support

1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters1835986 - CVE-2020-10756 QEMU: slirp: networking out-of-bounds read information disclosure vulnerability

1837755 - --init feature useless out of the box

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here