-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4694-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4694
Issue date:        2020-11-03
CVE Names:         CVE-2020-10749 CVE-2020-10756 CVE-2020-14040 
====================================================================
1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)

* QEMU: slirp: networking out-of-bounds read information disclosure
vulnerability (CVE-2020-10756)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1682970 - [RFE] Default location of setting up HTTP_Proxy for podman
1752079 - podman docker command fails at COPY - overwriting existing file
1785242 - container-tools: Provides: docker gone from podman-docker subpackage
1800815 - "podman login" writes auth.json in a location "skopeo copy" does not expect
1801874 - Podman segmentation error when a Dockerfile specifies an image by its digest
1804193 - Podman support for FIPS Mode requires a bind mount inside the container [container-tools-rhel8-rhel-8.3.0/podman]
1804195 - Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.2.0/podman]
1813845 - [RFE] HTTP/REST API for podman
1814928 - "podman exec -it" will hang with leading keyboard input
1818694 - Golang panic when pushing image to a scaled image-registry
1821193 - Update container-tools 8.3.0 components to stable releases
1822038 - buildah is not expanding env vars in file paths [stream-container-tools-rhel8-rhel-8.3.0/buildah]
1825789 - Crash on filtering anonymous images
1827794 - Podman search does not have pagination support
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters1835986 - CVE-2020-10756 QEMU: slirp: networking out-of-bounds read information disclosure vulnerability
1837755 - --init feature useless out of the box
1847544 - Socket-activated Varlink (io.podman.socket) fails after first call
1849557 - Rootless Podman does not properly close and remove temporary files
1850230 - Using toolbox with fedora:latest image fails, exec fails with "OCI runtime command not found"
1853230 - The output from "podman images" is malformed if a repository contains a port
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1857606 - error loading kheaders module
1858862 - Podman build from url failed to get correct temp directory for store files
1860126 - podman run namespace in man page ambiguous
1866153 - podman search doesn't add limit to a query against v2. By default v2 returns 100 items.
1866833 - Podman 1.9.3 fails to run container when /etc/secuity/limits.conf is used
1867447 - error bind mounting /dev from host into mount namespace
1868612 - Image tag not derived correctly
1872263 - Update podman to 2.0.5
1877463 - Remove oci-seccomp-bpf-hook package from default packages installed by container-tools-rhel8-8.3.0
1879622 - `podman images --all` fails on images with digest

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.src.rpm
cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f.src.rpm
conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.src.rpm
container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f.src.rpm
containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.src.rpm
criu-3.14-2.module+el8.3.0+8221+97165c3f.src.rpm
crun-0.14.1-2.module+el8.3.0+8221+97165c3f.src.rpm
fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.src.rpm
libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.src.rpm
oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.src.rpm
podman-2.0.5-5.module+el8.3.0+8221+97165c3f.src.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f.src.rpm
runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.src.rpm
skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.src.rpm
slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.src.rpm
toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f.src.rpm
udica-0.2.2-1.module+el8.3.0+8221+97165c3f.src.rpm

aarch64:
buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
crit-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
criu-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
crun-0.14.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm
libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm
libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm
libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm
oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm
python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.aarch64.rpm
runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.aarch64.rpm
runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.aarch64.rpm
skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm
slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.aarch64.rpm

noarch:
cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f.noarch.rpm
container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f.noarch.rpm
podman-docker-2.0.5-5.module+el8.3.0+8221+97165c3f.noarch.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f.noarch.rpm
toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f.noarch.rpm
udica-0.2.2-1.module+el8.3.0+8221+97165c3f.noarch.rpm

ppc64le:
buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
crit-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
criu-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
crun-0.14.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm
libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm
libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm
libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm
oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm
python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.ppc64le.rpm
runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.ppc64le.rpm
runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.ppc64le.rpm
skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm
slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm

s390x:
buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.s390x.rpm
containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.s390x.rpm
containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.s390x.rpm
containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.s390x.rpm
containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm
crit-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm
criu-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm
criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm
criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm
crun-0.14.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm
fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm
fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm
fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm
libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm
libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm
libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm
libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm
oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm
python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm
runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.s390x.rpm
runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.s390x.rpm
runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.s390x.rpm
skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm
skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm
skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm
skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm
slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.s390x.rpm
slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.s390x.rpm
slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.s390x.rpm

x86_64:
buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
crit-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
criu-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
crun-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm
libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm
libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm
libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm
oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm
python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm
runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm
runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm
skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm
slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/cve/CVE-2020-10756
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6I28tzjgjWX9erEAQjR4w//cI3lbSrcwIdXOW2j1cQo5Leh0raN+4i0
l70omYn9cumaVTyR0XfKuFp2sb9LjVm/Ca+96PMHxYRze6//kPfdLi9rBdHmPfE9
w5Q3nbQlAo1NzW6ExBaSnmZ1cp0/NN0y40Vzuuc5rOyMaG8eXG4mKOCJrtmkgGFs
Pw+AuPJI9fjEOaoXIPIDYD1gcABIrKQZ+H+evqzHYxoZjTSeoKXfLUG/xF8mrbQV
Heh63q9ToCCphA+Ua1MjKtT4rjqSFwhiYag4fFHsmZ8se+h+l7UvngmKkkHFaYsW
WVH0LB3TqH6nbJ5tTCu3Gn8zYs6Ug4ZRcrzK+E1Jo0unGC5F4eKHY6CixX/iPuZW
rf15ygCdTj9DAByZk/vcJ6NopW3pxuTx3/eZK9FVyV2UobQZGIpqhi5VEguZEHC7
zQGbQ8r6A6Dt1I4gvqWfZnJLE0Dc1YKNQESOBpD/TDJpNXcKmRit+KOtF0haV08g
vTD0TijqOuRhT8SyDOxNlZUXlhHl9sv2Oa0DkuueWREG1LDiG40qkzxou5jNzNeu
0zzp2q+povnxm/LbhByDltYqYOySnXvNJAq7hS6UycjyTKDtda4cbaEYXsNQN5E0
Y2q3m8iRk1Aq/+f72Y5mz25V1Xp2CYPLXnMND7KmTyR+HvrzZ5EpT4K+0yGSBqmW
xChlPLYv/e8=xg2W
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-4694:01 Moderate: container-tools:rhel8 security, bug fix,

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
* QEMU: slirp: networking out-of-bounds read information disclosure vulnerability (CVE-2020-10756)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10756 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.src.rpm cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f.src.rpm conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.src.rpm container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f.src.rpm containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.src.rpm criu-3.14-2.module+el8.3.0+8221+97165c3f.src.rpm crun-0.14.1-2.module+el8.3.0+8221+97165c3f.src.rpm fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.src.rpm libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.src.rpm oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.src.rpm podman-2.0.5-5.module+el8.3.0+8221+97165c3f.src.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f.src.rpm runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.src.rpm skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.src.rpm slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.src.rpm toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f.src.rpm udica-0.2.2-1.module+el8.3.0+8221+97165c3f.src.rpm
aarch64: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.aarch64.rpm containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.aarch64.rpm containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.aarch64.rpm containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.aarch64.rpm containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm crit-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm criu-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm crun-0.14.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.aarch64.rpm fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.aarch64.rpm oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.aarch64.rpm python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.aarch64.rpm runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.aarch64.rpm runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.aarch64.rpm runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.aarch64.rpm skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.aarch64.rpm slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.aarch64.rpm slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.aarch64.rpm slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.aarch64.rpm
noarch: cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f.noarch.rpm container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f.noarch.rpm podman-docker-2.0.5-5.module+el8.3.0+8221+97165c3f.noarch.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f.noarch.rpm toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f.noarch.rpm udica-0.2.2-1.module+el8.3.0+8221+97165c3f.noarch.rpm
ppc64le: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm crit-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm criu-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm crun-0.14.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.ppc64le.rpm oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.ppc64le.rpm python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.ppc64le.rpm runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.ppc64le.rpm runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.ppc64le.rpm skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.ppc64le.rpm slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.ppc64le.rpm
s390x: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.s390x.rpm containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.s390x.rpm containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.s390x.rpm containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.s390x.rpm containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm crit-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm criu-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm crun-0.14.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.s390x.rpm fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.s390x.rpm oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.s390x.rpm podman-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.s390x.rpm python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.s390x.rpm runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.s390x.rpm runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.s390x.rpm runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.s390x.rpm skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.s390x.rpm slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.s390x.rpm slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.s390x.rpm slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.s390x.rpm
x86_64: buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm buildah-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm buildah-tests-debuginfo-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.x86_64.rpm containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm containernetworking-plugins-debuginfo-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm crit-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm criu-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm criu-debuginfo-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm crun-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm crun-debuginfo-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm fuse-overlayfs-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm libslirp-debuginfo-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm oci-seccomp-bpf-hook-debuginfo-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-catatonit-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-remote-debuginfo-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm runc-debuginfo-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm skopeo-debuginfo-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm slirp4netns-debuginfo-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:4694-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4694
Issued Date: : 2020-11-03
CVE Names: CVE-2020-10749 CVE-2020-10756 CVE-2020-14040

Topic

An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64


Bugs Fixed

1682970 - [RFE] Default location of setting up HTTP_Proxy for podman

1752079 - podman docker command fails at COPY - overwriting existing file

1785242 - container-tools: Provides: docker gone from podman-docker subpackage

1800815 - "podman login" writes auth.json in a location "skopeo copy" does not expect

1801874 - Podman segmentation error when a Dockerfile specifies an image by its digest

1804193 - Podman support for FIPS Mode requires a bind mount inside the container [container-tools-rhel8-rhel-8.3.0/podman]

1804195 - Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.2.0/podman]

1813845 - [RFE] HTTP/REST API for podman

1814928 - "podman exec -it" will hang with leading keyboard input

1818694 - Golang panic when pushing image to a scaled image-registry

1821193 - Update container-tools 8.3.0 components to stable releases

1822038 - buildah is not expanding env vars in file paths [stream-container-tools-rhel8-rhel-8.3.0/buildah]

1825789 - Crash on filtering anonymous images

1827794 - Podman search does not have pagination support

1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters1835986 - CVE-2020-10756 QEMU: slirp: networking out-of-bounds read information disclosure vulnerability

1837755 - --init feature useless out of the box

1847544 - Socket-activated Varlink (io.podman.socket) fails after first call

1849557 - Rootless Podman does not properly close and remove temporary files

1850230 - Using toolbox with fedora:latest image fails, exec fails with "OCI runtime command not found"

1853230 - The output from "podman images" is malformed if a repository contains a port

1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

1857606 - error loading kheaders module

1858862 - Podman build from url failed to get correct temp directory for store files

1860126 - podman run namespace in man page ambiguous

1866153 - podman search doesn't add limit to a query against v2. By default v2 returns 100 items.

1866833 - Podman 1.9.3 fails to run container when /etc/secuity/limits.conf is used

1867447 - error bind mounting /dev from host into mount namespace

1868612 - Image tag not derived correctly

1872263 - Update podman to 2.0.5

1877463 - Remove oci-seccomp-bpf-hook package from default packages installed by container-tools-rhel8-8.3.0

1879622 - `podman images --all` fails on images with digest


Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved