Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Enterprise Linux 8 RHSA-2021-0531-01 Moderate: Environment Leak

red hat
Calendar Grey February 16, 2021
Dist Redhat Esm H88
Red Hat released a measured security alert concerning container-tools:rhel8, which addresses an issue with environmental variable exposure. For full information, continue reading.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API (CVE-2020-14370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat software update bug fix security fix moderate severity container-tools environment leak

References

https://access.redhat.com/security/cve/CVE-2020-14370 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.3_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: buildah-1.16.7-4.module+el8.3.1+9857+68fb1526.src.rpm cockpit-podman-27.1-3.module+el8.3.1+9857+68fb1526.src.rpm conmon-2.0.22-3.module+el8.3.1+9857+68fb1526.src.rpm container-selinux-2.155.0-1.module+el8.3.1+9857+68fb1526.src.rpm containernetworking-plugins-0.9.0-1.module+el8.3.1+9857+68fb1526.src.rpm criu-3.15-1.module+el8.3.1+9857+68fb1526.src.rpm crun-0.16-2.module+el8.3.1+9857+68fb1526.src.rpm fuse-overlayfs-1.3.0-2.module+el8.3.1+9857+68fb1526.src.rpm libslirp-4.3.1-1.module+el8.3.1+9803+64eb0fd6.src.rpm oci-seccomp-bpf-hook-1.2.0-1.module+el8.3.1+9857+68fb1526.src.rpm podman-2.2.1-7.module+el8.3.1+9857+68fb1526.src.rpm python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.1+9857+68fb1526.src.rpm runc-1.0.0-70.rc92.module+el8.3.1+9857+68fb1526.src.rpm skopeo-1.2.0-9.module+el8.3.1+9857+68fb1526.src.rpm slirp4netns-1.1.8-1.module+el8.3.1+9857+68fb1526.src.rpm toolbox-0.0.8-1.module+el8.3.1+9857+68fb1526.src.rpm udica-0.2.4-1.module+el8.3.1+9857+68fb1526.src.rpm
aarch64: buildah-1.16.7-4.module+el8.3.1+9857+68fb1526.aarch64.rpm buildah-debuginfo-1.16.7-4.module+el8.3.1+9857+68fb1526.aarch64.rpm buildah-debugsource-1.16.7-4.module+el8.3.1+9857+68fb1526.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:0531-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0531
Issue date: 2021-02-16

Topic

An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat software update bug fix security fix moderate severity container-tools environment leak

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1678546 - Podman fails to create containers on RHEL 8 if CGroups V2 is enabled.

1701359 - rpmdiff message: Detecting usr/bin/buildah with not-hardened warnings

1701361 - rpmdiff message: Detecting usr/bin/fuse-overlayfs with not-hardened warnings

1843168 - [RFE] podman volume should include the filter dangling=true

1846629 - [RFE] Enable "podman search" to use wildcard (star) for queries

1848150 - Improved error message when signatures cannot be stored

1873064 - Can not execute podman commands scheduled by cron

1873204 - podman run --log-driver journald didn't works as expected

1874268 - CVE-2020-14370 podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API

1876576 - podman images can panic for incomplete images in the storage

1877865 - dnsname plugin missing from RHEL 8.2

1880987 - ubi8-init rootless fails on RHEL 8.2 with 'No such file or directory' and 'Permission denied'

1881218 - unable to run RHEL6 container in RHEL 8.3 (container-selinux not installed with podman)

1883945 - Cannot mount /proc/net in a container as it is a symlink to /proc/self/net and not assigned proc_t

1884668 - Fix parsing of the parameter to detect digests and use the appropriate @ separator.

1895105 - Podman events nonfunctional as rootless

1897012 - podman search doesn't give description of packages with --no-trunc option

1898911 - Empty cidfile after container creation

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here