RedHat: RHSA-2021-4154:03 Moderate: container-tools:rhel8 security, bug fix,
Summary
The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.
Security Fix(es):
* buildah: Host environment variables leaked in build container when using
chroot isolation (CVE-2021-3602)
* containers/storage: DoS via malicious image (CVE-2021-20291)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2021-3602 https://access.redhat.com/security/cve/CVE-2021-20291 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.src.rpm
cockpit-podman-33-1.module+el8.5.0+12582+56d94c81.src.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.src.rpm
container-selinux-2.167.0-1.module+el8.5.0+12582+56d94c81.src.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.src.rpm
containers-common-1-2.module+el8.5.0+12582+56d94c81.src.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.src.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.src.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.src.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.src.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.src.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.src.rpm
python-podman-3.2.0-2.module+el8.5.0+12582+56d94c81.src.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.src.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.src.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.src.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.src.rpm
udica-0.2.5-2.module+el8.5.0+12582+56d94c81.src.rpm
aarch64:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
noarch:
cockpit-podman-33-1.module+el8.5.0+12582+56d94c81.noarch.rpm
container-selinux-2.167.0-1.module+el8.5.0+12582+56d94c81.noarch.rpm
containers-common-1-2.module+el8.5.0+12582+56d94c81.noarch.rpm
podman-docker-3.3.1-9.module+el8.5.0+12697+018f24d7.noarch.rpm
python3-podman-3.2.0-2.module+el8.5.0+12582+56d94c81.noarch.rpm
udica-0.2.5-2.module+el8.5.0+12582+56d94c81.noarch.rpm
ppc64le:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
s390x:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.s390x.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.s390x.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.s390x.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.s390x.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.s390x.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.s390x.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.s390x.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.s390x.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.s390x.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.s390x.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.s390x.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
x86_64:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1914687 - Rebase to github.com/containers/toolbox
1928935 - RFE: Let `podman volume prune` show the volumes that are going to be removed
1932399 - IPv6 errors after exiting crictl
1933775 - shortname for ubi8-minimal leads to "Repo not found" error [RHEL 8.5]
1933776 - podman 3.0.1 ships with a v2 go module [RHEL 8.5]
1934415 - Work on 8.5.0 container-tools module.
1934480 - Podman will pull image for rootless CNI
1937641 - Regression: Overlay mounts is broken on existing directories. [rhel-8.5.0]
1937830 - regressions cp command in Podman v3.0 [rhel-8.5.0]
1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
1940037 - toolbox does not provide /:/host mount required for sosreport
1940054 - Support logging into a registry if necessary
1940082 - toolbox does not support a config file
1940493 - [gss][podman]Getting the error while starting container "Error: readlink /var/lib/containers/storage/overlay/l/XXX no such file or directory" [rhel-8.5.0]
1941380 - Podman - secondary groups not available in container when using userns=keep-id
1947432 - podman run --pid=host command causes OCI permission error
1947999 - rootless podman --cgroup-manager=cgroupfs run command causes OCI permission error when CGroups V2 is enabled
1952204 - shortnames for containerized images
1952698 - Permission on /dev/null are changing from 666 to 777 after running podman as root
1957299 - Podman "--format" does not support "join"
1957840 - kubelet service fail to load EnvironmentFile due to SELinux denial
1957904 - Confined selinux users of type staff_u and user_u cannot run rootless podman containers1958353 - "rootless-cni-infra": executable file not found in $PATH: OCI not found
1960948 - Error refreshing container XXX: error acquiring lock 0 for container
1966538 - Podman returns development version
1966872 - podman's image index corrupted during WAN emulation tests
1969264 - CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation
1972150 - Image fails to prune from registry, preventing subsequent prunes
1972209 - Under load, container failed to be created due to missing cgroup scope
1972211 - When running a lot of one-off containers, podman hangs forever
1972282 - TMPDIR is not working in podman pull and podman load
1972648 - Update shortname list
1973418 - kubelet service fail to load EnvironmentFile due to SELinux denial (Re-opened)
1976283 - podman search does not return an exact match
1977280 - registries.conf mixes v1 and v2 syntax
1977673 - podman v3.2.2 writes image events too early
1978415 - Supply the python-podman package in RHEL 8.5.0
1978556 - podman v3.2.2 - error resolving image of another architecture
1978647 - [RFE] Podman secrets for RHEL 8.4
1979497 - podman v3.2.2 - cannot get logs when running in namespace with /var/log overmounted
1980212 - [Cockpit 8.5] [ja_JP, ko_KR] Podman Container Page is not localized
1982593 - podman 3.2 - CNI-in-slirp4netns DNS gets broken when running a rootful container after running a rootless container
1982762 - podman v3.2.2 - race condition with rootless cni networking
1985499 - podman: Cannot run Fedora 35/RHEL 9 Beta images due to clone3 incompatibility
1985905 - Podman report unsupported pull policy if set imagePullPolicy with capitalized Word
1987049 - inability to start container with runc caused by redundant seccomp rules
1993209 - new containers-common packaging conflicts with redhat-release
1993249 - Make volume removal with third-party drivers consistent with Docker behavior
1995041 - Rebase udica to v0.2.5
1998191 - Suggest a way forward if coreos/toolbox was used
1999144 - podman update to 3.3 removes default network config
2000943 - podman auto update fails to login to registry after podman upgrade to 3.2
2004562 - Switch to using the Toolbox-specific UBI image by default
2005018 - [8.4.0.z] kubelet service fail to load EnvironmentFile due to SELinux denial (Re-opened)