RedHat: RHSA-2022-7457:01 Moderate: container-tools:rhel8 security, bug fix,
Summary
The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.
Security Fix(es):
* golang: net/http/httputil: panic due to racy read of persistConn after
handler panic (CVE-2021-36221)
* cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
* buildah: possible information disclosure and modification (CVE-2022-2990)
* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.7 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2022-1708 https://access.redhat.com/security/cve/CVE-2022-2990 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.src.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.src.rpm
cockpit-podman-53-1.module+el8.7.0+16772+33343656.src.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.src.rpm
container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.src.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.src.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.src.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.src.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.src.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.src.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.src.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.src.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.src.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm
python-podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.src.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.src.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.src.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.src.rpm
udica-0.2.6-3.module+el8.7.0+16772+33343656.src.rpm
aarch64:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.aarch64.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
noarch:
cockpit-podman-53-1.module+el8.7.0+16772+33343656.noarch.rpm
container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.noarch.rpm
podman-docker-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm
python3-podman-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm
udica-0.2.6-3.module+el8.7.0+16772+33343656.noarch.rpm
ppc64le:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.ppc64le.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
s390x:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.s390x.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.s390x.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
x86_64:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.x86_64.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1820551 - Automatically starting a container on boot is not possible through cockpit WebUI
1941727 - Module meta data is wrong
1945929 - Every podman run invocation generates two "Couldn't stat device /dev/char/10:200: No such file or directory" lines in the journal
1974423 - No equivalent buildah bud argument to docker build --ssh
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
1996050 - [RFE] podman to create a rootless container that attempts to publish ports from a host with static IPv6 address.
2005866 - Udica was rebased prematurely
2009264 - Cannot get logs with --follow
2009346 - Podman name resolution not working as expected
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2027662 - Udica crashes when processing inspect file without capabilities
2028408 - Podman healthcheck fails if the command contains unicode characters.
2030195 - Add restart-sec option to systemd generate
2039045 - /etc/containers/registries.conf missing registry.redhat.io terms-based registry definition
2052697 - Inconsistency in how the podman service behaves depending on whether it is providing API via UNIX or TCP socket.
2053990 - runc has unversioned dependency on libseccomp
2055313 - Creating a pod uses bad infra_image registry in podman
2059666 - There is no man page for Containerfile provided by containers-common
2062697 - [cockpit-podman] RHEL 8.7 Tier 0 Localization
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2066145 - The results showed significant difference between with and without --no-stream option for podman stats
2068006 - CentOS Stream 8 podman: symbol lookup error: podman: undefined symbol: seccomp_notify_fd [rhel-8.7.0]
2072452 - error during chown: storage-chown-by-maps: lgetxattr usr/bin/ping: value too large for defined data type
2073958 - Podman v3.4.2 regression with hosts file breaks getHostAddress() call
2078925 - podman command crash with segment fault in rootless user mode
2079759 - skopeo segfaults after rebuild with golang-1.18
2079761 - podman fails to build with golang-1.18
2081836 - networking is broken when building containers due to missing container networking package dependencies
2083570 - symlinks doesn't work on volumes under podman when SELINUX is enabled
2083997 - catatonit not found when starting pod (podman 4.0 under RHEL 8.6)
2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api
2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities
2086757 - Error: plugin type="bridge" failed (add): failed to find plugin "bridge" in path
2090609 - ERRO[0009] Error forwarding signal 18 to container using rootless user with timeout+sleep in the podman run command
2090920 - Podman load keeps stale files in TMPDIR
2093079 - Podman does not detect volume from the volume plugin, unlike docker
2094610 - Healthcheck does not get executed if --interval not specified in Dockerfile
2094875 - podman not being able to mount devices during podman build
2095097 - [RFE] Podman copying the entries of /etc/hosts in the container
2096264 - podman images --format incompatibility with docker
2097865 - Removing podman-2:4.0.2-6.module+el8.6.0+14877+f643d2d6.x86_64 does not remove podman socket if sudo systemctl enable podman.socket has been run prior to yum remove podman
2100740 - podman can not force remove paused container
2102140 - ADD Dockerfile reference is not validating HTTP status code [rhel8]
2102361 - Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems
2102381 - podman image failed with ERRO[0000] Unmounting /home/maor/.local/share/containers/storage/overlay/XX/merged: invalid argument
2113941 - podman did not set selinux labels to symbolic links
2117699 - podman 4.2 version bump
2117928 - Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied
2118231 - mount through procfd: operation not permitted: OCI permission denied
2119072 - podman gating test issues in RHEL8.7
2120651 - Add beta keys to default-policy.json
2121453 - CVE-2022-2990 buildah: possible information disclosure and modification