-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:7457-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7457
Issue date:        2022-11-08
CVE Names:         CVE-2021-36221 CVE-2021-41190 CVE-2022-1708 
                   CVE-2022-2990 CVE-2022-27191 CVE-2022-29162 
====================================================================
1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

* golang: net/http/httputil: panic due to racy read of persistConn after
handler panic (CVE-2021-36221)

* cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)

* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

* buildah: possible information disclosure and modification (CVE-2022-2990)

* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1820551 - Automatically starting a container on boot is not possible through cockpit WebUI
1941727 - Module meta data is wrong
1945929 - Every podman run invocation generates two "Couldn't stat device /dev/char/10:200: No such file or directory" lines in the journal
1974423 - No equivalent buildah bud argument to docker build --ssh
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
1996050 - [RFE] podman to create a rootless container that attempts to publish ports from a host with static IPv6 address.
2005866 - Udica was rebased prematurely
2009264 - Cannot get logs with --follow
2009346 - Podman name resolution not working as expected
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2027662 - Udica crashes when processing inspect file without capabilities
2028408 - Podman healthcheck fails if the command contains unicode characters.
2030195 - Add restart-sec option to systemd generate
2039045 - /etc/containers/registries.conf missing registry.redhat.io terms-based registry definition
2052697 - Inconsistency in how the podman service behaves depending on whether it is providing API via UNIX or TCP socket.
2053990 - runc has unversioned dependency on libseccomp
2055313 - Creating a pod uses bad infra_image registry in podman
2059666 - There is no man page for Containerfile provided by containers-common
2062697 - [cockpit-podman] RHEL 8.7 Tier 0 Localization
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2066145 - The results showed significant difference between with and without --no-stream option for podman stats
2068006 - CentOS Stream 8 podman: symbol lookup error: podman: undefined symbol: seccomp_notify_fd [rhel-8.7.0]
2072452 - error during chown: storage-chown-by-maps: lgetxattr usr/bin/ping: value too large for defined data type
2073958 - Podman v3.4.2 regression with hosts file breaks getHostAddress() call
2078925 - podman command crash with segment fault in rootless user mode
2079759 - skopeo segfaults after rebuild with golang-1.18
2079761 - podman fails to build with golang-1.18
2081836 - networking is broken when building containers due to missing container networking package dependencies
2083570 - symlinks doesn't work on volumes under podman when SELINUX is enabled
2083997 - catatonit not found when starting pod (podman 4.0 under RHEL 8.6)
2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api
2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities
2086757 - Error: plugin type="bridge" failed (add): failed to find plugin "bridge" in path
2090609 - ERRO[0009] Error forwarding signal 18 to container using rootless user with timeout+sleep in the podman run command
2090920 - Podman load keeps stale files in TMPDIR
2093079 - Podman does not detect volume from the volume plugin, unlike docker
2094610 - Healthcheck does not get executed if --interval not specified in Dockerfile
2094875 - podman not being able to mount devices during podman build
2095097 - [RFE] Podman copying the entries of /etc/hosts in the container
2096264 - podman images --format incompatibility with docker
2097865 - Removing podman-2:4.0.2-6.module+el8.6.0+14877+f643d2d6.x86_64 does not remove podman socket if sudo systemctl enable podman.socket has been run prior to yum remove podman
2100740 - podman can not force remove paused container
2102140 - ADD Dockerfile reference is not validating HTTP status code [rhel8]
2102361 - Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems
2102381 - podman image failed with ERRO[0000] Unmounting /home/maor/.local/share/containers/storage/overlay/XX/merged: invalid argument
2113941 - podman did not set selinux labels to symbolic links
2117699 - podman 4.2 version bump
2117928 - Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied
2118231 - mount through procfd: operation not permitted: OCI permission denied
2119072 - podman gating test issues in RHEL8.7
2120651 - Add beta keys to default-policy.json
2121453 - CVE-2022-2990 buildah: possible information disclosure and modification

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.src.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.src.rpm
cockpit-podman-53-1.module+el8.7.0+16772+33343656.src.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.src.rpm
container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.src.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.src.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.src.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.src.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.src.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.src.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.src.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.src.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.src.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm
python-podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.src.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.src.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.src.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.src.rpm
udica-0.2.6-3.module+el8.7.0+16772+33343656.src.rpm

aarch64:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.aarch64.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm

noarch:
cockpit-podman-53-1.module+el8.7.0+16772+33343656.noarch.rpm
container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.noarch.rpm
podman-docker-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm
python3-podman-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm
udica-0.2.6-3.module+el8.7.0+16772+33343656.noarch.rpm

ppc64le:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.ppc64le.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm

s390x:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.s390x.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.s390x.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm

x86_64:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.x86_64.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-36221
https://access.redhat.com/security/cve/CVE-2021-41190
https://access.redhat.com/security/cve/CVE-2022-1708
https://access.redhat.com/security/cve/CVE-2022-2990
https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-29162
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2pRzdzjgjWX9erEAQhHihAAgrFL0P9/bHWMhFtBpYGiGDrb3gjbezqu
JIDXtNcA5oKpRy6uttd5Hgfqqn1f818ff9rquI0OA4OH7lZrp2vh4vv+p5bHFGGQ
1Iu0ouZdBM/cX6wSM1SHjO9BN7Auoh4RNat5FNSQ9YVdUj6Gwyz9w1ueIxMw3Bsg
/b8ICWyKqQv4PrmZjJrc8Q/b6A828nxVPg57civ+I45QCiXJ7zw8GkD6NtVju7+X
awq5ktcaXk0SMQ4xcbiiBqnbOk5UXuATAXiiCqUClxGQWyfehgXV2d14vf0CgtUk
YVneXMPOnPZOOzmEYES8rdx5z/AOBwV+b5qT36fXyvkndrhDRc5rggJUJLbL6RHk
v5yz1kQpz99Cq0zTNuv14F0qeNM+ygF7SU4xnGUbelZN5qF4tEsPH8PJmkvr4Cc7
7oAz9tZbrODx69799jwzXM7kPBcur/WN82Vq20DfG4GcLAqG472LA7FIb1tT3+9w
I/AgcM8wDAHVKRiAVESFmvPzynfRntX6VPaXqkxKh1J+M7JmiplAIfE2AqRseW29
R+r6QJwEqGYnWCez7gQCvsrjqFgZC8HnYpAd/k22LdDU5Q2r17W5/uDrLPGYC70t
EEvzZ3EehWVCMAf3V7Aawexdm7N6ow4hFLMcgflsOutVsmjs9kvCN84Lm6KlobpY
2ejHAfdliw8=m1Pz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-7457:01 Moderate: container-tools:rhel8 security, bug fix,

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8

Summary

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
* buildah: possible information disclosure and modification (CVE-2022-2990)
* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Summary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2022-1708 https://access.redhat.com/security/cve/CVE-2022-2990 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.src.rpm buildah-1.27.0-2.module+el8.7.0+16772+33343656.src.rpm cockpit-podman-53-1.module+el8.7.0+16772+33343656.src.rpm conmon-2.1.4-1.module+el8.7.0+16772+33343656.src.rpm container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.src.rpm containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.src.rpm containers-common-1-40.module+el8.7.0+16772+33343656.src.rpm criu-3.15-3.module+el8.7.0+16772+33343656.src.rpm crun-1.5-1.module+el8.7.0+16772+33343656.src.rpm fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.src.rpm libslirp-4.4.0-1.module+el8.7.0+16772+33343656.src.rpm netavark-1.1.0-6.module+el8.7.0+16772+33343656.src.rpm oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.src.rpm podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm python-podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm runc-1.1.4-1.module+el8.7.0+16772+33343656.src.rpm skopeo-1.9.2-1.module+el8.7.0+16772+33343656.src.rpm slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.src.rpm toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.src.rpm udica-0.2.6-3.module+el8.7.0+16772+33343656.src.rpm
aarch64: aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.aarch64.rpm buildah-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm conmon-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm containers-common-1-40.module+el8.7.0+16772+33343656.aarch64.rpm crit-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm criu-devel-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm criu-libs-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm crun-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm libslirp-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm netavark-1.1.0-6.module+el8.7.0+16772+33343656.aarch64.rpm oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm python3-criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm runc-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm skopeo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
noarch: cockpit-podman-53-1.module+el8.7.0+16772+33343656.noarch.rpm container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.noarch.rpm podman-docker-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm python3-podman-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm udica-0.2.6-3.module+el8.7.0+16772+33343656.noarch.rpm
ppc64le: aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.ppc64le.rpm buildah-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm conmon-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm containers-common-1-40.module+el8.7.0+16772+33343656.ppc64le.rpm crit-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm criu-devel-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm criu-libs-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm crun-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm libslirp-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm netavark-1.1.0-6.module+el8.7.0+16772+33343656.ppc64le.rpm oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm python3-criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm runc-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm skopeo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
s390x: aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.s390x.rpm buildah-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm conmon-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm containers-common-1-40.module+el8.7.0+16772+33343656.s390x.rpm crit-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm criu-devel-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm criu-libs-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm crun-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm libslirp-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm netavark-1.1.0-6.module+el8.7.0+16772+33343656.s390x.rpm oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm podman-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm python3-criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm runc-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm skopeo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
x86_64: aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.x86_64.rpm buildah-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm conmon-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm containers-common-1-40.module+el8.7.0+16772+33343656.x86_64.rpm crit-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm criu-devel-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm criu-libs-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm crun-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm libslirp-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm netavark-1.1.0-6.module+el8.7.0+16772+33343656.x86_64.rpm oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm python3-criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm runc-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm skopeo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2022:7457-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2022:7457

Issued Date: : 2022-11-08

CVE Names: CVE-2021-36221 CVE-2021-41190 CVE-2022-1708 CVE-2022-2990 CVE-2022-27191 CVE-2022-29162

Topic

An update for the container-tools:rhel8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1820551 - Automatically starting a container on boot is not possible through cockpit WebUI

1941727 - Module meta data is wrong

1945929 - Every podman run invocation generates two "Couldn't stat device /dev/char/10:200: No such file or directory" lines in the journal

1974423 - No equivalent buildah bud argument to docker build --ssh

1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

1996050 - [RFE] podman to create a rootless container that attempts to publish ports from a host with static IPv6 address.

2005866 - Udica was rebased prematurely

2009264 - Cannot get logs with --follow

2009346 - Podman name resolution not working as expected

2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion

2027662 - Udica crashes when processing inspect file without capabilities

2028408 - Podman healthcheck fails if the command contains unicode characters.

2030195 - Add restart-sec option to systemd generate

2039045 - /etc/containers/registries.conf missing registry.redhat.io terms-based registry definition

2052697 - Inconsistency in how the podman service behaves depending on whether it is providing API via UNIX or TCP socket.

2053990 - runc has unversioned dependency on libseccomp

2055313 - Creating a pod uses bad infra_image registry in podman

2059666 - There is no man page for Containerfile provided by containers-common

2062697 - [cockpit-podman] RHEL 8.7 Tier 0 Localization

2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server

2066145 - The results showed significant difference between with and without --no-stream option for podman stats

2068006 - CentOS Stream 8 podman: symbol lookup error: podman: undefined symbol: seccomp_notify_fd [rhel-8.7.0]

2072452 - error during chown: storage-chown-by-maps: lgetxattr usr/bin/ping: value too large for defined data type

2073958 - Podman v3.4.2 regression with hosts file breaks getHostAddress() call

2078925 - podman command crash with segment fault in rootless user mode

2079759 - skopeo segfaults after rebuild with golang-1.18

2079761 - podman fails to build with golang-1.18

2081836 - networking is broken when building containers due to missing container networking package dependencies

2083570 - symlinks doesn't work on volumes under podman when SELINUX is enabled

2083997 - catatonit not found when starting pod (podman 4.0 under RHEL 8.6)

2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api

2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities

2086757 - Error: plugin type="bridge" failed (add): failed to find plugin "bridge" in path

2090609 - ERRO[0009] Error forwarding signal 18 to container using rootless user with timeout+sleep in the podman run command

2090920 - Podman load keeps stale files in TMPDIR

2093079 - Podman does not detect volume from the volume plugin, unlike docker

2094610 - Healthcheck does not get executed if --interval not specified in Dockerfile

2094875 - podman not being able to mount devices during podman build

2095097 - [RFE] Podman copying the entries of /etc/hosts in the container

2096264 - podman images --format incompatibility with docker

2097865 - Removing podman-2:4.0.2-6.module+el8.6.0+14877+f643d2d6.x86_64 does not remove podman socket if sudo systemctl enable podman.socket has been run prior to yum remove podman

2100740 - podman can not force remove paused container

2102140 - ADD Dockerfile reference is not validating HTTP status code [rhel8]

2102361 - Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems

2102381 - podman image failed with ERRO[0000] Unmounting /home/maor/.local/share/containers/storage/overlay/XX/merged: invalid argument

2113941 - podman did not set selinux labels to symbolic links

2117699 - podman 4.2 version bump

2117928 - Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied

2118231 - mount through procfd: operation not permitted: OCI permission denied

2119072 - podman gating test issues in RHEL8.7

2120651 - Add beta keys to default-policy.json

2121453 - CVE-2022-2990 buildah: possible information disclosure and modification