container-tools:1.0 security update

エラータID: AXSA:2021-1556:01

Release date: 
Saturday, March 6, 2021 - 03:38
Subject: 
container-tools:1.0 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The container-tools module contains tools for working with containers, notably
podman, buildah, skopeo, and runc.

Security Fix(es):

* podman: container users permissions are not respected in privileged
containers (CVE-2021-20188)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users
running in a privileged container are not correctly checked. This flaw can be
abused by a low-privileged user inside the container to access any other file in
the container, even if owned by the root user inside the container. It does not
allow to directly escape the container, though being a privileged container
means that a lot of security features are disabled when running the container.
The highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.

Modularity name: container-tools
Stream name: 1.0

Solution: 

Update packages.

CVEs: 
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Additional Info: 

N/A

Download: 

SRPMS
  1. buildah-1.5-8.gite94b4f9.module+el8+1218+0628d1db.src.rpm
    MD5: bc57adda6807f56b90964d55a4b6b663
    SHA-256: 0f75b59db9d218ad2dec5de7fc5ecca1e6a4826ffba318b052784322e2982e07
    Size: 4.21 MB
  2. containernetworking-plugins-0.7.4-4.git9ebe139.module+el8+1218+0628d1db.src.rpm
    MD5: 48316f42a181fe798d7c2f2f7827a60b
    SHA-256: 1a42842f4334aa0a54e4d8533d0e1fa0968933e8b366d31a0ae9b8def96f1b6b
    Size: 825.87 kB
  3. container-selinux-2.124.0-1.gitf958d0c.module+el8+1218+0628d1db.src.rpm
    MD5: 76f4e62f86f81273af7755ab954af39c
    SHA-256: aa3e9e118003df322f92cc5d310654d810937bf36e7d9a3b0dfb837bb31f1f14
    Size: 38.35 kB
  4. criu-3.12-9.module+el8+1218+0628d1db.src.rpm
    MD5: e44b454cffee94f529bce999504b022d
    SHA-256: 8cac700e31c608bba52509b09bf29379c56d0480e35a92f4c4a863e0baacede2
    Size: 831.10 kB
  5. fuse-overlayfs-0.3-5.module+el8+1218+0628d1db.src.rpm
    MD5: 317a4ece55bb076723da9059c30866e8
    SHA-256: e1791912658bc5e64a6336eef639255e144b61cd636bb31b6bf28e962ecb8e4c
    Size: 84.65 kB
  6. oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8+1218+0628d1db.src.rpm
    MD5: 7b1de28f7d041c7a2965971676320139
    SHA-256: f7f2e4d63e2950ab1cd392b732d358c318cbb85e6710c36efb8b0c5e8ae79dd2
    Size: 40.66 kB
  7. oci-umount-2.3.4-2.git87f9237.module+el8+1218+0628d1db.src.rpm
    MD5: c6b17ab62c8af50f231577cfb0fd9e7f
    SHA-256: f5be8ac4bf488a48d6ed6bb504afab02f711cac76625f0d2d8aeaccad77a81db
    Size: 39.94 kB
  8. podman-1.0.0-8.git921f98f.module+el8+1218+0628d1db.src.rpm
    MD5: 82fd8c99c9b9cd2541ad8cc24b21ba8d
    SHA-256: c1bd8f98fcac1b72b62a3a38712c137804f3ae082f879d38b82c3f92e358809d
    Size: 17.12 MB
  9. runc-1.0.0-56.rc5.dev.git2abd837.module+el8+1218+0628d1db.src.rpm
    MD5: 1fda52dc4d6f98851d3fd2f78a8375fe
    SHA-256: cc0cdd16f945128cc5cd224ca010446d4a7e18d3a5e1f028f4e983fc4d5e5007
    Size: 1.14 MB
  10. skopeo-0.1.32-6.git1715c90.module+el8+1218+0628d1db.src.rpm
    MD5: 386a72473dc767d93296f021d6a2d6df
    SHA-256: d06adcf6f273c7e9dbaa7839763a54ec575f497e00aea309bd3ae57bd3c9a8ca
    Size: 4.00 MB
  11. slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8+1218+0628d1db.src.rpm
    MD5: 5cbed470487e4c9dd51ab92574ed2301
    SHA-256: c7a032500756d10a23d2d4d1387187666622592391cb2f7052e55c4b82f06e5b
    Size: 139.78 kB

Asianux Server 8 for x86_64
  1. buildah-1.5-8.gite94b4f9.module+el8+1218+0628d1db.x86_64.rpm
    MD5: fa1223c016b8c71c3479a785191a8d0c
    SHA-256: c12323f45d5326771094f860fdcd333a66bde2e09e53ea5d01679601b2736072
    Size: 5.69 MB
  2. buildah-debugsource-1.5-8.gite94b4f9.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 5c1395671352aaa6fa8b022fbf0cd2c7
    SHA-256: 3bdf7361eb7e60c6985e3ca1384dcd13e5f00afc27850811dc2ec2666c296d24
    Size: 1.51 MB
  3. containernetworking-plugins-0.7.4-4.git9ebe139.module+el8+1218+0628d1db.x86_64.rpm
    MD5: fed221b09d191c0f9a4459f352533cf6
    SHA-256: 43f9df3c71969047d6bf7db5b05966af425eff077a9332e28c745cbb2cf3483b
    Size: 15.09 MB
  4. containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 264c8b727027d4c2e4103c39a09964c3
    SHA-256: 5c029149c3c640d2867fbac10568c60750f26b4b9d27f1b66cc5c2e7c0655553
    Size: 192.56 kB
  5. container-selinux-2.124.0-1.gitf958d0c.module+el8+1218+0628d1db.noarch.rpm
    MD5: 141c77a886abbe5185eaf25d6cfa90ea
    SHA-256: 5f3bde09f91d491c01eefc985895be27ff6846a0a38bd039788e639bcb69d523
    Size: 43.73 kB
  6. crit-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 8b9c457d73a2a3a558758a6ee0137572
    SHA-256: fece88f37c1e06128c7ea638226e2c8746104d36550d1a1207f664c593f2bc6d
    Size: 18.00 kB
  7. criu-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
    MD5: b9022a50d71e4b3b78a3dd18af751d77
    SHA-256: e7906365b658131883959953289f3d40dccc0bbfb2c8b46cb1f361f1a854654f
    Size: 480.92 kB
  8. criu-debugsource-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 163080b2de8b092e2da432c195adde7f
    SHA-256: aabd71a6c963fd05322b65477e9dd5b15b8ed24c7dfb54ba2e572204660e634d
    Size: 622.93 kB
  9. python3-criu-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
    MD5: b768cd31281e1d93ca6a3b570d3987eb
    SHA-256: fcf9e3e71797be6438ca97bb11c0d98bca267e65c42dc7562ae777edff33391b
    Size: 155.80 kB
  10. fuse-overlayfs-0.3-5.module+el8+1218+0628d1db.x86_64.rpm
    MD5: cc970cbc749a6496ebe25ae9d887fb61
    SHA-256: 10cb6d2145ecbd2448238a5fb4b28d5d334ca35b1c990e8238152fd85bbc0dd1
    Size: 46.58 kB
  11. fuse-overlayfs-debugsource-0.3-5.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 9bdf035035b75c1440e9c03bcbb0f009
    SHA-256: 6e708653f9554ac3046d9f3bd17c25aad4a6acffb69d8d46eda0fddd9741a454
    Size: 35.87 kB
  12. oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 0ed01d2ab864e1f34b46a8b614234d7d
    SHA-256: 9672fe35a0baf51dcd7d491de5ec7aa10a81f8424ef623831afc69632be57db4
    Size: 38.05 kB
  13. oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 845a747bb01d0e364a4606dd92ba2fab
    SHA-256: 035dafc701514cc21c2f3a9e3a6a10161d076b8622c3ddf82843de87ca126b2e
    Size: 18.08 kB
  14. oci-umount-2.3.4-2.git87f9237.module+el8+1218+0628d1db.x86_64.rpm
    MD5: c1716024985631509bd5bbae56eddfc5
    SHA-256: 1aff74c5b94b40945e149517018ab60d957a0715aef6c54f41bdf1d381284ecb
    Size: 36.83 kB
  15. oci-umount-debugsource-2.3.4-2.git87f9237.module+el8+1218+0628d1db.x86_64.rpm
    MD5: dc3aa2b7fe4d85576cb718c7fa09ec83
    SHA-256: d6a3420af7621fdcc2377dc53468845f016b726fe18d50a90c12c43fb7c8c7d4
    Size: 17.41 kB
  16. podman-1.0.0-8.git921f98f.module+el8+1218+0628d1db.x86_64.rpm
    MD5: fc718a50e614ff9f073edfeb25fc50c8
    SHA-256: 7cce7ef94e3f90edec171db7b326cd75ead74d0f312c4cc541c179434c7ab129
    Size: 9.43 MB
  17. podman-debugsource-1.0.0-8.git921f98f.module+el8+1218+0628d1db.x86_64.rpm
    MD5: bcd3536eebb701511f561cf0934a05b1
    SHA-256: dc62d34e155fbee0e642d813c005f8b793321994397052ae674c357c7df19e13
    Size: 3.31 MB
  18. podman-docker-1.0.0-8.git921f98f.module+el8+1218+0628d1db.noarch.rpm
    MD5: ffc12e301f99f23788b7682bb99a0b9f
    SHA-256: 2b3fc058cfa899e097c7f8c9923b91499f1661f1d43e09b7c8698d2fbe31821f
    Size: 27.86 kB
  19. runc-1.0.0-56.rc5.dev.git2abd837.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 2567cda541371e8c25968f9e1cbb12e0
    SHA-256: 05a311eaf1598cf8884f6931837a5a6ca6b5320008a6bf0c2d68c0caa06319b1
    Size: 2.50 MB
  20. runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 311f8f01818ad7619bcebb8e2ee6267e
    SHA-256: 14247a68b8c21aa31fcf24035d03cd743eec8b9fdb762be7424766590b94620a
    Size: 389.74 kB
  21. containers-common-0.1.32-6.git1715c90.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 38c791d1706dcc3599590ae1e6fa3832
    SHA-256: 03175801b5bc6fdd89d85f9a067f067a02902a93080793b5eda141d836add1d3
    Size: 30.29 kB
  22. skopeo-0.1.32-6.git1715c90.module+el8+1218+0628d1db.x86_64.rpm
    MD5: ad1fdea7fb8c09f4c243ee4732b2f4bf
    SHA-256: 3c8e2f85a94d074380c0d85b98c37dc674e72593997c86a7789ef9e85a2951a3
    Size: 5.19 MB
  23. skopeo-debugsource-0.1.32-6.git1715c90.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 56d55608146eef48de525edc867ffa77
    SHA-256: 026ea06b1f352087488a5a2a9050513e8f57f28f9ed332f9d1f1d95e8be341d0
    Size: 1.30 MB
  24. slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 3f1490d64c479d8a414d24b56452ff80
    SHA-256: bb354c30a3c200bc55e53cfc38f10bb8475ebd2080a96358377325b0a0df4893
    Size: 53.78 kB
  25. slirp4netns-debugsource-0.1-5.dev.gitc4e1bc5.module+el8+1218+0628d1db.x86_64.rpm
    MD5: 6185558ecb48d3a6264cf33636e49698
    SHA-256: d6531e0bea7164306a4b5e8bea3201e04a7d09f910f5507a381177310e8b6472
    Size: 96.37 kB