container-tools:2.0 security update
エラータID: AXSA:2021-1557:01
Release date:
Saturday, March 6, 2021 - 04:28
Subject:
container-tools:2.0 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
The container-tools module contains tools for working with containers, notably
podman, buildah, skopeo, and runc.
Security Fix(es):
* podman: container users permissions are not respected in privileged
containers (CVE-2021-20188)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users
running in a privileged container are not correctly checked. This flaw can be
abused by a low-privileged user inside the container to access any other file in
the container, even if owned by the root user inside the container. It does not
allow to directly escape the container, though being a privileged container
means that a lot of security features are disabled when running the container.
The highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.
Modularity name: container-tools
Stream name: 2.0
Solution:
Update packages.
CVEs:
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Additional Info:
N/A
Download:
SRPMS
- buildah-1.11.6-8.module+el8+1219+5d34baa8.src.rpm
MD5: afc9a68898f1928df3b873591c47746b
SHA-256: c4d64296cad16471351b0ec9440928821097d3be8c1b714f435ad57794e5cfa1
Size: 9.85 MB - cockpit-podman-11-1.module+el8+1219+5d34baa8.src.rpm
MD5: d2242e55a66a08c5b10a45cecec0f6ce
SHA-256: 56a05de11f0f1eb602008f4eabacdab40b0e17d5f807d1e197464ae749bb39cb
Size: 1.36 MB - conmon-2.0.15-1.module+el8+1219+5d34baa8.src.rpm
MD5: 31ccb4c1b910cd37b322154a0a7c4804
SHA-256: 4b25cfcc98b369808b72f99981b0111dd9a4e42891c9ee231766e40d8a39ce42
Size: 68.78 kB - containernetworking-plugins-0.8.3-4.module+el8+1219+5d34baa8.src.rpm
MD5: 32f97084a7329dc2bbb7a4f73d2e38d6
SHA-256: 27bb4e2abd9c741aede6a59bd48c4df6e9c24a72b92bed596b7d7a3a347b3a2f
Size: 1.86 MB - container-selinux-2.130.0-1.module+el8+1219+5d34baa8.src.rpm
MD5: 54c6efb291c7e2f46b09782785ae6d5d
SHA-256: 85cb0a9f5643c5489bb8df62314f198df6d7c3cddd967ec2314328313ca3b462
Size: 44.06 kB - criu-3.12-9.module+el8+1219+5d34baa8.src.rpm
MD5: 626c7376ae099674bd7921f319fae051
SHA-256: 7bf46da6d9af17dc47bbb274465622910ece7765e5644d82b4525595ffb0f647
Size: 831.10 kB - fuse-overlayfs-0.7.8-1.module+el8+1219+5d34baa8.src.rpm
MD5: 6a92b1cda6590e33a019be059c9f179b
SHA-256: e979acf03f196230aebb40af942eeb0f52c71592f932b14aa366abf82539da2e
Size: 103.67 kB - podman-1.6.4-26.module+el8+1219+5d34baa8.src.rpm
MD5: 136b8620b106d6b0550bd95385835708
SHA-256: 3a6849ba72f7ffbc83fc0aacab1d9f5e14dab4ec16db3a7c3c265513f764bbc4
Size: 7.67 MB - python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8+1219+5d34baa8.src.rpm
MD5: a6ab47dc18373a5a98f7b9e1d4b868c0
SHA-256: 4d7b410aece162f6e2feee757fbb8bcc54135bf175c0464debe861ef22c5ae89
Size: 39.40 kB - runc-1.0.0-64.rc10.module+el8+1219+5d34baa8.src.rpm
MD5: 6a8a4f4c946a083e03b2ea68bf4acad9
SHA-256: a350e3801cdc9197085ac0857bfd709940a3c81ac7fb5a0d391d35a86ed3cb85
Size: 1.80 MB - skopeo-0.1.41-4.module+el8+1219+5d34baa8.src.rpm
MD5: 268d4d59421459f6e72e3a7c486c55d7
SHA-256: b1b96abf6a4d7a7e1c790ec2496913c170653916b5dc7e524a0532159d690751
Size: 4.42 MB - slirp4netns-0.4.2-3.git21fdece.module+el8+1219+5d34baa8.src.rpm
MD5: 46433f22d476d59ea97fc46583ec8085
SHA-256: 22514350aaf71d34ec4ee84bb044e7d7c99b4a3add5e1eede9b4adda13458e4d
Size: 178.57 kB - toolbox-0.0.7-1.module+el8+1219+5d34baa8.src.rpm
MD5: f97026b83366d6df73f3f3f0abc08ea2
SHA-256: 85d59a9d4958465baa68ee533a3e7cf5925e55c0448287525b43553b3487c206
Size: 18.80 kB - udica-0.2.1-2.module+el8+1219+5d34baa8.src.rpm
MD5: a504272740faac7db9797fc01c782338
SHA-256: 73dd3e3a9f30989829409f4f1a900abc0977352be476f729c5bd890057392037
Size: 128.16 kB
Asianux Server 8 for x86_64
- buildah-1.11.6-8.module+el8+1219+5d34baa8.x86_64.rpm
MD5: c60c9a69448ab1f864aee190099766a2
SHA-256: 5db0f616a47f24f5651a07f625ec6e2f04330b1d7a1408c8a2cfff4613d46d71
Size: 8.40 MB - buildah-debugsource-1.11.6-8.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 04ebe0bd00ea893268ffdb8388f6f467
SHA-256: ab2ee70b53c35842e52d57e7473405cdff0ca559ff8f60701545729ce9d69cdd
Size: 2.38 MB - buildah-tests-1.11.6-8.module+el8+1219+5d34baa8.x86_64.rpm
MD5: b1d9af829937c13fdc2b034fb79ef184
SHA-256: 79ae8e5030ba9b40b1b5a46f10e859e343f3a6ef6fa8a28e0d95b841bbe40bb2
Size: 9.85 MB - cockpit-podman-11-1.module+el8+1219+5d34baa8.noarch.rpm
MD5: 77126e9b0d6bedd6369f3bdf07b9473c
SHA-256: 4c5471b312152289b956441fdda13e03a037db267ad6287085247d3c6773d0c6
Size: 1.02 MB - conmon-2.0.15-1.module+el8+1219+5d34baa8.x86_64.rpm
MD5: d640286909a47e2055a6b3ebe29f8e4b
SHA-256: 26b4656ef2139334e7b13afbddb36b5d0b3f100f06f742dbe1e4a5593fe1f289
Size: 37.33 kB - containernetworking-plugins-0.8.3-4.module+el8+1219+5d34baa8.x86_64.rpm
MD5: fb0d309b2aa58ee768dac568aea361af
SHA-256: d00655cd009ee55006a09cf2fc6c7bcb104f96ccc3711c8e4e1c9b121d2ec8b8
Size: 20.31 MB - containernetworking-plugins-debugsource-0.8.3-4.module+el8+1219+5d34baa8.x86_64.rpm
MD5: c8ae12b9312d15559e189fe0fbdf8183
SHA-256: 6c564c19c8c28dd0f9336096379b4ecfea861524e75fe473746e8289b1a893be
Size: 301.26 kB - container-selinux-2.130.0-1.module+el8+1219+5d34baa8.noarch.rpm
MD5: a6dd1c92bb0a7c57456a42ff6e5df083
SHA-256: 999b9a6d1a958b3281128f507d4a66cbaff664ee6c534912f2bc331e173b91cc
Size: 46.00 kB - crit-3.12-9.module+el8+1219+5d34baa8.x86_64.rpm
MD5: f3ccf9f06a84d4d493d3a2cbf0384353
SHA-256: 4544beb56370b841d2038d917a4632153e0b033f64710b29cd777e460bde383b
Size: 18.00 kB - criu-3.12-9.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 5c2ba7d525fc4051490de58ca2d80054
SHA-256: d3d8317fcd1cc5166eb0cd62577741e4fe4e7d52d95db6a83dc5517b1ae84353
Size: 480.95 kB - criu-debugsource-3.12-9.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 5c3bb0e4d5b378a802a4d397e740f5c5
SHA-256: ba09548a78e40b48c9c2caa04f6bd05186f75290c88ba850936cdb562a2c54d1
Size: 622.90 kB - python3-criu-3.12-9.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 0c75bebec65e160e2c9a4af48f5249ab
SHA-256: 352006e6e81c5a61da15ef12d61c2074c13462e8591fe44c1ce4ecce17cc2ef0
Size: 155.80 kB - fuse-overlayfs-0.7.8-1.module+el8+1219+5d34baa8.x86_64.rpm
MD5: b88853d7a89104c0cb3517cc151bfb7d
SHA-256: 0131e44b3022efbc630cd8f7d0ab48ae6724b6af1ebff96b3ef3208d134124e9
Size: 58.80 kB - fuse-overlayfs-debugsource-0.7.8-1.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 6809b7332be5658121818c4dbacd274f
SHA-256: 9c33f3a46be850d45c63201da92a22183c83c2a18f746c1cc050bc9ffa22e822
Size: 47.81 kB - podman-1.6.4-26.module+el8+1219+5d34baa8.x86_64.rpm
MD5: af122c8e5d5275aceb3b985bfa066d26
SHA-256: c8e1bf6103010ccc1db1e14c76b1f723ea6c8861e4c621bc6c8fb4031c05201b
Size: 11.78 MB - podman-debugsource-1.6.4-26.module+el8+1219+5d34baa8.x86_64.rpm
MD5: dee7eb26928826edfa7617d1a6000618
SHA-256: 9084c7dff998444ff0007473e1abfc8e44f312b849d7a0301bc7d491f53f03fd
Size: 3.31 MB - podman-docker-1.6.4-26.module+el8+1219+5d34baa8.noarch.rpm
MD5: 0f4ea4db851e5aab83bfc1ec671e00f9
SHA-256: 23a62c1b0d8a1211a70b930f37d9ecca889e3eb6fd3bdb31054bc21473cd79a7
Size: 36.52 kB - podman-remote-1.6.4-26.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 5a8623d08435469325756126413e6aa5
SHA-256: 2f4abb95117048dacaf27e1a85889cd4a46f114b25ce01fba25357512108a95c
Size: 10.89 MB - podman-tests-1.6.4-26.module+el8+1219+5d34baa8.x86_64.rpm
MD5: a246d0c2f4d888c7fca687a64c9e79bc
SHA-256: 678f46f7adbbb75066892369d634cf557174a6ea131c6897f4b9574dd4f0a7c7
Size: 47.63 kB - python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8+1219+5d34baa8.noarch.rpm
MD5: 30ea45a45c5dbd0067c946d5164958ec
SHA-256: 2e9f37c5bf75de3b91c2543faf449c3052d54576bf1840efd4c7c0e77596dde1
Size: 42.00 kB - runc-1.0.0-64.rc10.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 5770586faffb49ebcce48ecb472d276c
SHA-256: 5d886d1422acd24e4b93a1e64c049e061f9fbf599d13c8d978218d46f46d62e2
Size: 2.66 MB - runc-debugsource-1.0.0-64.rc10.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 2586c225189846181307e30deb284537
SHA-256: 4b0d131aeb4e9d1b0b5cfc0677a0bb53216552e6e3f9f9e04357089185d0c6aa
Size: 479.35 kB - containers-common-0.1.41-4.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 07c08bd259d5b4d889e43973014d603c
SHA-256: 68c1c57be6cd8710bb860bd4fecfd7d1396a28e661b7cd1dcf720f1b203afaf8
Size: 49.30 kB - skopeo-0.1.41-4.module+el8+1219+5d34baa8.x86_64.rpm
MD5: 93dcf8c1ec6c789150b959f5f7e40980
SHA-256: 876ce06a129a037d0958321ef79fd8bd477f253c3fb2cb9504d2413ce55ae524
Size: 6.47 MB - skopeo-debugsource-0.1.41-4.module+el8+1219+5d34baa8.x86_64.rpm
MD5: d3e9df3a9b2897b6a615b69926adcd19
SHA-256: 96a079d710bc35a4c23fc56efd0055226ae3688b17df92c222be455a82ccf329
Size: 1.75 MB - skopeo-tests-0.1.41-4.module+el8+1219+5d34baa8.x86_64.rpm
MD5: b3113622aef5dd70db5e0c66f8c641cf
SHA-256: 3278938bc69bfd01536f1898e59dd3da87f742739bd56cc209094c01ba0030e5
Size: 32.18 kB - slirp4netns-0.4.2-3.git21fdece.module+el8+1219+5d34baa8.x86_64.rpm
MD5: a3479286a159e9d04720100414abbffd
SHA-256: a788f5b968fab95b8cdbfe5956599ba7edd425ea6c35b586e6eb329bec844526
Size: 87.06 kB - slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8+1219+5d34baa8.x86_64.rpm
MD5: a4c022742cfa7c01ff2e7c3db740f78d
SHA-256: b7c7cd661e17bef04934bcf1006b143feb6143388a291a19530956834af04f8a
Size: 128.32 kB - toolbox-0.0.7-1.module+el8+1219+5d34baa8.noarch.rpm
MD5: 842a55fb7ba6ef4b7cbfa03302fad23e
SHA-256: 4dcdb6149891f527891d3ef71e00714a46495e335fe297814725e82cc518722e
Size: 14.37 kB - udica-0.2.1-2.module+el8+1219+5d34baa8.noarch.rpm
MD5: 7c29d6296338716862aaad2d74ebfbf7
SHA-256: c7f6fc58f478de242b9de35509fa2a8ba6283375bc98e801de9adc9074586365
Size: 47.10 kB
日本語