container-tools:rhel8 security, bug fix, and enhancement update

エラータID: AXSA:2021-2808:01

Release date: 
Monday, December 20, 2021 - 11:57
Subject: 
container-tools:rhel8 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* buildah: Host environment variables leaked in build container when using chroot isolation (CVE-2021-3602)
* containers/storage: DoS via malicious image (CVE-2021-20291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
CVE-2021-3602
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Modularity name: container-tools
Stream name: rhel8

Solution: 

Update packages.

CVEs: 
CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
CVE-2021-3602
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. buildah-1.22.3-2.module+el8+1345+1998c697.src.rpm
    MD5: a72a245ee0295cf6fd22161ad6c2bb27
    SHA-256: 1991d5aad358b28dede347426a7ec86fcbd91cb1f26c894a4a2f508044975eba
    Size: 10.91 MB
  2. cockpit-podman-33-1.module+el8+1345+1998c697.src.rpm
    MD5: b2d648162e538dd408348f4ace0ad8dd
    SHA-256: 4143c1470325a8e6d1b95fbcdb9566eae202a18b4705134c03084b3bf1a60f05
    Size: 615.83 kB
  3. conmon-2.0.29-1.module+el8+1345+1998c697.src.rpm
    MD5: 61c028726cee98b6b5df7f7217e693ed
    SHA-256: f358e24ceba86942a978e1e5bf03063d793f5847df9a7c604dc81157a386b868
    Size: 169.59 kB
  4. containernetworking-plugins-1.0.0-1.module+el8+1345+1998c697.src.rpm
    MD5: afae55104dafcb7fcedf12510d2d5b21
    SHA-256: 0411d0a307319257c2917d6bd63411c3cc638aeea3ee543700c0e24c7f9c0a23
    Size: 2.84 MB
  5. containers-common-1-2.module+el8+1345+1998c697.src.rpm
    MD5: 721383c88cd70a9e2cfadf796f6e7fd9
    SHA-256: cea04f4e82903b7f763de095abf13710d3b43da45c682590c9a752aa229f8d7e
    Size: 72.56 kB
  6. container-selinux-2.167.0-1.module+el8+1345+1998c697.src.rpm
    MD5: 3bf7ccb7b0591f848b756508db93960e
    SHA-256: 09b942eee5a8b567d093ea6ec544b276fe975a6d2ea05ca1fb7ea493b0c068ab
    Size: 51.87 kB
  7. criu-3.15-3.module+el8+1345+1998c697.src.rpm
    MD5: 0994d8faa9f9145dfe850252afa9819b
    SHA-256: f57476bf8e7baf6de8c0103518633c0e8fb87da986e00454b1883159587f2567
    Size: 914.19 kB
  8. crun-1.0-1.module+el8+1345+1998c697.src.rpm
    MD5: 68ca4ebab69ece6a71c772b7fbb7f7ed
    SHA-256: ee2566c388d8f9b227ac773313b2f871c4423fa6b5bc813d70ee54fb1c813e0f
    Size: 1.80 MB
  9. fuse-overlayfs-1.7.1-1.module+el8+1345+1998c697.src.rpm
    MD5: 9492047a6c45e3b597d021b5b0841771
    SHA-256: 2d9d81a2e262938493a6f811a7ca2c8bc23e9abcdf0152912f0143bc04969811
    Size: 114.45 kB
  10. libslirp-4.4.0-1.module+el8+1345+1998c697.src.rpm
    MD5: ae607a89cc80cd5f48bacadb68c597cf
    SHA-256: 2abe1177fbc9b6179cccde62b9735a267bf309db6c7b847bca2025d9c474630b
    Size: 114.81 kB
  11. oci-seccomp-bpf-hook-1.2.3-3.module+el8+1345+1998c697.src.rpm
    MD5: 59ea57f297db6d3473393f70ae800b26
    SHA-256: 66f12798bdc450560b787e48f0a0786bbf9e3bbc7cd5324c304a8cc0f601bed2
    Size: 1.08 MB
  12. podman-3.3.1-9.module+el8+1345+1998c697.src.rpm
    MD5: c4aff4900d00bc99febcae51148f73a1
    SHA-256: a4273e61f95c02bfbc52c15eee5460e92422b9e3afdfee7e3e13a30800f09abd
    Size: 16.81 MB
  13. python-podman-3.2.0-2.module+el8+1345+1998c697.src.rpm
    MD5: e6f7ea7e74e2e83e1d856dda0644115a
    SHA-256: 94dced8f93fe8d57a2c6da6b3bb1f32a9914e4c69d9b94d0d8cd30630226ce01
    Size: 169.15 kB
  14. runc-1.0.2-1.module+el8+1345+1998c697.src.rpm
    MD5: fc4a8583254bddf51925031ddf798226
    SHA-256: ef7edd1e035fc431b6574a4f0fd5d92664387c802fd55671a41c89f188e532e7
    Size: 2.25 MB
  15. skopeo-1.4.2-0.1.module+el8+1345+1998c697.src.rpm
    MD5: 399d0ee5140d9fe7f322649372963c91
    SHA-256: f025e50c5a7f1ce28c6897dcf03ea2a3119cb13e0906b80c95db0a0eb1b221fb
    Size: 5.32 MB
  16. slirp4netns-1.1.8-1.module+el8+1345+1998c697.src.rpm
    MD5: 148b4ac4921d8ce246182718ea7019f4
    SHA-256: cd3f6e832826a072cf425c331d22f33dcfc14f2623233e2442264825d345e13f
    Size: 67.48 kB
  17. toolbox-0.0.99.3-0.4.module+el8+1345+1998c697.src.rpm
    MD5: 038a5997fe25d012478f0d9477eb542a
    SHA-256: 8b95d6afe8c2622124d9750589c9d4d62d0daddec968c6161d7654e15ba778e4
    Size: 5.88 MB
  18. udica-0.2.5-2.module+el8+1345+1998c697.src.rpm
    MD5: c1e60065bb181ddc7014efab7d861315
    SHA-256: a9cc3769eb93f821f88b6a2f8a8c65cd2a13df38362b37b64ea66a6b511a3417
    Size: 135.34 kB

Asianux Server 8 for x86_64
  1. buildah-1.22.3-2.module+el8+1345+1998c697.x86_64.rpm
    MD5: 6569f80abbc7ae163e4dc607e8cfd7a9
    SHA-256: c74159cfe46c3cca99da8d3722280896dd3a900910450c9c31684d6aa0ac78c9
    Size: 7.73 MB
  2. buildah-debugsource-1.22.3-2.module+el8+1345+1998c697.x86_64.rpm
    MD5: 4c6b3bd96051fa6cc76e304b4b8e78c5
    SHA-256: 5e7b1622557a0a3f50fe3c23b350ced6a7974c917c35d865069ac2e7742bbe53
    Size: 2.94 MB
  3. buildah-tests-1.22.3-2.module+el8+1345+1998c697.x86_64.rpm
    MD5: 9c62fc09ebb595cdf48d438a5f2bad57
    SHA-256: f2ec032471b85c038e1134cce7747562707b54e17dbbdf59281e7c598bc8ec0a
    Size: 16.12 MB
  4. cockpit-podman-33-1.module+el8+1345+1998c697.noarch.rpm
    MD5: 55b24818fb28e819dcc29137b44ff463
    SHA-256: 9509c6216f9a1363fb1bb3b64981b24ca7e04632110d40db9a343827509ae69a
    Size: 436.20 kB
  5. conmon-2.0.29-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 6361cde7a22c15928d2f18784e2ed411
    SHA-256: b835900bca8ec39393e102b6a6afc35fe1a501f34dfd43febcdf2f9e823f2c1a
    Size: 51.23 kB
  6. conmon-debugsource-2.0.29-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 15cce9bba0164b34cbde4ad49590fd75
    SHA-256: 84a2814b8126a4a68b6816b43806e48212156089a402d9cccdeb6b6fe580eb74
    Size: 42.92 kB
  7. containernetworking-plugins-1.0.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 820320decbf5651512222f19f4e3ce5a
    SHA-256: 7af8312719e06bde0ceb8f5c5f732cd00ebb9ccf7ac4f87d949a2c38e132d3bf
    Size: 19.10 MB
  8. containernetworking-plugins-debugsource-1.0.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: c1d5fa5ece4717144a8c94eafb6cff92
    SHA-256: 14b4994c9b600fdec9a1f8aec6c87f31385cb912af26dc85cf75a91a04aae3dd
    Size: 366.50 kB
  9. containers-common-1-2.module+el8+1345+1998c697.noarch.rpm
    MD5: b784db405dbb3c77901e920028f72c30
    SHA-256: 177bb6640c9c84baa215aff887c7e0cb4197a8baf8e9710aabe1ebf51aa28795
    Size: 76.08 kB
  10. container-selinux-2.167.0-1.module+el8+1345+1998c697.noarch.rpm
    MD5: 6ce882f743047ea8330f85ab9042b561
    SHA-256: 64980c0965b4bccf2076a73a239c814c1be511f335549f843f85e87339af53ea
    Size: 52.53 kB
  11. crit-3.15-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: f68e056ba656fe78526cdcdfe195b6fb
    SHA-256: 696105f64804d0857f7efa14df86c45e2d932df9f29ca0d601af9f5dfb246270
    Size: 18.61 kB
  12. criu-3.15-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: 7bb71eb5f13664f2072f1d389aaabbfe
    SHA-256: 85a766703c6fb91e6c01eaded8955b9727426f2c6e7ecd1728b5893cb9359345
    Size: 516.58 kB
  13. criu-debugsource-3.15-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: 37949ac36cf57924d153a9ee78a80ee4
    SHA-256: 8099ca05c81bb5fb5a0a3082cc26eb51dd6f825c40aab02afea9749a0efddbe8
    Size: 675.35 kB
  14. criu-devel-3.15-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: 8a14f5e544e316d83087183e6ed02df5
    SHA-256: e9a92e7dc0c4f59dbacd32ba552a33e3d16d75a2ff7cf46973d74fade2cc3975
    Size: 23.82 kB
  15. criu-libs-3.15-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: aaa29a5e810c62827a7ae7639421689f
    SHA-256: 5471a94ee5cba5ba1b0b7c19b68a3696dec8a1bfd9f39c491c91421b4b9f2446
    Size: 36.67 kB
  16. python3-criu-3.15-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: c0a249db2aba85ac44d8334ed2982591
    SHA-256: babf6006feb07a66cfd2c5341846f92928b5d936f3155f3fe5edbde574c61e2f
    Size: 168.80 kB
  17. crun-1.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 40863261a544226cbd13f379f0821f0f
    SHA-256: 9b01f713a547e694eae602234359515ee32b84e444b4f084119c2bf5e138ad3d
    Size: 191.96 kB
  18. crun-debugsource-1.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 2ee06d80658f4c5eb59b3aeb9c202ac4
    SHA-256: 3637ed330c65e4633f597db60cd0df93e6bc3675ec46a924a6e5157b7d4f9a76
    Size: 141.78 kB
  19. fuse-overlayfs-1.7.1-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 0031033a9efa12e341fa9b8149f5d9b8
    SHA-256: f6cca3efdd7e1cc3052585c2b056dae2a4bd96ef3d380a8e18c0fc16aaa2411a
    Size: 71.39 kB
  20. fuse-overlayfs-debugsource-1.7.1-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 094ac269621015146569b846f79328f3
    SHA-256: ad85ceae95dab5c200191c2aceca083fd17920f701feecaf67fcd1bcf51a0cb6
    Size: 53.29 kB
  21. libslirp-4.4.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: eb2991397aad1a2809bff5c0a8f6e0c0
    SHA-256: faee4a29a064b6e17ac1c4998fb998460cd740780a9fd3c6998fa7d1a60e5e71
    Size: 69.14 kB
  22. libslirp-debugsource-4.4.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: b03031fbe833970ca11826fd1bb33fd2
    SHA-256: a3f53974d19345acaf917d76a2b275f6ccfa6bc10802565c4395869d1c3bdaec
    Size: 114.44 kB
  23. libslirp-devel-4.4.0-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 89e247657597f4148da538f529fe0c75
    SHA-256: 122bea5b9aa46658ee4cf9d36397814752123cbd2503d1196c89d6e5ea90f1b3
    Size: 11.30 kB
  24. oci-seccomp-bpf-hook-1.2.3-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: f7987fa4d6649d4759a9da97e43af637
    SHA-256: e22b5f274db6014f54eb5478c27ec61e593470390bda17e2494e58adaed53d59
    Size: 1.07 MB
  25. oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8+1345+1998c697.x86_64.rpm
    MD5: d34f77951d77e551c041daad53f1dfa5
    SHA-256: 8514dd4cd6d73815df0bbefe35cd616949685354a372b77110e20ed44d4f670c
    Size: 158.07 kB
  26. podman-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: a70472c742116e8d2ca4cefdd67cd6b6
    SHA-256: 7d901d06f8aec7ada9fb7a179a4bc25f133ec31a1bdd591faa143d14d6e17e85
    Size: 12.10 MB
  27. podman-catatonit-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: 4c04f672e5208a40490827fa196f8cce
    SHA-256: b8279fec8e8d3acf409d5bb728341f5ab97e4ad1b414afbed5d79dbaaaeb04ac
    Size: 339.20 kB
  28. podman-debugsource-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: d13e52aa31816cd659f91db0c13f9d34
    SHA-256: 960b2803cfda4a74b974e4294aabb6f1b383d5dd6b5ec8c5a06699b83b90a06c
    Size: 5.69 MB
  29. podman-docker-3.3.1-9.module+el8+1345+1998c697.noarch.rpm
    MD5: 2cf0e97c6e74a636999ecb24bb8b5f02
    SHA-256: 29d6b48b4f14f2935771188e99f26f2316f6464a4fe720cbcdf251431f5b9047
    Size: 54.37 kB
  30. podman-gvproxy-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: b7e079e49634ed9f2a70c15bfbf84f48
    SHA-256: 883dc3be0964ffe5f8eeb419fa6167791318b6f31eb82ce5ca8a0b0fb2aee889
    Size: 3.41 MB
  31. podman-plugins-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: 7f5ddddb4fa692092f5fc961df6b03b7
    SHA-256: 1d58c54b58fa355e344fcc017d2341c3c14d9274e3e845f565ca4926689b3269
    Size: 3.10 MB
  32. podman-remote-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: 530f4189fb2a557bc04dfd25825ea82f
    SHA-256: e866a8d9635693dd0b9c404cec6f33f8578dc4b2909ec2b0aea201448b5a58cf
    Size: 7.60 MB
  33. podman-tests-3.3.1-9.module+el8+1345+1998c697.x86_64.rpm
    MD5: a2adb94dbeec8660bcaee82b92c963dc
    SHA-256: 7a023b42229a899139bf677ace5723c003fa362351443ef6d091fb6562d63506
    Size: 144.41 kB
  34. python3-podman-3.2.0-2.module+el8+1345+1998c697.noarch.rpm
    MD5: f5df6fa3f89d28b35fb7daaf7f3c4ac7
    SHA-256: 084998f3e54d263304361834efd5ab313ea18cd8c3a6b09a1e5aba2ff0057b25
    Size: 147.23 kB
  35. runc-1.0.2-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 7c7e6df1e53b7c91b42ed20590cd7de7
    SHA-256: 1d0cb2d7ab35835a424413033f66882f657dd79de2b209b3ab4ec136ab7b5c1a
    Size: 3.08 MB
  36. runc-debugsource-1.0.2-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 6166067f4bd6d3d8c9d4d7fa76f81416
    SHA-256: cf8482555c46018c8712fa33eb24b4916c033030f836e11eec491bce515b2e25
    Size: 915.58 kB
  37. skopeo-1.4.2-0.1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 9205c1aecf98c209fbf8b2d1ad06c400
    SHA-256: 0c2a5abaef5c3784f51e7c6cb46ddb39f025f0f9be0921b918337efcccd4136d
    Size: 6.69 MB
  38. skopeo-debugsource-1.4.2-0.1.module+el8+1345+1998c697.x86_64.rpm
    MD5: f0fe4e45a10aaad4af260ab476d0b3d8
    SHA-256: 47cf48ad549538992126fdb89bffdf7d7b6f10f937d9015c73de601e285cba5c
    Size: 2.42 MB
  39. skopeo-tests-1.4.2-0.1.module+el8+1345+1998c697.x86_64.rpm
    MD5: 110aabfbc9d90010f3849abfa1fbe43a
    SHA-256: 9b1fe358367da07afc9d23fd827560919dd52d3aed8cad4dbf1df73d23eb7cca
    Size: 43.52 kB
  40. slirp4netns-1.1.8-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: a61353702e728e619f5ca88f9829f9b0
    SHA-256: 9d18c16894417fce3f3a0dc8f25ad98c29bf9b2c87715d20bd87ad07a2f46014
    Size: 50.02 kB
  41. slirp4netns-debugsource-1.1.8-1.module+el8+1345+1998c697.x86_64.rpm
    MD5: ac92febfde322c3f7078bd17a2d515eb
    SHA-256: c9bcc74bffe326ce6d2abdcc50e422c2383bd1a0d1ec9bd781df874115b5badc
    Size: 38.62 kB
  42. toolbox-0.0.99.3-0.4.module+el8+1345+1998c697.x86_64.rpm
    MD5: da2904bf59b3cd46eb8099d50eeb59e7
    SHA-256: e815c8bca2312e69e9e0fa66f2d76e27b5a715398b963d9dbf2e5a40d3e3a116
    Size: 2.25 MB
  43. toolbox-debugsource-0.0.99.3-0.4.module+el8+1345+1998c697.x86_64.rpm
    MD5: edd51de65ff4e460dd1f47c6b5fa615d
    SHA-256: cbc03d0b21469f02dc903a3494d291c87355398419d2a646e1d6e373ff699501
    Size: 449.75 kB
  44. toolbox-tests-0.0.99.3-0.4.module+el8+1345+1998c697.x86_64.rpm
    MD5: d0cb361ccbb496997962bf863f3ca633
    SHA-256: 5dc782e3c65416a134d9e7e092b96da60e8c65e8ee6aea95188fd685a0fb3523
    Size: 30.18 kB
  45. udica-0.2.5-2.module+el8+1345+1998c697.noarch.rpm
    MD5: 35e92dcc27807f548ba4987fe16dd9a0
    SHA-256: b5bf3878b7d01586ac9c8d19f0328ae8c1285dd1c32472a7822fdb6eb85a25f4
    Size: 49.51 kB