container-tools:2.0 security update

エラータID: AXSA:2022-3170:01

Release date: 
Friday, May 6, 2022 - 06:11
Subject: 
container-tools:2.0 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)
* buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-27651
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Modularity name: container-tools
Stream name: 2.0

Solution: 

Update packages.

CVEs: 
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-27651
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
Additional Info: 

N/A

Download: 

SRPMS
  1. buildah-1.11.6-10.module+el8+1409+0aaa263e.src.rpm
    MD5: 90a81d9c16bfcdbcde69c26089145734
    SHA-256: b6a3971cdc5b803ad35ee68172bdaf20e127ff8687aec861684203dec03993e5
    Size: 9.67 MB
  2. cockpit-podman-11-1.module+el8+1409+0aaa263e.src.rpm
    MD5: d68cdce51d095e94ce4ca5d8d8c17cf6
    SHA-256: c52b8624ce86a8673a11174882a337e38abe824c1e86c94f57a94a41ca69c34b
    Size: 1.36 MB
  3. conmon-2.0.15-1.module+el8+1409+0aaa263e.src.rpm
    MD5: ac8aa0fa309382f6d94f84c662fbe3bf
    SHA-256: 76ba42070b99481d9dd64caed6be265ed097861459ca136dcbfbc1180bbc6fc3
    Size: 68.76 kB
  4. containernetworking-plugins-0.8.3-4.module+el8+1409+0aaa263e.src.rpm
    MD5: 001dd3285854438e1055633753f10c28
    SHA-256: 2d023fffb32509a5c53b6930b56c4fce7a7331cd8251947faf12b37895ef0a73
    Size: 1.86 MB
  5. container-selinux-2.130.0-1.module+el8+1409+0aaa263e.src.rpm
    MD5: 8141b5bbdb5a45c8ff1605774ce0ff61
    SHA-256: 956c3099f3ec9a8864f95ac44137cd2e9006c1c8afa97f4ec8f8e71ec8fc30fc
    Size: 44.04 kB
  6. criu-3.12-9.module+el8+1409+0aaa263e.src.rpm
    MD5: 021415bb3cee5e0ed8b976c1a8bfc152
    SHA-256: f5f0ccdd4baebe1ff578962f73040f4b09938779b87746a3bcac172f667a35c6
    Size: 831.08 kB
  7. fuse-overlayfs-0.7.8-1.module+el8+1409+0aaa263e.src.rpm
    MD5: 64c7d74cdc845e571c8c0a8431beb2f9
    SHA-256: 76e47cbd2c9f44b82b6d2a7fd443c6dbafd5a6b17cc372a3e3f2e9534d2f1202
    Size: 103.65 kB
  8. podman-1.6.4-28.module+el8+1409+0aaa263e.src.rpm
    MD5: 0ddfe4385b5d1ba43d18ce74541929b2
    SHA-256: ceef2fb4d9bf4bcbb67238d4c28279b18c262b79f9f6bcefe32e53d51f5526a1
    Size: 7.69 MB
  9. python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8+1409+0aaa263e.src.rpm
    MD5: a6b36f8238cfa7d287e30c975a819951
    SHA-256: a70e9b39efa3eb98a49ba0e9fa876c17b1bc6aaf4483943a4828a61ac0672a04
    Size: 39.38 kB
  10. runc-1.0.0-66.rc10.module+el8+1409+0aaa263e.src.rpm
    MD5: e7ed5cbe02e6363e8d8ccbc5c29146d3
    SHA-256: 715184636e64895df56baf8ccb8e27783d52fbee3e7eda41286498e403a524d7
    Size: 1.80 MB
  11. skopeo-0.1.41-4.module+el8+1409+0aaa263e.src.rpm
    MD5: 90459ec08c6885cc5b3851c957be26c4
    SHA-256: eba74a265eb6bc468ab0898d2309dc9a22e8581a296773453b888a1fedfee8df
    Size: 4.42 MB
  12. slirp4netns-0.4.2-3.git21fdece.module+el8+1409+0aaa263e.src.rpm
    MD5: 228531915c7e1989f9b5178569d145ca
    SHA-256: c6b555d790d20f335db1da22ec1438c2c72c2c84c89aac3315977d148d5d20f9
    Size: 178.55 kB
  13. toolbox-0.0.7-1.module+el8+1409+0aaa263e.src.rpm
    MD5: 3e6b788ac9c1a6f8e5d5b52e7f7aefee
    SHA-256: 996671e3639c06af4c80d29a0158800e9fe19ceb3463e0f84223178269c60e88
    Size: 18.78 kB
  14. udica-0.2.1-2.module+el8+1409+0aaa263e.src.rpm
    MD5: a13d0a5a90ad8aea09459539593b384f
    SHA-256: 5c098887386dc556df9e9b9dff98dc09bebf67544ce083605197bc78c27b2a4e
    Size: 128.14 kB

Asianux Server 8 for x86_64
  1. buildah-1.11.6-10.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 63a213fad6105d56d8d01fdcedb1fbc1
    SHA-256: 880bd39b1b8381aa226b25b98827c791a616d201f4f68197bfee924656d735e3
    Size: 7.08 MB
  2. buildah-debugsource-1.11.6-10.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: cc5f5e1d9c77eb499503a1bacecccd08
    SHA-256: 1cab7ed7b718dc8a7a71ddc7c538b82cb0435477b16235a7b0214111f8635e14
    Size: 2.43 MB
  3. buildah-tests-1.11.6-10.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: b0f72ca4ea030d35c5bb707298b04b02
    SHA-256: 53baf9d1e6d1c355f70da538286b940af46d2c95d82f13d85adc70c434745c38
    Size: 8.56 MB
  4. cockpit-podman-11-1.module+el8+1409+0aaa263e.noarch.rpm
    MD5: 1add0a1434ca2b966a288782af57e7f7
    SHA-256: 2918134c27614811bbaf15c4d38596c7e90c1b76e8e7f1394098a0c5205b73bc
    Size: 1.02 MB
  5. conmon-2.0.15-1.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 57392902735902fdd51b853181c3e76f
    SHA-256: 89a50e6174e30f99c654efaee8501af6c2ac4e6891519eebd697b1b0f186ce0a
    Size: 37.31 kB
  6. containernetworking-plugins-0.8.3-4.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: d6e05847bc1eee73545a31d028201b15
    SHA-256: 7b6831e52df2b74f717c682710ebc1c18b7270eb57044f7d49533f44a717c781
    Size: 17.70 MB
  7. containernetworking-plugins-debugsource-0.8.3-4.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 68118cd2814ebd144e5cf3a480f4af6b
    SHA-256: 15d0b4755e65dc2d19f71138bab8aa59934af587ebefe9442cd1a85fbbe10bdd
    Size: 301.26 kB
  8. container-selinux-2.130.0-1.module+el8+1409+0aaa263e.noarch.rpm
    MD5: d8bf39b222b2d0cdfb56c9e18acab3fe
    SHA-256: a7ba53779744838b784b29251ddb100a58d181e982503310526941f86d875493
    Size: 46.09 kB
  9. crit-3.12-9.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: f6f9c3cac27c01648f387d344a5b4975
    SHA-256: d2713da83810dccb257c9e6c84e875cc0e76398e8c938939f303a07e2a556af6
    Size: 18.00 kB
  10. criu-3.12-9.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: ec9153b7ca67c580f365ddf862dadfe2
    SHA-256: 5968e30bf64e363e50c686b7b65df62e7d3b104909498bf9dbdba49e9294d92b
    Size: 481.15 kB
  11. criu-debugsource-3.12-9.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 4246718e4e39e084c53bb7c804df96cc
    SHA-256: ccbe5f870bfc466be2072ec120f8942c40a6bd08101f052c7fdf6aa48538f67a
    Size: 622.97 kB
  12. python3-criu-3.12-9.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 964e54d5902a6b144894cd4262d6f1f1
    SHA-256: ff450c5806ee77f45a2290d07d054c55e3ab0c4ebc9789027a44ccd75b916fb4
    Size: 155.78 kB
  13. fuse-overlayfs-0.7.8-1.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 6c35dd84443618515c968fb075bbef18
    SHA-256: 278b4784534fd3831b85b528143d89a0e4a347708e154a04b52029071e022330
    Size: 58.77 kB
  14. fuse-overlayfs-debugsource-0.7.8-1.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 95411eeb8a3b5ca007fa2aabfabc0aa2
    SHA-256: e12824da75122ae983af7838ebd44bc47946a8c882c280b339d16eaf1d422ac4
    Size: 47.80 kB
  15. podman-1.6.4-28.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: eb6ec547877310c20098c17b38c5adba
    SHA-256: 28534a866d89f7ab60e6e2c81d2140f996def52dc93cbeaf485687e5a1f4c730
    Size: 9.23 MB
  16. podman-debugsource-1.6.4-28.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 50cfa3b5057e1bdaa8bdf3160ba7ef90
    SHA-256: be9569f11c403d1ff4833b9ce7240433f8d773d69d662610793f4f2a9ed9ef9e
    Size: 3.30 MB
  17. podman-docker-1.6.4-28.module+el8+1409+0aaa263e.noarch.rpm
    MD5: c3fc6bb76905e68b8f7c5b3e2b7ecbac
    SHA-256: 1b1a778fd7ccec06bfebd0a72270b2981d8b62acb859c4362953ca3afdcbf1fc
    Size: 36.96 kB
  18. podman-remote-1.6.4-28.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 2830c0959c22313942d25b3332821f00
    SHA-256: b7db44cb58fef8f4b66617dac0bef9d87b9d94776bbf38956d0396d7d98eb935
    Size: 8.80 MB
  19. podman-tests-1.6.4-28.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 0d78581be553633289ccfaeb95f0198c
    SHA-256: 9d1d6c994e485d649095854b1b7781c0cf9f507f4f55b18e9d682e975ce65a29
    Size: 48.07 kB
  20. python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8+1409+0aaa263e.noarch.rpm
    MD5: d7e22c3c8d22555477411a2f697cc900
    SHA-256: 817a9b6d3b3070106d34d31cbc6c19e1cc177bc3e194d6c2b009d0d95ab2c552
    Size: 41.99 kB
  21. runc-1.0.0-66.rc10.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: eeda727913c67955b15529ddf34f2ce0
    SHA-256: 338c3173cdd40d14923cb27fe5e2efa8af53a8f4152a1d971bfad9e1a7bd1e1f
    Size: 2.24 MB
  22. runc-debugsource-1.0.0-66.rc10.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: d95d1568be4f797da9e97f996dadffbd
    SHA-256: 40f723fee0873f155300a4240fdedd7bacd03611ce7dc5ea01caa96164836ad3
    Size: 480.30 kB
  23. containers-common-0.1.41-4.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 65e46651c9ca936afb3b4f8b326d460c
    SHA-256: 2a7f9dfb55ab10d68df1feec48c212fbef2c7ba93bda0ebbc55abc0a75c98ce1
    Size: 49.29 kB
  24. skopeo-0.1.41-4.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: ee57f1beb2bf4e193ef06877b194b492
    SHA-256: 51536592d6f3eb8dadec6b0227d96172474cc50d59bfe914bfff2fde05c87452
    Size: 5.37 MB
  25. skopeo-debugsource-0.1.41-4.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 9fd56d66acfacae10f2e18090d109971
    SHA-256: c93a15ce0155e12dc5319d0c3f0717c959d9911e8007b0a9811b333c2209aa2d
    Size: 1.75 MB
  26. skopeo-tests-0.1.41-4.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: a6899dd69bfdbce9cb8ca12a19293f25
    SHA-256: 77e56e76133da082cd5bcf8e490263f090e07df7fa5684907412c99228e4e884
    Size: 32.17 kB
  27. slirp4netns-0.4.2-3.git21fdece.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: f5c2d82da69041badbb72dfc5fb42aef
    SHA-256: 10d69f7eb956d2719ccb06df292c8ad84df9050981bf64b885ca983512ba83a4
    Size: 86.95 kB
  28. slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8+1409+0aaa263e.x86_64.rpm
    MD5: 6fbb51050e7a9fefeb598103a8fdd8bd
    SHA-256: ea6ceccecfebe63a4d040dad1b7f3b3b4a1715c590edebc28bc1f7b4cfc38d2b
    Size: 128.31 kB
  29. toolbox-0.0.7-1.module+el8+1409+0aaa263e.noarch.rpm
    MD5: dfbe16eac2aed57f921c21ec6bba18c8
    SHA-256: a4a50d20f55edef286f7a0b6a531d515c2a3db33614b31a2d0898747e4c007b3
    Size: 14.36 kB
  30. udica-0.2.1-2.module+el8+1409+0aaa263e.noarch.rpm
    MD5: 310bba633d7942b16bdfc379a176ad35
    SHA-256: d1830b56fcd9a0825d14f7cda02f5837113eecf3246673de86290da7262b3fb8
    Size: 47.02 kB