container-tools:3.0 security and bug fix update

エラータID: AXSA:2022-3596:01

Release date: 
Friday, July 22, 2022 - 08:01
Subject: 
container-tools:3.0 security and bug fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Modularity name: container-tools
Stream name: 3.0

Solution: 

Update packages.

CVEs: 
CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Additional Info: 

N/A

Download: 

SRPMS
  1. buildah-1.19.9-3.module+el8+1443+d9745d3e.src.rpm
    MD5: bb2e1137ca9ad78e6e46a28d0f3f6562
    SHA-256: 5edd50d7d9027af44edcf90f176e7c8a8b5e0a2c32f05f0aa89f7019df759d2b
    Size: 10.07 MB
  2. cockpit-podman-29-2.module+el8+1443+d9745d3e.src.rpm
    MD5: e78c3edf48ca5953b7b25ad02499d7f7
    SHA-256: f7a6ef936acda425cf27d064be250fda9d5db774d30486c7d3f07958ed5c0570
    Size: 1.34 MB
  3. conmon-2.0.26-1.module+el8+1443+d9745d3e.src.rpm
    MD5: e43b9f576dddc50f4a759f9e09a6aeed
    SHA-256: 4af36233ac2b14098f7a7f48a153c90a99f8e6b44f327d387dd7d40ce754bc5d
    Size: 113.22 kB
  4. containernetworking-plugins-0.9.1-1.module+el8+1443+d9745d3e.src.rpm
    MD5: 2d3e01583a86c372d7633cf2ac564fc4
    SHA-256: e3762fa406d133c96082f08807bb702d4f5e1042374f07e0a33fe12a3ab6f353
    Size: 2.44 MB
  5. container-selinux-2.178.0-2.module+el8+1443+d9745d3e.src.rpm
    MD5: 874ea14488d51fa2db47fbccecb3f592
    SHA-256: 959b535120ec5f6708c453f21a2d0724c8cd4ed59c3010ce9d5c121f04622145
    Size: 51.85 kB
  6. criu-3.15-1.module+el8+1443+d9745d3e.src.rpm
    MD5: 9b647dddfd3364f5aff3550af0dddbad
    SHA-256: 7430fb6ef2acf5716c8cc0bcac30908deb4dc63c9ce6ef666d3e7f54bf84398d
    Size: 1.15 MB
  7. crun-0.18-3.module+el8+1443+d9745d3e.src.rpm
    MD5: 375f5feee4d3bf5e4cd33d4f21252735
    SHA-256: e034ecc2f0917f78b679fe4fba16bf28ee16f0ae900282003578c9abad535d4d
    Size: 1.34 MB
  8. fuse-overlayfs-1.4.0-2.module+el8+1443+d9745d3e.src.rpm
    MD5: 66a8c2e4b97e2b1b7e669a60a2ad9515
    SHA-256: d772a0abd3d907b1fa6ce8ddbe5a186633501ae168cb9acc0e6b15ba147d5e75
    Size: 112.58 kB
  9. libslirp-4.3.1-1.module+el8+1443+d9745d3e.src.rpm
    MD5: 26f5e867665be11305de12316df39e6d
    SHA-256: a535992460dd32e37954bbdfe659bec8df30fd23b35b7cb0eff8c71c1b418c74
    Size: 105.81 kB
  10. oci-seccomp-bpf-hook-1.2.0-3.module+el8+1443+d9745d3e.src.rpm
    MD5: e6b8c2a5bcc8663ad8aed9a338d45ad7
    SHA-256: 25719ae37886cd9d41a093c59276a5a7935be5449c809309aa5b3e07103e8606
    Size: 930.15 kB
  11. podman-3.0.1-8.module+el8+1443+d9745d3e.src.rpm
    MD5: 484b80174884eca5950154df7caf45e1
    SHA-256: 4ad9e27a6a2723576098096fd5a09ef61a59bb76edc1562c987cf749ed641306
    Size: 11.97 MB
  12. runc-1.0.0-73.rc95.module+el8+1443+d9745d3e.src.rpm
    MD5: 41ae6086fcfe7ed100f2fa6ffddbc548
    SHA-256: 2b86afd49e56bdc925c4cf31a706b1f40c721d689a217ea4b318d71f3f0226e3
    Size: 2.18 MB
  13. skopeo-1.2.4-1.module+el8+1443+d9745d3e.src.rpm
    MD5: 386d46636d5edc25a5a82b6a3a630df3
    SHA-256: 2e0664844ae4dba1e8a01c3468189cbd7905954411ad0f898f3c7a32eae1c747
    Size: 5.32 MB
  14. slirp4netns-1.1.8-1.module+el8+1443+d9745d3e.src.rpm
    MD5: 84b2c0b74ddb13bea93c3b397e229827
    SHA-256: aed4ded7ea49afb7b703a77491c7745ff741a674f97d0f425e90196ae4f278c9
    Size: 67.45 kB
  15. toolbox-0.0.99.3-1.module+el8+1443+d9745d3e.src.rpm
    MD5: eca685dd51f39bd6eb5fba4f72e9af6e
    SHA-256: 7be74d57745fa5ce05778d2b4c234a7e247eaa19a495c80e499863d66b75ab31
    Size: 5.88 MB
  16. udica-0.2.4-1.module+el8+1443+d9745d3e.src.rpm
    MD5: 9a61becbba6ea4a67cc6745fa3bc4976
    SHA-256: 4fe6dcca3141e52cb93f81186808804cc412ffd4f1d39a255e1d493855b885a0
    Size: 133.54 kB

Asianux Server 8 for x86_64
  1. buildah-tests-1.19.9-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 68bcbce0b99b0a20b2386f826c475a56
    SHA-256: 283f8112f925c09ef7bcbea106af6b61a4432982a3c3bf594ff8a6c56f03ca70
    Size: 8.17 MB
  2. buildah-1.19.9-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 7c403164e162986d8f051b8a1067a7a8
    SHA-256: ea27efc8d64609b8966b0cd437f4587bcf4139d90f7e3a33d652e838c01c81a4
    Size: 6.75 MB
  3. buildah-debugsource-1.19.9-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 6e43802a0d45b0abcb8859c48dd61685
    SHA-256: 6322c97e1fd160d7c7d58d21649a35a72d5dd7ef2929300393ec747ca4edf2b7
    Size: 2.52 MB
  4. cockpit-podman-29-2.module+el8+1443+d9745d3e.noarch.rpm
    MD5: 0ea85f4b41d4e4390e3e9cabbe60b79f
    SHA-256: 44fc348d59564fe73d1cc34b7a09546f38a7f89b98e5863b406dd3ea097ce4ba
    Size: 1.07 MB
  5. conmon-2.0.26-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: e67379d0594984c3f14613abe7a0cd64
    SHA-256: e6070112598187f5fbd6f211e8d541890a7f344614964e18c2a53b18dfd7517e
    Size: 49.72 kB
  6. conmon-debugsource-2.0.26-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: ccc64ae8f8df6891a80676a63d35c22e
    SHA-256: ca9d337751e266936d4405f192748727bf47d293a2ddcb284ff858a7451548ce
    Size: 41.42 kB
  7. containernetworking-plugins-debugsource-0.9.1-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 515cab7b90dd3e0be16bf7c1cf3957ec
    SHA-256: 3e199b613fc42d46503a378d32cd6f82126310907197ae987221132aad7ea04e
    Size: 343.02 kB
  8. containernetworking-plugins-0.9.1-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: a9429cba2333ea7d5437a46805308014
    SHA-256: e90a1bbfab29355d769cf9a59cc9603aac8a06e434d261c78ad355aabac078fb
    Size: 18.88 MB
  9. container-selinux-2.178.0-2.module+el8+1443+d9745d3e.noarch.rpm
    MD5: 3c646ec5c6bd5ca5a4bd54c8bdc55d93
    SHA-256: 7230d202e0053b2ffc46d2ab0e0d742bd1d0ca33c58c0cdece5a00135b16b273
    Size: 51.67 kB
  10. criu-debugsource-3.15-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 57b6a000e295d2cc005d43fdc15a8a1a
    SHA-256: 48378a68f894ab4324e3f4d6a6e6bc5ab5fd3bd5839415f887d5bc714ed103ce
    Size: 663.65 kB
  11. criu-3.15-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 7a90c2e77df6b57e2da4c9cf800531de
    SHA-256: a3cec4ee644c48ca648cdc312e6fbfd8b6b9f32395e20bf8d27fa18795320e5d
    Size: 510.08 kB
  12. crit-3.15-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 94487cf883d26ac2a247b1ea9cd9bd8a
    SHA-256: 8e80cec8e8889f94f0448a0d329fbfe9346af3119ce0ddc0fb0241c6d552cd94
    Size: 18.35 kB
  13. python3-criu-3.15-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: eb6ab88cc8dd1741d4256cc8c51078cf
    SHA-256: ef124ca62228daae73f635aff79a2db9d1a2aa402e593ee7a0e1f31daa6e0729
    Size: 168.58 kB
  14. crun-0.18-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 2bf0c40527b775695487584d659dfc15
    SHA-256: 09ab2669046659ff79704a9f699e013059ceeb7bfc337d6eb71dfed908649b9f
    Size: 183.68 kB
  15. crun-debugsource-0.18-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 238513d73ff1bdc9ce2517341a2b7b43
    SHA-256: e1f565108eb064d479410a7dd8875ea774e5b54c003b9366b6a2cd54682cf674
    Size: 134.27 kB
  16. fuse-overlayfs-1.4.0-2.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 0bb93d8ef11a9c809516a3a53d5dee7b
    SHA-256: 13ceb891a8cb33c98fd51521302ee131cd9672a5e8dd178a48e4c98426c3519c
    Size: 70.71 kB
  17. fuse-overlayfs-debugsource-1.4.0-2.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 7eed14740fe3e832a1f9903ca2619c01
    SHA-256: 4bf7b184c120df560c0dfd587af196a38aa8dce8009cb7f4fed0b0c60219aca3
    Size: 52.34 kB
  18. libslirp-4.3.1-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 8d35924d4e921fd853332bbc6150528e
    SHA-256: 869dee42aff29d643307d0b9192a55c42332451c5ad8d9be87bdda95ac82319b
    Size: 67.86 kB
  19. libslirp-devel-4.3.1-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 98a676dcc39b70b2c68de276e1fa2956
    SHA-256: 569fb691dd06f5f9b4c829332857afaf7b3bca5a98b6612184631d2eb4a4fc49
    Size: 11.14 kB
  20. libslirp-debugsource-4.3.1-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 3f6b0df3d59ae108e4851d31040d16cb
    SHA-256: 17a2fdaa7e34f54b625376f735aee0619a8895a97987cb498b83f35a423f6b29
    Size: 112.94 kB
  21. oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 3fea36772b0182966413b9dbe610ea15
    SHA-256: 010d9d4cb90685df4fb3905ba55c9e9140b8b71bd1fb8851721432878a881e8f
    Size: 143.76 kB
  22. oci-seccomp-bpf-hook-1.2.0-3.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 5b8e9069e4610346e1cdae7b81355e82
    SHA-256: aef7dffc2cf7f6cd56908e1d7f2a128bc7324a93d3c459a69fd66dc69a51852b
    Size: 1.03 MB
  23. podman-docker-3.0.1-8.module+el8+1443+d9745d3e.noarch.rpm
    MD5: 78ac4abcc6a4b07d30783e7ae82a50cc
    SHA-256: 076f63d1223d0325e658911c7d15ed1a7e9f36e133328e987b5cb2330073a88f
    Size: 54.49 kB
  24. podman-plugins-3.0.1-8.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 4600cfd609ecb0e4a5271cccdb6ce6d4
    SHA-256: 0868cd840d14732de0302b8e833f86e15a39d85d7d22be5482f4ae5e2672ca43
    Size: 1.17 MB
  25. podman-remote-3.0.1-8.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 151528d9bacc00caa2a0e137fd323dba
    SHA-256: 43f794e392e8f470c94b28f85247fb242b30a28ca56a4d575ae71ec74dd5e501
    Size: 8.33 MB
  26. podman-catatonit-3.0.1-8.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: c6ccb491dce7404fc976d4b4520a1352
    SHA-256: 49b6359809dd022757b6887a85cfd969493748be2ec39f26f2926af2153c63e4
    Size: 320.08 kB
  27. podman-tests-3.0.1-8.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: d66334b077417579e49b7b0a0f3bfa43
    SHA-256: 01898792540cc82fe1e1badf9d62aed36c1abe66706cdeca4be0611706a9ef63
    Size: 105.21 kB
  28. podman-3.0.1-8.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: b311e5bc66b1d5bcf386ee27bde271f7
    SHA-256: 3cf701a1d982441a8de7101bb6cedda2e6b41efbd25cb4733cf38c74b0f7b8da
    Size: 10.92 MB
  29. podman-debugsource-3.0.1-8.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 2778449088bd225bf9e8d53f3406e75d
    SHA-256: d556b2d5ff9f40301a95da72b588982cb69e6589bb7959e98e5ce200bb19ed2d
    Size: 4.34 MB
  30. runc-debugsource-1.0.0-73.rc95.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: b505eb572cd94faa4d6563fa7809868e
    SHA-256: fe48b2f22b53a86da086b518ec284d63333f46ba2ba60e7aae89034d9f205635
    Size: 864.05 kB
  31. runc-1.0.0-73.rc95.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 30cfad6308f69f449785abf0182da1a8
    SHA-256: 2f53698738621419e22f220b69f5a9876bd54e7823f60ab64032ec5b3e049dd6
    Size: 2.89 MB
  32. containers-common-1.2.4-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: c550a51699372b6ad0be3f9e8437a5c9
    SHA-256: 8fa1dbefdd41e43278b15645422d3e0db29d8633e98993d6d4d873625d914728
    Size: 89.66 kB
  33. skopeo-tests-1.2.4-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 36e44f41196b51c1314971909f6feb01
    SHA-256: 69dc28998d87f808eb6f95048e2f7b61437a659eeb082303dea4f296d90809f1
    Size: 38.25 kB
  34. skopeo-1.2.4-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 82d0a476372e0ff7d66df85d04b3d803
    SHA-256: 7e6900760747153152d49ea73a99e10c59d8652d318af5d3daf9ce11cb188451
    Size: 6.38 MB
  35. skopeo-debugsource-1.2.4-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 0becf4f5f3fa7c5a23736acef5d9beaf
    SHA-256: b021c10ea0ac9eec960a4c3b50511c24c419ba83810bcd7a6ea3c545fe4d1378
    Size: 2.38 MB
  36. slirp4netns-1.1.8-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 4ff2208c449d8ec2c3ba864a2eb10de1
    SHA-256: 4ad91a4e0b08dc46ed29692c50eabf216cd78183c0ccae8a35b1cc97e7c86e0c
    Size: 50.00 kB
  37. slirp4netns-debugsource-1.1.8-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: b9cc58792fabc67b91bee895000901b6
    SHA-256: ef26ca85ea61e1c261e13cd908d2d1d9a2faeb0a11d180d2d2a49e68adbee123
    Size: 38.60 kB
  38. toolbox-tests-0.0.99.3-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: ba4aef37c9b47d34e93cbf3cdb8a4754
    SHA-256: bfc454bc49a16e1c7eea6ccc696a13317c0ca09b85175762c5a8b7a03a4660db
    Size: 28.86 kB
  39. toolbox-debugsource-0.0.99.3-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: 13c51890508553922066d80eb8068671
    SHA-256: 6ba7124cf11a58e03d9b54732d9e77cc80f609bb7e81fde5a2887f4fa5b570df
    Size: 448.29 kB
  40. toolbox-0.0.99.3-1.module+el8+1443+d9745d3e.x86_64.rpm
    MD5: bda0d82ccfafa523523a063c8f3416cf
    SHA-256: a2eb8b109da762fb1b5e9ecbef683f95c4cf22bdaf9a1e9527d6c19c7addedf0
    Size: 2.19 MB
  41. udica-0.2.4-1.module+el8+1443+d9745d3e.noarch.rpm
    MD5: 34c29e22765abb7a8a7afd17317baf87
    SHA-256: 2ef8c8b06dea9a864252ebd6a260551ac637d6b6aa2b3458fd311b081bd032f6
    Size: 49.30 kB