container-tools:rhel8 security, bug fix, and enhancement update

エラータID: AXSA:2022-4470:01

Release date: 
Tuesday, December 20, 2022 - 11:38
Subject: 
container-tools:rhel8 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* podman: possible information disclosure and modification (CVE-2022-2989)
* buildah: possible information disclosure and modification (CVE-2022-2990)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/
* (podman image trust) does not support the new trust type "sigstoreSigned "
* podman kill may deadlock
* Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied
* containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta
* ADD Dockerfile reference is not validating HTTP status code
* Two aardvark-dns instances trying to use the same port on the same interface. (netavark)
* containers config.json gets empty after sudden power loss
* PANIC podman API service endpoint handler panic
* Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network
* Skopeo push image to redhat quay with sigstore was failed
* Podman push image to redhat quay with sigstore was failed
* Buildah push image to redhat quay with sigstore was failed
* Two aardvark-dns instances trying to use the same port on the same interface. (aardvark-dns)

Enhancement(s):

* [RFE]Podman support to perform custom actions on unhealthy containers
* [RFE] python-podman: Podman support to perform custom actions on unhealthy containers
* Podman volume plugin timeout should be configurable

CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Modularity name: container-tools
Stream name: rhel8

Solution: 

Update packages.

CVEs: 
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Additional Info: 

N/A

Download: 

SRPMS
  1. aardvark-dns-1.1.0-5.module+el8+1564+4949db80.src.rpm
    MD5: cc9a9bbefe689e0ac4a00c5db34a00e9
    SHA-256: d723b4c8c5b1e2318a4061e288f86ab0d9ea213cba7d7c710cef751e8978477e
    Size: 11.06 MB
  2. buildah-1.27.2-2.module+el8+1564+4949db80.src.rpm
    MD5: 08b3caf477f5410ea8b4402f35481d96
    SHA-256: 99e58c26f174ef8fa17240b1fbe750c1697fd4ecaf97ac15a4aae692a918f8ad
    Size: 13.90 MB
  3. cockpit-podman-53-1.module+el8+1564+4949db80.src.rpm
    MD5: c6cfa4d5388973532097279083962fb2
    SHA-256: 2ce4e773e640ce269b291ff8fce5f8966db19b9ce6dbd6f09af7ad0a1f2416c4
    Size: 1.10 MB
  4. conmon-2.1.4-1.module+el8+1564+4949db80.src.rpm
    MD5: 30b0d9359877b69ff2b562d6c612fa37
    SHA-256: fa2704b137e617b675cc800519d86cafd95184a3eff967947d11dbf656518262
    Size: 171.45 kB
  5. containernetworking-plugins-1.1.1-3.module+el8+1564+4949db80.src.rpm
    MD5: ae693e6511ad519ce7a8cc593f488b08
    SHA-256: 53b515531a58381158010c634499171d81ef3ab3ca895b9968e2cdcf5e8ecb01
    Size: 2.80 MB
  6. containers-common-1-43.module+el8+1564+4949db80.src.rpm
    MD5: 2fb668fffd4b340009bdeb2566deb817
    SHA-256: 23265416101dd3b978347b49db5ad2341abe3cebcfeff5091e0d4136d02febe3
    Size: 109.65 kB
  7. container-selinux-2.189.0-1.module+el8+1564+4949db80.src.rpm
    MD5: af7387f5a9089ea57011dac1553b98e2
    SHA-256: 5bdccfc61ca2ce5a8155e3400efe82fd977eb23820f5101f303420983e6801d1
    Size: 56.76 kB
  8. criu-3.15-3.module+el8+1564+4949db80.src.rpm
    MD5: 6d8aef7c49821860495204cc07f652a0
    SHA-256: 1925b02be6d8ac06ca0d7050c9876f57669b2b300040dc9568832428c9b8175e
    Size: 914.17 kB
  9. crun-1.5-1.module+el8+1564+4949db80.src.rpm
    MD5: b900977f579e3831966867a0dae1dced
    SHA-256: 2404e4601c3e79c33f8d0ac5dd4a72fe8f36850b790e62c713e59dbd6aff95ba
    Size: 1.89 MB
  10. fuse-overlayfs-1.9-1.module+el8+1564+4949db80.src.rpm
    MD5: a145a543cf40e48ea05442a7dac5f7d9
    SHA-256: 9c5c663ec3b63876f848b2e8bd9232f2c9d6d89b97f3663b5694f9261fb81631
    Size: 115.65 kB
  11. libslirp-4.4.0-1.module+el8+1564+4949db80.src.rpm
    MD5: 62f238fd95248c8fba59303bd2b0b8ea
    SHA-256: f318f42100b5b305f05b756b7ce0e102f45e1dd01ed1d25ffb4382dc4da39a3a
    Size: 114.78 kB
  12. netavark-1.1.0-7.module+el8+1564+4949db80.src.rpm
    MD5: 96e6efbffd1ed0c18cc2db199e9a2cdd
    SHA-256: 5f0c54e4c4c6c9c06f50227bed2364d7a4ae7ad2e4e7fa34854f2743dbe50b3f
    Size: 15.22 MB
  13. oci-seccomp-bpf-hook-1.2.6-1.module+el8+1564+4949db80.src.rpm
    MD5: a175dfb450b9f96c0d06bd8c56192533
    SHA-256: 8b73faa71781b514a6047a5ab4a0aacd75cfb826ee2872b497b4ecf0da07dde9
    Size: 1.27 MB
  14. podman-4.2.0-4.module+el8+1564+4949db80.src.rpm
    MD5: bddef68420bbe9aeee560894c5a13024
    SHA-256: c0b68e87209da1dad41dabfa1d2cc1ed6f5fb0da04748b97d39254d97044dfee
    Size: 18.02 MB
  15. python-podman-4.2.1-1.module+el8+1564+4949db80.src.rpm
    MD5: 3f4c92148c18ce16542e6f2f08d1d077
    SHA-256: 3655bd36fca9ce619f32bb3a31cd8121ae92df8c197abcb432212a3c38a79f40
    Size: 81.50 kB
  16. runc-1.1.4-1.module+el8+1564+4949db80.src.rpm
    MD5: c0b4baa10e307c57e4f6fbbfa9c72290
    SHA-256: 25b4164d4accae950109ac83ed9a5ad7947f8d4cf2e8c3c357dd585d890a3daa
    Size: 2.21 MB
  17. skopeo-1.9.3-1.module+el8+1564+4949db80.src.rpm
    MD5: 83c47df4543c5bac7f45f4840e078479
    SHA-256: da99f447f8e962f1cb37dd681f1415696e918a2e20fd3c8939e2ed0ae0a511e7
    Size: 6.38 MB
  18. slirp4netns-1.2.0-2.module+el8+1564+4949db80.src.rpm
    MD5: 1a728b5b22115acd3e4a65c93f089fd6
    SHA-256: 4af0906975b0621109fb15d32f381416428966ed3d1293e06a7c71ceb8915966
    Size: 72.51 kB
  19. toolbox-0.0.99.3-0.6.module+el8+1564+4949db80.src.rpm
    MD5: e553fe940674cf5f6c3ce810bbc9e9c2
    SHA-256: 91e2603f13b6a1657471f1d9dd73d2d7a2791118003d9ee39b173c4888d73254
    Size: 5.88 MB
  20. udica-0.2.6-3.module+el8+1564+4949db80.src.rpm
    MD5: fbe29b8913a555f1997ef0c9db9cc5e9
    SHA-256: 238a164efccfdb12265286b63b447e0415e7ee3a1d075c92dbba491cc2b7d629
    Size: 133.85 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.1.0-5.module+el8+1564+4949db80.x86_64.rpm
    MD5: e5af6ff5dc4f16004d1dcb2021118f2e
    SHA-256: 4d9301abe724d23f8d619fed8000e656721371ce4f4bf62fe3458e891a39e46c
    Size: 0.97 MB
  2. buildah-1.27.2-2.module+el8+1564+4949db80.x86_64.rpm
    MD5: 0fcf74241110c7ad73d8d77cb15d569e
    SHA-256: 82a391de45154f1520de6f3ea2c4edcec221e16fc8500db61136f8f6bcd49a50
    Size: 8.07 MB
  3. buildah-debugsource-1.27.2-2.module+el8+1564+4949db80.x86_64.rpm
    MD5: 00d3d47a740015e1fbbc207102416810
    SHA-256: c5c35058949db18bec0d61622599d07830e2c27d9c01e34767a7a5d984c3e08c
    Size: 3.51 MB
  4. buildah-tests-1.27.2-2.module+el8+1564+4949db80.x86_64.rpm
    MD5: 05ee6e9441c9a7fd7fbe34c7592ba485
    SHA-256: d5d931151932f04a360bf777685b3b83af9ff168d5351da27e3cefa0a40bfd23
    Size: 26.32 MB
  5. cockpit-podman-53-1.module+el8+1564+4949db80.noarch.rpm
    MD5: 0569aa95096e1f01a32f9b5432e20ae4
    SHA-256: a1cbcdc47c6e21a2a9d7a51a1e69cd40cbb13db97509346de021a0c8b19182a2
    Size: 545.98 kB
  6. conmon-2.1.4-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 3e256aa6c9b8d8b3766af81ca7d71696
    SHA-256: c1ee0fca00e843655b92ac2949f4c753297ac77abb5058861cc2b273c2a13096
    Size: 55.35 kB
  7. conmon-debugsource-2.1.4-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: a61927551ab45e071ec073725ef672a0
    SHA-256: e90bfcd4807e63e6a4411f4f4317242a1a644635010da76a9d17ee273d7a1290
    Size: 48.64 kB
  8. containernetworking-plugins-1.1.1-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 2bf76da19e0f192798c4bfd0aa221174
    SHA-256: ad47fa1ba7cb66656075901e862696088203eab9533017981f4cdd461bbf099a
    Size: 18.09 MB
  9. containernetworking-plugins-debugsource-1.1.1-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 610e2f314f516184a9d3d8f78182e9c0
    SHA-256: b0f6fa9d98d800f41a66e68d9f69f7f6a4f38e980d640ca161e057d81a55e545
    Size: 376.29 kB
  10. containers-common-1-43.module+el8+1564+4949db80.x86_64.rpm
    MD5: f71adabcbb85c36112def924c7b2019c
    SHA-256: ad0f0fbd6317a2e560dbc604a49f900f827cb8ec732e6b3353c51473523ee7aa
    Size: 111.88 kB
  11. container-selinux-2.189.0-1.module+el8+1564+4949db80.noarch.rpm
    MD5: 0eb67b7baa7bae0eb38062dffa09b875
    SHA-256: 9e8eda76fb2e1b033b8c359b297b2dfbbac7a7e38212e3b67e0cadb47fad7cc8
    Size: 59.09 kB
  12. crit-3.15-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 3c6635f6bb45ffd3eddba95833d456a3
    SHA-256: aeeec136c6bee565b7fd93f4e7910f296a32abf7c2e3bbdb538c4fb830f8f368
    Size: 18.60 kB
  13. criu-3.15-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 22c0aa9dd138ecf1efdbaac6d36476d1
    SHA-256: abbfc9b4ec0e540799fc6722c03858af1cde711ad09b42547f2d3aaed214444c
    Size: 516.61 kB
  14. criu-debugsource-3.15-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 3e0f3606d25e530140844e885f1f5f1e
    SHA-256: 3a78ccf03fa7b1176c96a76f9a503dec7a28a73357383cdd3bf1c0dd4628c339
    Size: 675.29 kB
  15. criu-devel-3.15-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 319cc4250de89cda9ea61f79d54d0159
    SHA-256: a7155311e9f51588767ebcd93f95708ab1109a7be00eda887b666f2845f8913f
    Size: 23.81 kB
  16. criu-libs-3.15-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: eb1ae0e50dfd34459a46430443f76cc9
    SHA-256: 19edbd3557f12ace1a500a4bf26b97d221d5452f2dbf625fca6ab515c0569f6f
    Size: 36.66 kB
  17. python3-criu-3.15-3.module+el8+1564+4949db80.x86_64.rpm
    MD5: 4dae043b7603cc202f2dbdf092e43728
    SHA-256: 15010a0b2b2aa84c4c2fe2aa77875fe593a2c4050137bb8be0f35af1e77683e9
    Size: 168.77 kB
  18. crun-1.5-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: f0f1a6abcf3e20eae9f440bdda1e1da4
    SHA-256: 4a2be9bd6a2fea3639e6d7ed3dfab05486fdf61538be0eb0866b7992a3ea644d
    Size: 211.83 kB
  19. crun-debugsource-1.5-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: cd03238b65d2cb77c4f6c1f52be3b02c
    SHA-256: 8a0aa37733b33baff97e4a7dfe0f24c349e08e8e25d49f919e2b55b658aeb1b9
    Size: 159.32 kB
  20. fuse-overlayfs-1.9-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 73fbd6c126257c10b0e16bdf915a70b7
    SHA-256: 26a42b9edac6070ba76e5a9e057a7dbcba7136a5308283cff928aaaa0f9460ae
    Size: 72.26 kB
  21. fuse-overlayfs-debugsource-1.9-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 293d8b2a5b8c733fbd74d39956180f18
    SHA-256: 814ddbe001af4e4e48991828fe716495bb8f882e6950145c248fb89ba654952a
    Size: 54.18 kB
  22. libslirp-4.4.0-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: a73a6a53e261cddb1f2d30b15ccd720b
    SHA-256: 7b099737d92cb2c058ad82ae6b674de520a91d2e0007eac934232273dbfcb227
    Size: 69.13 kB
  23. libslirp-debugsource-4.4.0-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: b9780eb0fa5994493cc9c83ef8c9a1ae
    SHA-256: 818fc2d2a25e4cb08d7e6b8fe72c504adf8cea91fa5ab233b1208a1da200c4d7
    Size: 114.43 kB
  24. libslirp-devel-4.4.0-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: fafd3d7b15af3e203b3c83a7cdb42175
    SHA-256: ce08452bd3a47a75b65403de20a9494355e54515949608d1e1f900caba9b54a5
    Size: 11.29 kB
  25. netavark-1.1.0-7.module+el8+1564+4949db80.x86_64.rpm
    MD5: 137042b6eaba34cb977a3504ecd868ac
    SHA-256: 771ea560d17ea0a22107c3fb2af513aeff0799b35c71d4cd865b49970b4e1778
    Size: 2.16 MB
  26. oci-seccomp-bpf-hook-1.2.6-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 961c98f4a35e0d1a873640c36ebc71cd
    SHA-256: c91030acbecb470be838a77d939f0d4d57f4d9e54f5fa749c211e9bd43466af2
    Size: 1.00 MB
  27. oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 756786dfc423d033a431491e311398c2
    SHA-256: db1bd6775421129d32f02e71434a0ec8baa029f767245a3939606b0e2c6d31a8
    Size: 186.65 kB
  28. podman-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: 2c7a188be373c50a84d5f8e5a33c7c92
    SHA-256: bf1afb5ece217fd6efaa6c58c9e4b50f83ea6c3ceddacfeeb024752d0fb7a97d
    Size: 12.42 MB
  29. podman-catatonit-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: 6aa16fb10bf7734ce50407ef0205560b
    SHA-256: 94f1f947188374dae3f184876f78ca2b51c8eca59fde93af6e6a23c2dbc64af5
    Size: 355.22 kB
  30. podman-debugsource-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: ebe1f44cfbef0d32c193935073522441
    SHA-256: 9ef57ac79b07a909973158a47c32849d9e1ebed88dd5a2e871f5dbbd97aeb7d3
    Size: 5.80 MB
  31. podman-docker-4.2.0-4.module+el8+1564+4949db80.noarch.rpm
    MD5: 4f820ffac7f026edc8feaeef20ad2fd7
    SHA-256: 2e730335fb880430cbacc1625af8f10c8c2a98750a1be8426051e96cd8595e47
    Size: 68.54 kB
  32. podman-gvproxy-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: c7d65d667db733ad74ea5cd09f3c6bd1
    SHA-256: 874015d66e61d8d1a44c59b22ac7942c9f1e81d00e4123af6a3523a68af18a08
    Size: 3.32 MB
  33. podman-plugins-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: 4b6b01d776565807ccd48adf1e1aa887
    SHA-256: 055401943a1d3a6485673fc934d7fd567f8a5251479db8009d8a5a66d28740b7
    Size: 3.09 MB
  34. podman-remote-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: 34cce081a67a064c17e38e652eb01fe6
    SHA-256: 410fc7c6366d07cdaef9fa3070766b921176a5d92c7dc56ca762f63cca882471
    Size: 8.32 MB
  35. podman-tests-4.2.0-4.module+el8+1564+4949db80.x86_64.rpm
    MD5: d0896cc608b141c228ebb869d5233c5f
    SHA-256: 4a35482fda2d3d0b6e7cc811ec536fa9035ad61fe6c5cf594032b7f41e1c1f8b
    Size: 188.01 kB
  36. python3-podman-4.2.1-1.module+el8+1564+4949db80.noarch.rpm
    MD5: 966703606575fa730e73e39c15676f92
    SHA-256: 2ba5c3fabf855039cdc1f401fd873a1d22163443d36cd49a082cdbad09f69ba8
    Size: 150.29 kB
  37. runc-1.1.4-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 7274a3bafcb533f433891ea3fc0f443d
    SHA-256: bdfe14b494c1f612443e3b59e32063a77e0ff84756448a5d44bdc5e119cdef7c
    Size: 2.94 MB
  38. runc-debugsource-1.1.4-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 4e21c5db991de8f05d5f2c780c9b9ccd
    SHA-256: 9fa6e17eb9a82d99ef534e5e4a6a5af4e47837c8b34f0084ed11e37f55df7e7f
    Size: 867.79 kB
  39. skopeo-1.9.3-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 1d797b97dbf2cde3e4762b95262436b2
    SHA-256: cce75e4db99e767a35893760a062cc787548daef5454e72736fc779dac4c6f1f
    Size: 6.78 MB
  40. skopeo-debugsource-1.9.3-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 60ce40e0738449ee45b379a5f086d353
    SHA-256: 06d659f28d020009d011b5f6fe34bd1c20b2a9bdd1432a6a9bd60a3b843bb4ce
    Size: 2.69 MB
  41. skopeo-tests-1.9.3-1.module+el8+1564+4949db80.x86_64.rpm
    MD5: 25226fec71ede3ce4dcca99df4291507
    SHA-256: c790d30640b8babbded8ee5e70faa78d3544e974cb4c58d31c12160603b8cfdb
    Size: 781.33 kB
  42. slirp4netns-1.2.0-2.module+el8+1564+4949db80.x86_64.rpm
    MD5: f4356cf2634f9390709106f95473ed81
    SHA-256: 042f44c91548e3ac11ac29f118d65109b11783fa610453c03607c3a607a7f458
    Size: 52.94 kB
  43. slirp4netns-debugsource-1.2.0-2.module+el8+1564+4949db80.x86_64.rpm
    MD5: 05719065321ee84fadce30f3573e0e6d
    SHA-256: 934d69b81fe637992f7f39ea90e54c55575a58d91c7b96d3c1ca629431567aa3
    Size: 41.23 kB
  44. toolbox-0.0.99.3-0.6.module+el8+1564+4949db80.x86_64.rpm
    MD5: 51fa82a8c766c39f1c1cfb5786b5f625
    SHA-256: 1dbfd30cca857bbd285ba7c342a408ae1bcab6d1e643d08990fb8f662a25b5fb
    Size: 2.21 MB
  45. toolbox-debugsource-0.0.99.3-0.6.module+el8+1564+4949db80.x86_64.rpm
    MD5: 1b618a1ce842f3b9b4929b6ee530d85d
    SHA-256: f36ace2f4736df0ac8c411a00c02600ff306e94f448579fab34de093feecbedb
    Size: 449.61 kB
  46. toolbox-tests-0.0.99.3-0.6.module+el8+1564+4949db80.x86_64.rpm
    MD5: 625a9cb712ab5ee457a8fb78197af737
    SHA-256: 8902cc8b0a4c3edaf44e8bace8f368cc578d775eea9df1b4e07e0deb3e25f87e
    Size: 30.35 kB
  47. udica-0.2.6-3.module+el8+1564+4949db80.noarch.rpm
    MD5: 10bb325b216644744db0c306b05d7873
    SHA-256: ca61d14242bd46eed1b783cac2a5c792e53920d3cea79b041b0f77d826101f6f
    Size: 47.92 kB