container-tools:rhel8 security update

エラータID: AXSA:2024-7515:01

Release date: 
Wednesday, February 14, 2024 - 15:00
Subject: 
container-tools:rhel8 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* runc: file descriptor leak (CVE-2024-21626)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Modularity name: "container-tools"
Stream name: "rhel8"

Solution: 

Update packages.

CVEs: 
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. aardvark-dns-1.7.0-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: da073faa685f39cb6a202c87d4d3e73c
    SHA-256: 7fadedcb5103e3cc8c5d32260b9bf7a2759e18f2ceae0e31dbc9b83ff7f092da
    Size: 7.56 MB
  2. buildah-1.31.3-3.module+el8+1722+9d7a18b6.src.rpm
    MD5: 213b771be7560983c069c6466d345d7f
    SHA-256: 19f9bc0bbab059196a58bb740e16c2dd3ac42979ecedca75050496ef8d8d4179
    Size: 14.76 MB
  3. cockpit-podman-75-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 04ebfd1907ad6e3530e2eada56199969
    SHA-256: edce67cc95f67267a512f9b9289bc2d38d7b67bbb1e741390a125598256bbfcc
    Size: 1.30 MB
  4. conmon-2.1.8-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 19e9eeaaa0c5420f021dcdb929294cf2
    SHA-256: 79aaf57ab5b51baab324a9e5f7fcde483cf129668f6689e56c9b20e422b4d2e9
    Size: 132.94 kB
  5. containernetworking-plugins-1.3.0-8.module+el8+1722+9d7a18b6.src.rpm
    MD5: 9e6ae2cdcc2954cde2bfac5c94a59282
    SHA-256: df20dbadc9ea343fc46563c3a2e988276a93177596cd407f8a7d2a5f9062fb25
    Size: 3.36 MB
  6. containers-common-1-71.module+el8+1722+9d7a18b6.src.rpm
    MD5: 212d3108a6762ce02ff4322bff49113e
    SHA-256: 963db6c1b20e1e3fd0029d7ea42f64f3dbe3a4a1950c2c4e77690ba739c26fd4
    Size: 132.24 kB
  7. container-selinux-2.221.0-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 8199fbcdaf397b862923307220a095bd
    SHA-256: d4e9c61e193ad63a6828b2fae49c508d82f787723c841602efd0a69f75d97966
    Size: 63.52 kB
  8. criu-3.18-4.module+el8+1722+9d7a18b6.src.rpm
    MD5: f28c413fd8b54141b9059d32a0ec7d9e
    SHA-256: df7bc9eaabdd95c2af1f3293a60d9e70c8b4d71ef5537077085fbe7ead06f73b
    Size: 1.32 MB
  9. crun-1.8.7-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 69889894367e82420690e4e7224f2aaf
    SHA-256: e2957d1d2eebf04dcdebda609ee998d31d858ca923d156d1a1d65b676eeb5cad
    Size: 1.66 MB
  10. fuse-overlayfs-1.12-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: b625f2e7c81e9577ce808c09d6f4ff4e
    SHA-256: 8f601d743812a971b59ac03bd3d1d0f2df32effa521bdcaf48b1de791390f5ae
    Size: 112.01 kB
  11. libslirp-4.4.0-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 4e1ccf23ad9897adc0e63c1cbc4740e5
    SHA-256: 75c1d0e850c7cc2cee9aebcd8736f074739b4cb42b1262853647379ba6867f90
    Size: 114.78 kB
  12. netavark-1.7.0-2.module+el8+1722+9d7a18b6.src.rpm
    MD5: 0fd2003212c671624d2422d7cc8b7746
    SHA-256: 96ed4de26a90c260811f9b2a85c761f24342432611a7d5163b2d6a39fa0aa7c3
    Size: 12.25 MB
  13. oci-seccomp-bpf-hook-1.2.9-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 086fe5c0354aef1790dd8ca6cdcc52e9
    SHA-256: 32869365cdd59c4cd9f7ed468f3352142192ac2818df09854fdd1291f327d30e
    Size: 1.45 MB
  14. podman-4.6.1-8.module+el8+1722+9d7a18b6.src.rpm
    MD5: 3815c5f817ef076b81251d8cb67c9c22
    SHA-256: 6218417de653fb8cd824ccddbfe909350268e0d5f86c89bd4e036a983913d61e
    Size: 28.44 MB
  15. python-podman-4.6.0-2.module+el8+1722+9d7a18b6.src.rpm
    MD5: 757a5ef309edb2e1fb8fd5b0875185cc
    SHA-256: 8a377bbdc254ed69d9d994035945b23eae1078c2743d62eca959532f698ba9e5
    Size: 185.24 kB
  16. runc-1.1.12-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 7bada8d95219c3c4d2f0e61b87e0c8fd
    SHA-256: 6bf3d4e464fd5870ac4dc6bed39ee7c43c7f63ba69c96ac67d6dab79c574f680
    Size: 2.38 MB
  17. skopeo-1.13.3-3.module+el8+1722+9d7a18b6.src.rpm
    MD5: d2b1faeaf72f3dc0e9bcc63cced081fe
    SHA-256: 7995fd83532cd993102218b172e0350a46d8668feecf38c8c1217da8d25090fd
    Size: 7.49 MB
  18. slirp4netns-1.2.1-1.module+el8+1722+9d7a18b6.src.rpm
    MD5: 7bb49fc51aca238f937eab122cea65a4
    SHA-256: b3ea565f43ffa0866fde1b64baec5a643e56174e456e413b0c51e7b8a7cabe3a
    Size: 74.94 kB
  19. toolbox-0.0.99.4-5.module+el8+1722+9d7a18b6.src.rpm
    MD5: 8efbaf570fc2df6fdbe59f7835e34aa5
    SHA-256: 1747fba2f2514ed56fe65147aefe96b8f97b5f6de5f6c09bc9bbd11607ed000f
    Size: 2.25 MB
  20. udica-0.2.6-20.module+el8+1722+9d7a18b6.src.rpm
    MD5: 55c0467e1ba4a78f045945965e67c9f4
    SHA-256: cc75766378f24ce7c3a87f00aaceac8930476649cc4addfd888a973a4480d89e
    Size: 134.17 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.7.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 2bb67a58708d02960bc0cbece3e50fc6
    SHA-256: e76bb1a29f484c3bea64ab8083e21a3bbbd999812f143bb4f27685dd02157cff
    Size: 1.01 MB
  2. buildah-1.31.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 68d889de5ca023611f1fcab2edbe1642
    SHA-256: c4fcfe9f81367fff5b0ebc0ffd869064a2a6031ce0967cb7cfa840064ece9b1e
    Size: 8.81 MB
  3. buildah-debugsource-1.31.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 2c6624ee78c6ac74d6e85cad685dc7ea
    SHA-256: 42ac54540f1abee6b6e176aceb5e2bbb79448a1a0869d7a6f9e05c01a2df2fb9
    Size: 3.87 MB
  4. buildah-tests-1.31.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 60c91925002ad5b4c68fee9e9ebdb497
    SHA-256: f519bd670bc9bb37d4f3316a6edd3ace23dbe078987c70370c2c1b79e6782c4f
    Size: 28.44 MB
  5. cockpit-podman-75-1.module+el8+1722+9d7a18b6.noarch.rpm
    MD5: efb8cd194d8ddd0b404e5a11d9f36fbf
    SHA-256: 9d5662f46f0ca15d2cde8d7da97b1ec61f8058b13cbee4c2c6bf5969eeb96f6e
    Size: 738.05 kB
  6. conmon-2.1.8-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: e6c5946d320653303f917f8745504d63
    SHA-256: 4b2624df16e3129c4129b4fa73755a5d93fcded86c1ea0cec8d9ae07975fe1d6
    Size: 56.29 kB
  7. conmon-debugsource-2.1.8-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 69ae31a394f650c0d1ffac216ff951a9
    SHA-256: e58e5110b33648755c2ead4c781f292446c48af53ae042e754d85b4b73e9503c
    Size: 49.92 kB
  8. containernetworking-plugins-1.3.0-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 289fba1b32761eee36495162e8ffc5c1
    SHA-256: e0a080797935aa00ceba4dd6f28d4fc234fd062edaefa926505797f2ed977541
    Size: 21.43 MB
  9. containernetworking-plugins-debugsource-1.3.0-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: a03657272a4f07aaf9c135e20b4aa408
    SHA-256: b0cf1f153f5cb492dbc636ebd757cdced0cede04f50db64a98f6116b09fff1d9
    Size: 428.01 kB
  10. containers-common-1-71.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 43b0cdd67773f67133b560c9dd59cb82
    SHA-256: 912c7724e83926372afc41548784266cd99cc953f786f8a64a0164a8fd86837b
    Size: 133.27 kB
  11. container-selinux-2.221.0-1.module+el8+1722+9d7a18b6.noarch.rpm
    MD5: 24b115b026191aded069f7383789bad4
    SHA-256: 7f1ef0d7c533c7056b05c501b55be9ffb6e58dcfb47ceda1ea6b9d27c1d1a0af
    Size: 67.85 kB
  12. crit-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: f157ad9ca4717eee30280d2c2ec9a07c
    SHA-256: ba427a3f63399bebca13cfef675350c7a76f4ebe3b079f194af8aa38d5665efc
    Size: 22.00 kB
  13. criu-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 8a1fad17336abc3f40069ff3cae017c1
    SHA-256: 1d4b8675c4f6a440d6eccd9da63d748a8a71a81bfaa78ebdd89f8730471dbd0a
    Size: 563.03 kB
  14. criu-debugsource-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: d50b8bb85489b854f162c5782157c0cf
    SHA-256: 58d6dc26c25f13cd84f1c61bc8e276f4d0df5545bc9f65010f443ca152416ea3
    Size: 729.68 kB
  15. criu-devel-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 77149037ae6806e979872574e757b20e
    SHA-256: 838e27e99d96707afebc4f596b9279d0f9a489219e4568a89882a6f767172207
    Size: 28.13 kB
  16. criu-libs-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 65877c775f4d3ccd8bfaa6dc4edf1db1
    SHA-256: 73520d737e8729a2506f053c89d02d1007eff574de62af14de1b008ddccf1451
    Size: 38.06 kB
  17. crun-1.8.7-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 51c52476a417c9cf638061f1db04de17
    SHA-256: 36b31c86a588e799b1ec453cdfdcd4d553b342c199c2d3db18ef9b919c00647e
    Size: 237.92 kB
  18. crun-debugsource-1.8.7-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 2efe195b835e2e277c66e57d903a5ca5
    SHA-256: 4fc03b3d7efe25ec8833933f9b75f02b69303d51c2de89dc2ac7ea02c903c622
    Size: 183.80 kB
  19. fuse-overlayfs-1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 1f736ffb826c0b6f8a4a16a0c3383490
    SHA-256: 58c7cc243205f7fde57ccbd96e02cb82bf662f4bac9c30cd6f9a59a3e49d708a
    Size: 68.56 kB
  20. fuse-overlayfs-debugsource-1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 722c013f7df67e550d60d3c0c6fc5981
    SHA-256: 8c3db0d1b7ef287396fa93cb8f167ee45e5b1314b62ec7c4e379bfa1e6217cf3
    Size: 55.41 kB
  21. libslirp-4.4.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 3f45e218b1f210ce512041b0f0c7df9b
    SHA-256: f7d25842dc6b7da747657a920d593d06670c0deb8e9c589c1fef07ea8af840fd
    Size: 69.17 kB
  22. libslirp-debugsource-4.4.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 912075841af10075011a525b9ee9fb9a
    SHA-256: 9e1c74155e3dc65aced9623dec05dabb432681bac60e5ad662e7ef6e0e0715cb
    Size: 114.43 kB
  23. libslirp-devel-4.4.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: ecb889943ae1d4794739e1e7ee73a4fc
    SHA-256: 377d3c84cc3913ba7826838ca498035ccc535f2de37fffd943d32edf04697e8e
    Size: 11.29 kB
  24. netavark-1.7.0-2.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 662b569943da745ce08f47112e7cde69
    SHA-256: 8e5c494d1668d7a4f2f58529dd2a0a2cccfe3ac178c95c4c308fb94c89fd764c
    Size: 3.71 MB
  25. oci-seccomp-bpf-hook-1.2.9-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: dda01f873a394ade6d56c7067203c454
    SHA-256: 294366cba04333215f9d5d34bd8537855074e742bcbb3ab0b68b20c0b1a9eab0
    Size: 1.06 MB
  26. oci-seccomp-bpf-hook-debugsource-1.2.9-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 2e51548036a1318fed74a9203f3b7dc9
    SHA-256: 133c3da02b047d240dcb275e64602030a7ac340fb9e460d975f04250d6c099d4
    Size: 190.06 kB
  27. podman-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: ee93862ec6fc1c0f931b268e86870fa4
    SHA-256: 91f3f62094ed4458c8a66f7470f6fa64646d502d10988b49f9467332d5957f21
    Size: 15.34 MB
  28. podman-catatonit-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 686cb73154b9ba2fce4035f1c40e9c0e
    SHA-256: 35295a49a65d9c584e2ac6cee83906c1fee3e046153aeed8b6db4491873183bf
    Size: 361.68 kB
  29. podman-debugsource-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 5b53534ff6a3480e353a563239161a2e
    SHA-256: dc7b7ee2ca84404768e11cf6b69c004e11e1ade880f34c885a65ad28a3c9c6a9
    Size: 8.79 MB
  30. podman-docker-4.6.1-8.module+el8+1722+9d7a18b6.noarch.rpm
    MD5: 2d39848020e97cbf0e07552936b7a814
    SHA-256: 37507eceb0d42c416700426db11c45cf286531830b76736b10b8060fc44bf8fe
    Size: 109.28 kB
  31. podman-gvproxy-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: ec5189561a201de017af0b4ae3e00c90
    SHA-256: 60df38b1ddeba16aedd9535a7bfef2a8f91de839d58df3d07c68761a6912c3f8
    Size: 3.80 MB
  32. podman-plugins-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 5cee445ba42337f5122f2731de9463b0
    SHA-256: bd8dde0fb6e122dd6760f9bd6e0e644f0109e44b97d527527f8d8cf8a6c1a213
    Size: 1.27 MB
  33. podman-remote-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 5c98a8fee4cdefa56af9ff4d7a569af8
    SHA-256: d7a663099c9a0bd232dda37c0ee666a6e12ac219039dad1011770e10d8e41ab0
    Size: 9.66 MB
  34. podman-tests-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 8bf8c5f9a2fc0eb209e73c1cae7e3fcf
    SHA-256: 065b76df0a10d3ba123418e38045ff87d3b81b80796e1913b214a6c0d6a6e4cf
    Size: 238.21 kB
  35. python3-criu-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 39d7da05814d6eb3c698d7bb64a7bfce
    SHA-256: 24692c9b09b678adb6d98750515cfc768b371ea235b2743789bb20a1bf033ed0
    Size: 177.14 kB
  36. python3-podman-4.6.0-2.module+el8+1722+9d7a18b6.noarch.rpm
    MD5: 206ec5afe2b8008ef070be7ed743ee49
    SHA-256: 733ecaca1e742e89488118c32d3b123f3e7c70e52f613497f5c3b50136356e44
    Size: 152.27 kB
  37. runc-1.1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: cabf5a38daa2543f60bf4e0f98955dd0
    SHA-256: 682a8da2d7a8bf3341fa7f3918aa076c721a1a0d62f56bd9f1a5c7fc841623f8
    Size: 3.09 MB
  38. runc-debugsource-1.1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 66716c07333682a71a311b3c99031bea
    SHA-256: fddbab896526bcc381edabf100120fb83b5e81a167c548dfec2d9cf1c45c109d
    Size: 893.45 kB
  39. skopeo-1.13.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: f34f0a05f7da41a2a08f035617eda1f1
    SHA-256: 75a1813708af6964eda853b27c78654e15e2810ac5fcd7f3da12d91e4a8d41be
    Size: 8.14 MB
  40. skopeo-tests-1.13.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 5eacc292af1031be512d7cd61de2864e
    SHA-256: 7025acec81c3f65e86485ef5b8df21755e7cd5ec1a3fe571aafa0b42164a5ca6
    Size: 783.44 kB
  41. slirp4netns-1.2.1-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 01fec3e2e7bddc99956a2708d04aaf7f
    SHA-256: 86efc26e0f0ac4fa6b9b6b25a7770b929a7bd4784b6568441e81c61fe653429b
    Size: 54.51 kB
  42. slirp4netns-debugsource-1.2.1-1.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 6b2923661d3c7ba0f199b02a7df8870b
    SHA-256: 620977e013c3a83fdbbea6292359b0370df5a519749f96180fb812fe536116e2
    Size: 43.31 kB
  43. toolbox-0.0.99.4-5.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 47d667fe6d578d8d57293f9583c1df36
    SHA-256: 1dd2211f684d8178c70f92f3fc8ec7ca56ae9e4590164179daf93507d9ec3ecc
    Size: 2.53 MB
  44. toolbox-debugsource-0.0.99.4-5.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: 21e9a3f36d3e7d89cb300c60bd59cb2f
    SHA-256: 5315c730b6372b24d64570c9030b365c4cd9cca6988999d71ecb01e90375c0fe
    Size: 559.50 kB
  45. toolbox-tests-0.0.99.4-5.module+el8+1722+9d7a18b6.x86_64.rpm
    MD5: ea95ac081cfdca5a9fff4635e215e3a3
    SHA-256: 83198157466237968202cdeb379226a0817bd34f0a109d093f8f970548c97701
    Size: 37.56 kB
  46. udica-0.2.6-20.module+el8+1722+9d7a18b6.noarch.rpm
    MD5: e38ba44cdb65463a2c9c34027da11abd
    SHA-256: 415fec3f5f38d7bd211e666ef297e6eeebc681512c6d95615c7f7183672f4607
    Size: 48.15 kB