container-tools:1.0 security and bug fix update
エラータID: AXSA:2020-852:01
リリース日:
2020/11/03 Tuesday - 10:03
題名:
container-tools:1.0 security and bug fix update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- container-toolsには、パストラバーサル攻撃が可能なため、攻撃者が
HTTP(s)サーバーに悪意あるコンテナイメージをホストして、
ユーザーのシステムのどこの場所でも、パーミッションがあるファイルを
上書きすることができる脆弱性があります。(CVE-2020-10696)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-10696
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
追加情報:
N/A
ダウンロード:
SRPMS
- buildah-1.5-4.gite94b4f9.module+el8+138+69c92528.src.rpm
MD5: 8f42a3272b7a15317183c1309f4090c2
SHA-256: e49e576989249d653d7a113db65daa74591f8ad2ffb08e40719de82da3137a6e
Size: 4.21 MB - containernetworking-plugins-0.7.4-3.git9ebe139.module+el8+138+69c92528.src.rpm
MD5: 7504482af976d0153a7c95ceadd7882d
SHA-256: a05cf687e1116be99eeb7944a2d1c909dcd478229455aa8842c2113b8cd89fda
Size: 825.68 kB - container-selinux-2.124.0-1.gitf958d0c.module+el8+138+69c92528.src.rpm
MD5: 2048102d5b3c83f972a22d584b058722
SHA-256: 801b3d172b1268fd69c6a9a03d938e29fdfcb5843e7b2408814596143a1dfde1
Size: 38.35 kB - criu-3.12-9.module+el8+138+69c92528.src.rpm
MD5: fc7f58b78e407ca0255a0518e38dfbdb
SHA-256: 0cd7a14d7a64fb81b6a8c0a18e698ce75f12c5ed59f21fcf9791190111b38387
Size: 831.10 kB - fuse-overlayfs-0.3-5.module+el8+138+69c92528.src.rpm
MD5: 63adda306b60189ed4a853e6156a2575
SHA-256: ec8733dc3fd99246f2f36bc8469da00cbeed108e2aff9375783eab259be6c379
Size: 84.65 kB - oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8+138+69c92528.src.rpm
MD5: 7ca3f2dd2d5147ae702ed4cdaa3f5182
SHA-256: 525b2e8033644a9c757fc6f07897b6b680d94587f57948c68c60dcd709927d81
Size: 40.66 kB - oci-umount-2.3.4-2.git87f9237.module+el8+138+69c92528.src.rpm
MD5: 0a2531c265c79aa901bb4ca98709b794
SHA-256: 2a1ab71c6643cb6edffaff93f96dab5842c98bbec4e04ce360b112ccbac056bb
Size: 39.93 kB - podman-1.0.0-4.git921f98f.module+el8+138+69c92528.src.rpm
MD5: b19a2f585cee40093a2deebd77318ad0
SHA-256: 5ee3eb2cd58ed577885a2f80be25b572ec86f67c8944e599240cc0ee73185f3f
Size: 17.11 MB - runc-1.0.0-56.rc5.dev.git2abd837.module+el8+138+69c92528.src.rpm
MD5: 582624d9ce4c563b29f526c5a79e57e2
SHA-256: 8ace7d6abaffee305bdc72dccaa8c30f61b8f7c06f786539a45fc0d10016914d
Size: 1.14 MB - skopeo-0.1.32-4.git1715c90.module+el8+138+69c92528.src.rpm
MD5: b9b2468778e77153d57d69ccbe8009bb
SHA-256: 53732182b22a65d060648d58d13033dc6c3c863b0883c02e8d583e6da9cc76c9
Size: 4.00 MB - slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8+138+69c92528.src.rpm
MD5: b2fd91bbfd1d6777c5b0877aaeeea048
SHA-256: cfcf5f9f63a5d4836d2370e7dc0b31c4f150122744cc6e8dea02fdea212e3c38
Size: 139.78 kB
Asianux Server 8 for x86_64
- buildah-1.5-4.gite94b4f9.module+el8+138+69c92528.x86_64.rpm
MD5: c4ea81368182d79d34c25653c0bbea99
SHA-256: 3d6bf4084bca09118781690f5e5927947653183a0e723168781293f50a655cc0
Size: 5.74 MB - buildah-debugsource-1.5-4.gite94b4f9.module+el8+138+69c92528.x86_64.rpm
MD5: 6f76f1995d1f238ddfbee46091dd948e
SHA-256: 1b395da5518802dec233a976d86f0a1541cb79c55277ca6d537cab1c4dcad998
Size: 1.26 MB - containernetworking-plugins-0.7.4-3.git9ebe139.module+el8+138+69c92528.x86_64.rpm
MD5: 941a46b237b250c624deb65187b7fe41
SHA-256: b4e2bb2ce72110df1ffad1d771669ec16fb865e73f403a67b307bad5f14cbaf6
Size: 14.57 MB - containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8+138+69c92528.x86_64.rpm
MD5: d5be2b589039f5c1328eee220081c84a
SHA-256: 70dff742339bcca66e7ec674e5bea577f06f67a3776c2e71b2255cab1adf90ab
Size: 164.47 kB - container-selinux-2.124.0-1.gitf958d0c.module+el8+138+69c92528.noarch.rpm
MD5: c769f8a145b3f39f6fd8b483635caef5
SHA-256: 7ff1b998e15f559d72456ce29acbc2d55c213b24f98f7b642923ed07f29c220e
Size: 43.78 kB - crit-3.12-9.module+el8+138+69c92528.x86_64.rpm
MD5: 35706e6678e3a2cf2aa0b570d1b06320
SHA-256: 34579923e2e448fe00e84d4864eef44dce5a7e4e56ea8897cd2259c526656975
Size: 18.00 kB - criu-3.12-9.module+el8+138+69c92528.x86_64.rpm
MD5: fd78c752276ddac77c3dd6c619ce7e80
SHA-256: 65e51cac1bf67ee9819e2d70684b9453ee9649ba4ed987404d49ba43f8b07105
Size: 481.01 kB - criu-debugsource-3.12-9.module+el8+138+69c92528.x86_64.rpm
MD5: 0d451ddab04ada6d6aee6cb9c0f0fa55
SHA-256: 4fa1bf76fe07a94c3f0818090bc49424e37fe30d98e3d9b7ab8fee517fec9052
Size: 622.85 kB - python3-criu-3.12-9.module+el8+138+69c92528.x86_64.rpm
MD5: cdabaa5cfee6a753a8f28ce8a941bdd5
SHA-256: 0067b0a6e2428aa112fc31a6b06c7448daf176a4751d492a6af66f1b43dd3571
Size: 155.83 kB - fuse-overlayfs-0.3-5.module+el8+138+69c92528.x86_64.rpm
MD5: cc76f2579ae28b4dfa32cf15c7dbec91
SHA-256: deea3b9e65b4bd9e244a8aac45cb4518da5955e9f989cc2b4a67e7b07fad6f4b
Size: 46.50 kB - fuse-overlayfs-debugsource-0.3-5.module+el8+138+69c92528.x86_64.rpm
MD5: d335f75a6c39688ec71ed70125b9b385
SHA-256: f56b0ced09fe16d3433c4b4b6dcf76f6ecb0894ec64c59976185fa1d6d9a6611
Size: 35.85 kB - oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8+138+69c92528.x86_64.rpm
MD5: fc8138a3a29a4994e40bc1bf3115bc25
SHA-256: c0936798f10456426de15970536e497ce8326a41278e785a465e4d7ba5acd5c4
Size: 38.04 kB - oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8+138+69c92528.x86_64.rpm
MD5: 8a0d21d40ca4133251519cf1723128bf
SHA-256: 61d81c475b7d065c199f717a8dfb61dd27b4493cdd323441290741846b094b5c
Size: 18.06 kB - oci-umount-2.3.4-2.git87f9237.module+el8+138+69c92528.x86_64.rpm
MD5: b55cd91cbd77c2f64629b6cfd64db7cd
SHA-256: 7a74d64e4a9f032425e4c09e2971faa0a3fa023ed298b14338a664974d5eafc0
Size: 36.81 kB - oci-umount-debugsource-2.3.4-2.git87f9237.module+el8+138+69c92528.x86_64.rpm
MD5: 6931e3ea430643f9e20542de79ccba9c
SHA-256: 5d03cba36d7826395c2c2683b9651ee1adeaa7ee31c8dfa6308d31060dd10c38
Size: 17.39 kB - podman-1.0.0-4.git921f98f.module+el8+138+69c92528.x86_64.rpm
MD5: 095e781d40ea03ded4f7216c83e0cb5c
SHA-256: 3e95d436e3e04daed607f4e5806a7b2471d2328bf1cd5348e0db60f3c721c1b4
Size: 9.72 MB - podman-debugsource-1.0.0-4.git921f98f.module+el8+138+69c92528.x86_64.rpm
MD5: 754ac8b4b984e2d8573e24f685259458
SHA-256: 397ba2b9f9794f13937b58aa387fb96059d7268e380ef9a6f7a1ddc5e62dce70
Size: 2.22 MB - podman-docker-1.0.0-4.git921f98f.module+el8+138+69c92528.noarch.rpm
MD5: 19780bb626d82a7637720f4f32a36acc
SHA-256: b573164e50d2ca7c407fab7541e63501d26ef32f5d1963a0c38150f5f1323635
Size: 27.32 kB - runc-1.0.0-56.rc5.dev.git2abd837.module+el8+138+69c92528.x86_64.rpm
MD5: c3fd374b8e3b3d4bb8b892f23996c126
SHA-256: d8422b1c73f67f3048536ce076a80964c4912070a214037af54f139495d643b4
Size: 2.50 MB - runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8+138+69c92528.x86_64.rpm
MD5: 159bdcaff8c1da3dd8beac36506bdc33
SHA-256: 73194c9ce3418fb3bb7b87c6a870d4841708a6f578624817a90260bb2cb859b1
Size: 329.97 kB - containers-common-0.1.32-4.git1715c90.module+el8+138+69c92528.x86_64.rpm
MD5: 90475d80a55934015ccba21705b60f54
SHA-256: 782a547114b2356072a8d92853095aa3c4b97b2591ffe644d063e11f3d4bf222
Size: 30.17 kB - skopeo-0.1.32-4.git1715c90.module+el8+138+69c92528.x86_64.rpm
MD5: c8eef13b0ad8e0fd1a2d480639adf92c
SHA-256: 5af0de5a05d3ab6110eb3af1dc05a6fca8e165357e936531e123f69eff540f1a
Size: 5.24 MB - skopeo-debugsource-0.1.32-4.git1715c90.module+el8+138+69c92528.x86_64.rpm
MD5: eb0a0b413b1102240b3a66f4b014e9b3
SHA-256: 0c69d9fd55dc68e2c83b7477cce034af76f969c08df3ed47c7fbb6eb27d15feb
Size: 1.07 MB - slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8+138+69c92528.x86_64.rpm
MD5: bb2c91d0408ec2efa2e3bd2ec67a9882
SHA-256: 93055d2384ba736bf78a6287e5f79aade8bf3cc51120cfa8fe29d6c5a47fe4f5
Size: 53.70 kB - slirp4netns-debugsource-0.1-5.dev.gitc4e1bc5.module+el8+138+69c92528.x86_64.rpm
MD5: 2dd6d8e6f9d3fa8d38bf87effd86362b
SHA-256: 345ff96aec54c69dfadddc53545c4f4f6fa89c4380d49332d1d5d8b5977b63dc
Size: 96.35 kB
English