container-tools:2.0 security and bug fix update

エラータID: AXSA:2020-866:01

リリース日: 
2020/11/07 Saturday - 08:16
題名: 
container-tools:2.0 security and bug fix update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- container-toolsには、パストラバーサル攻撃が可能なため、攻撃者が
HTTP(s)サーバーに悪意あるコンテナイメージをホストして、
ユーザーのシステムのどこの場所でも、パーミッションがあるファイルを
上書きすることができる脆弱性があります。(CVE-2020-10696)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2020-10696
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. buildah-1.11.6-7.module+el8+136+c1307a0a.src.rpm
    MD5: bc9daceac34e66684d2ca4a6525626bb
    SHA-256: d988a6b1aeda1723e920f15be5d9e166ef8fba60df7e9002a877ab7a6edf0da7
    Size: 9.85 MB
  2. cockpit-podman-11-1.module+el8+136+c1307a0a.src.rpm
    MD5: bb8b38e57e1fbd5ad0c2e764fa9170d4
    SHA-256: af5d2629a0ce8ea62762345e0cfc4762177f1dc61e696163ffd3ba54f6a1b6b3
    Size: 1.36 MB
  3. conmon-2.0.6-1.module+el8+136+c1307a0a.src.rpm
    MD5: c93ec7a42d2ff89b4547c89bc309ade1
    SHA-256: 6d0ee67e0403a647c912d3683c02e3f18bcbf52ad76592ff7f97981ef0cdf44b
    Size: 60.59 kB
  4. containernetworking-plugins-0.8.3-4.module+el8+136+c1307a0a.src.rpm
    MD5: 7883bf60026fbb60c5c24bdc8dd5b37e
    SHA-256: 8ea38ac365a14e69262d277a8affd5b9710ba4e980862e3aaae6bde48300a06d
    Size: 1.86 MB
  5. container-selinux-2.124.0-1.module+el8+136+c1307a0a.src.rpm
    MD5: 808e26af9b6c67bfc38d867cc256141a
    SHA-256: 1078dd153f81a33085a8bc96a611646ff2ecc93411fa9f438d9bb156b6edc8fe
    Size: 39.82 kB
  6. criu-3.12-9.module+el8+136+c1307a0a.src.rpm
    MD5: 419e2ea45d60e32aee8680818dba7c90
    SHA-256: 131b6028a1f219589ba58d1ac1aef845b60bf40b2e93f0de6f517eafa1243e59
    Size: 831.10 kB
  7. fuse-overlayfs-0.7.2-5.module+el8+136+c1307a0a.src.rpm
    MD5: 337365dc47cfb9c7039f75f7146fa4d8
    SHA-256: 9fb0a2a01aff9b765dd53067492d7fee3a3814493ce02e9e7c5c63548696faa2
    Size: 105.50 kB
  8. podman-1.6.4-15.module+el8+136+c1307a0a.src.rpm
    MD5: 5d0cdb53c78931f19b19d43b73d2e15c
    SHA-256: 98ad12c227d4bd5aead24cfe05ead589b71416545371b7a4f00a722c0c786728
    Size: 7.83 MB
  9. python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8+136+c1307a0a.src.rpm
    MD5: b10707529edcdbdcdcff5fae9b5a9ea6
    SHA-256: 995f81c94a91cada9d6e96a276a957895f198498980f115511b100036817c89d
    Size: 39.40 kB
  10. runc-1.0.0-64.rc10.module+el8+136+c1307a0a.src.rpm
    MD5: 161112b8dd50fb1323c1499ce5b2eede
    SHA-256: f81f604e2cf6c4fcc019a68bb1205d94ba4d07008d6100bda8d13b3cfcfbfda6
    Size: 1.80 MB
  11. skopeo-0.1.40-9.module+el8+136+c1307a0a.src.rpm
    MD5: c369824bee8e8936b8d69b618399c6ff
    SHA-256: 474937564a80ba4ab10330f6c08ce5d2f6cbc79d03db06fa044db3e2cb377c92
    Size: 3.69 MB
  12. slirp4netns-0.4.2-3.git21fdece.module+el8+136+c1307a0a.src.rpm
    MD5: df797de19a4a1c7a40ba9a5c8932f3e8
    SHA-256: d83e982bc5a1f08f9d87bebe2ebe0fa3acb14a30fb96ff909e8e13a8c1adbc90
    Size: 178.57 kB
  13. toolbox-0.0.7-1.module+el8+136+c1307a0a.src.rpm
    MD5: d84d2fedaefd3ec10c6c8ddd62eb106d
    SHA-256: 3305e5cb17acb179dae9c255fb9d3b03d15e961d6e4da10587ab99ec89604bb6
    Size: 18.80 kB
  14. udica-0.2.1-2.module+el8+136+c1307a0a.src.rpm
    MD5: 36d9533a694154b62698893844d06b17
    SHA-256: 0fec14508fae53c677948b5d43b7167d2ed210bf7073066b100bb24f5d0d0de5
    Size: 128.16 kB

Asianux Server 8 for x86_64
  1. buildah-1.11.6-7.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 85e6175499a12d08b3eebcc3b9a79e17
    SHA-256: 1105f40092e38937b451b1a73f6bfbee86e47c44a453f87b9832c5876369f482
    Size: 8.80 MB
  2. buildah-debugsource-1.11.6-7.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 7c6af90c6982cecd0f3ca450820ac4ac
    SHA-256: 361ea42d6519c3bfe8a259b9a1522f18c731a22b0a7d895712452d553637ec6b
    Size: 2.00 MB
  3. buildah-tests-1.11.6-7.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 7071c823b2eec147b409c0663e07b5e8
    SHA-256: c5f3f5edc70b86c1c3c115e6953f6941c4617bdeefb2b6c1a1c7e21da9e82e00
    Size: 10.21 MB
  4. cockpit-podman-11-1.module+el8+136+c1307a0a.noarch.rpm
    MD5: 18ae7b7104a829577547a173d2ae17d5
    SHA-256: a594b3c6d7a0a2d1f29b433932e08bcc5fb42214a7bd2e110a88d5de085673ae
    Size: 1.02 MB
  5. conmon-2.0.6-1.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 839d7ad53df04cd79f9ee1e3d11d80ca
    SHA-256: cb92e35809e2a8e800be9646475d1db193209b2f6587196b7fc583e9ff3cd55c
    Size: 36.04 kB
  6. containernetworking-plugins-0.8.3-4.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 8a4fcfba12d1c076d6c7356e48a0722c
    SHA-256: 4087e3162987d1c299022ed7ee977bf9ff408d54aa11d4db5ce9e025fdc12bc5
    Size: 19.71 MB
  7. containernetworking-plugins-debugsource-0.8.3-4.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 8cd64a34d823154fea553d94adff3eab
    SHA-256: bafd12279a31b35690ce5fc6dd4bc886d4ea40c178fc61c1cf5b2f8a5b5794f6
    Size: 277.76 kB
  8. container-selinux-2.124.0-1.module+el8+136+c1307a0a.noarch.rpm
    MD5: e754101901c6a6d377556eb3aa495730
    SHA-256: 3d3e3955e66bce109e0868537f4ef20b9275418f718ab0aee18ac2000c174b6e
    Size: 46.08 kB
  9. crit-3.12-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: a0d8d9f73d8f12b1f52d17007bb8dad8
    SHA-256: 5e7ba06c7f2f756c0ac5ee26995faf082b10e5177b67c9ef96fee967c5d4ac96
    Size: 18.00 kB
  10. criu-3.12-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: c536f533aa04ea56ab7a9021bb1bc572
    SHA-256: 523446e9e84256fcd61683f6db6ea08d1ffb2ae13035c77fd7452404157a9aaf
    Size: 481.04 kB
  11. criu-debugsource-3.12-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 1e3aeaec8f4c0f3bba91eb37351b3b6d
    SHA-256: b829da791cb1f2491681b4c9cc5d28c560418e210e930fe79277c42e8f8a4fcd
    Size: 622.88 kB
  12. python3-criu-3.12-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: c703031d27dc9b849a5721f4ee302acb
    SHA-256: 8870ab3000698bd086bab5fe79bc3ae7f7cd0c577f11a49088b435bf0b591d93
    Size: 155.80 kB
  13. fuse-overlayfs-0.7.2-5.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 14b1a6cb00cdc0a70d9d811239b0d223
    SHA-256: 55f583ef83f4be727701d4f7a2a208d5f560ee133ad53c0d3d1dd9c789b06c9a
    Size: 58.28 kB
  14. fuse-overlayfs-debugsource-0.7.2-5.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 82d83fa0ced0ec9741606065ad159b76
    SHA-256: 40a3e8160e150ed9b4426c6fb701b60390c716225b966f37dbb3bbb0532e6192
    Size: 47.53 kB
  15. podman-1.6.4-15.module+el8+136+c1307a0a.x86_64.rpm
    MD5: e10b818b47ea1a997463475928bc2027
    SHA-256: 01a8bebafa9b7f7d26f3f4dd0610bd815556c9a8453ac0f930a564363992be7d
    Size: 12.52 MB
  16. podman-debugsource-1.6.4-15.module+el8+136+c1307a0a.x86_64.rpm
    MD5: c5f2b21bdf59a842ed6dcd80f5a30d41
    SHA-256: b2bd285676f7540bdab35b9c951f2060ac245ee0a956fc2066e3f250d6f09718
    Size: 2.84 MB
  17. podman-docker-1.6.4-15.module+el8+136+c1307a0a.noarch.rpm
    MD5: e49743d18a50e1b1fc5ac735006e82af
    SHA-256: 61837b5dff9289ce5b90e9ede58097e879d9e3bd89830cb69d2d1946c1b4ad48
    Size: 35.62 kB
  18. podman-remote-1.6.4-15.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 868e938d58ef8369bf8da6359856b368
    SHA-256: 9f01447d5edb83bda7470bfbad5cf36d027f269cee4ee9c7c04329a8b941b9a4
    Size: 11.60 MB
  19. podman-tests-1.6.4-15.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 12762f1fd14b718aca8f50b4cc95ca3f
    SHA-256: f87c0e26eab05262e4cab9b106d46fb73304085a472c08a30e4fc8caf693d999
    Size: 46.73 kB
  20. python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8+136+c1307a0a.noarch.rpm
    MD5: e9ca964c02d5a906783e76caabe5f6c2
    SHA-256: 2f13563feccb0444f7217cafed8d53d6b3562fda32ca52346135598557c0d9e5
    Size: 42.00 kB
  21. runc-1.0.0-64.rc10.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 510547a97c7f4a15d5821c1864875c98
    SHA-256: db09a9804138392d89fbef3407709c3a2115f2c9939e9c9cfa30061069462a59
    Size: 2.67 MB
  22. runc-debugsource-1.0.0-64.rc10.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 91b781ac015f2960f58cdc088b6da8e7
    SHA-256: 6fef4b0c34484d4652bcc7c9b21be65bb330ae07f771f56089cfb2a0412c9f08
    Size: 389.84 kB
  23. containers-common-0.1.40-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 068fc94ba2690d1e7806e4259ee99af6
    SHA-256: cdc742bfc94c6abe3c536797b6eaaf147dd7b796f7e5c8a79e8f08c8cd58fb53
    Size: 48.93 kB
  24. skopeo-0.1.40-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 9b8a8c41cc96c28cad3e1311c9570b73
    SHA-256: 76ea02f8de02c80315458dd5e64438cd9976046da43cd2bc1789e7b760b19380
    Size: 5.79 MB
  25. skopeo-debugsource-0.1.40-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 0a83b16d22678df8bf7b5a579df24b85
    SHA-256: 2a4646f1ad7bec0fdb2bf364604d403270437740fa05530043d9924a7a2a0597
    Size: 1.25 MB
  26. skopeo-tests-0.1.40-9.module+el8+136+c1307a0a.x86_64.rpm
    MD5: c4322826878c24668f5dc75eb575f054
    SHA-256: c43fa7436f7629b99ca94e276bf57451ea37b716dcea6fdb98faa8394fce20f3
    Size: 31.64 kB
  27. slirp4netns-0.4.2-3.git21fdece.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 244f662f7be017012830b95cf55dce87
    SHA-256: 1cad20cd2eb52d5cf15f0a75a951a53c0f834cd858674033b5e93bc221111c92
    Size: 86.97 kB
  28. slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8+136+c1307a0a.x86_64.rpm
    MD5: 87ec416a2ee722086d7e1daa923652a1
    SHA-256: c59f28e7531555f0e4c0b7a57190daa2a1a38c811a550ffbdc63aaa24d1343fb
    Size: 128.33 kB
  29. toolbox-0.0.7-1.module+el8+136+c1307a0a.noarch.rpm
    MD5: 7dce2c7b93e9b8e86b4aec90c15fe0eb
    SHA-256: c58a4144ecf075abf87c3c2c6f6aa72feeeb3d01067ccf11d28be8e1f20bdbc3
    Size: 14.36 kB
  30. udica-0.2.1-2.module+el8+136+c1307a0a.noarch.rpm
    MD5: 93b114d040bf7691043fb6723662b124
    SHA-256: 6a2165ca3c4d1b5be959e757754377917d947efd0456c948e7d02316217a27bc
    Size: 47.09 kB