container-tools:1.0 security update
エラータID: AXSA:2021-1556:01
リリース日:
2021/03/06 Saturday - 03:38
題名:
container-tools:1.0 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- container-toolsには、特権付きコンテナの中で非rootユーザー向けの
ファイルのパーミッションが正しくチェックされないため、少ない特権を持つ
ユーザーがコンテナの中の他のファイルへのアクセスのために悪用することが
可能な脆弱性があります。(CVE-2021-20188)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- buildah-1.5-8.gite94b4f9.module+el8+1218+0628d1db.src.rpm
MD5: bc57adda6807f56b90964d55a4b6b663
SHA-256: 0f75b59db9d218ad2dec5de7fc5ecca1e6a4826ffba318b052784322e2982e07
Size: 4.21 MB - containernetworking-plugins-0.7.4-4.git9ebe139.module+el8+1218+0628d1db.src.rpm
MD5: 48316f42a181fe798d7c2f2f7827a60b
SHA-256: 1a42842f4334aa0a54e4d8533d0e1fa0968933e8b366d31a0ae9b8def96f1b6b
Size: 825.87 kB - container-selinux-2.124.0-1.gitf958d0c.module+el8+1218+0628d1db.src.rpm
MD5: 76f4e62f86f81273af7755ab954af39c
SHA-256: aa3e9e118003df322f92cc5d310654d810937bf36e7d9a3b0dfb837bb31f1f14
Size: 38.35 kB - criu-3.12-9.module+el8+1218+0628d1db.src.rpm
MD5: e44b454cffee94f529bce999504b022d
SHA-256: 8cac700e31c608bba52509b09bf29379c56d0480e35a92f4c4a863e0baacede2
Size: 831.10 kB - fuse-overlayfs-0.3-5.module+el8+1218+0628d1db.src.rpm
MD5: 317a4ece55bb076723da9059c30866e8
SHA-256: e1791912658bc5e64a6336eef639255e144b61cd636bb31b6bf28e962ecb8e4c
Size: 84.65 kB - oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8+1218+0628d1db.src.rpm
MD5: 7b1de28f7d041c7a2965971676320139
SHA-256: f7f2e4d63e2950ab1cd392b732d358c318cbb85e6710c36efb8b0c5e8ae79dd2
Size: 40.66 kB - oci-umount-2.3.4-2.git87f9237.module+el8+1218+0628d1db.src.rpm
MD5: c6b17ab62c8af50f231577cfb0fd9e7f
SHA-256: f5be8ac4bf488a48d6ed6bb504afab02f711cac76625f0d2d8aeaccad77a81db
Size: 39.94 kB - podman-1.0.0-8.git921f98f.module+el8+1218+0628d1db.src.rpm
MD5: 82fd8c99c9b9cd2541ad8cc24b21ba8d
SHA-256: c1bd8f98fcac1b72b62a3a38712c137804f3ae082f879d38b82c3f92e358809d
Size: 17.12 MB - runc-1.0.0-56.rc5.dev.git2abd837.module+el8+1218+0628d1db.src.rpm
MD5: 1fda52dc4d6f98851d3fd2f78a8375fe
SHA-256: cc0cdd16f945128cc5cd224ca010446d4a7e18d3a5e1f028f4e983fc4d5e5007
Size: 1.14 MB - skopeo-0.1.32-6.git1715c90.module+el8+1218+0628d1db.src.rpm
MD5: 386a72473dc767d93296f021d6a2d6df
SHA-256: d06adcf6f273c7e9dbaa7839763a54ec575f497e00aea309bd3ae57bd3c9a8ca
Size: 4.00 MB - slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8+1218+0628d1db.src.rpm
MD5: 5cbed470487e4c9dd51ab92574ed2301
SHA-256: c7a032500756d10a23d2d4d1387187666622592391cb2f7052e55c4b82f06e5b
Size: 139.78 kB
Asianux Server 8 for x86_64
- buildah-1.5-8.gite94b4f9.module+el8+1218+0628d1db.x86_64.rpm
MD5: fa1223c016b8c71c3479a785191a8d0c
SHA-256: c12323f45d5326771094f860fdcd333a66bde2e09e53ea5d01679601b2736072
Size: 5.69 MB - buildah-debugsource-1.5-8.gite94b4f9.module+el8+1218+0628d1db.x86_64.rpm
MD5: 5c1395671352aaa6fa8b022fbf0cd2c7
SHA-256: 3bdf7361eb7e60c6985e3ca1384dcd13e5f00afc27850811dc2ec2666c296d24
Size: 1.51 MB - containernetworking-plugins-0.7.4-4.git9ebe139.module+el8+1218+0628d1db.x86_64.rpm
MD5: fed221b09d191c0f9a4459f352533cf6
SHA-256: 43f9df3c71969047d6bf7db5b05966af425eff077a9332e28c745cbb2cf3483b
Size: 15.09 MB - containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8+1218+0628d1db.x86_64.rpm
MD5: 264c8b727027d4c2e4103c39a09964c3
SHA-256: 5c029149c3c640d2867fbac10568c60750f26b4b9d27f1b66cc5c2e7c0655553
Size: 192.56 kB - container-selinux-2.124.0-1.gitf958d0c.module+el8+1218+0628d1db.noarch.rpm
MD5: 141c77a886abbe5185eaf25d6cfa90ea
SHA-256: 5f3bde09f91d491c01eefc985895be27ff6846a0a38bd039788e639bcb69d523
Size: 43.73 kB - crit-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
MD5: 8b9c457d73a2a3a558758a6ee0137572
SHA-256: fece88f37c1e06128c7ea638226e2c8746104d36550d1a1207f664c593f2bc6d
Size: 18.00 kB - criu-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
MD5: b9022a50d71e4b3b78a3dd18af751d77
SHA-256: e7906365b658131883959953289f3d40dccc0bbfb2c8b46cb1f361f1a854654f
Size: 480.92 kB - criu-debugsource-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
MD5: 163080b2de8b092e2da432c195adde7f
SHA-256: aabd71a6c963fd05322b65477e9dd5b15b8ed24c7dfb54ba2e572204660e634d
Size: 622.93 kB - python3-criu-3.12-9.module+el8+1218+0628d1db.x86_64.rpm
MD5: b768cd31281e1d93ca6a3b570d3987eb
SHA-256: fcf9e3e71797be6438ca97bb11c0d98bca267e65c42dc7562ae777edff33391b
Size: 155.80 kB - fuse-overlayfs-0.3-5.module+el8+1218+0628d1db.x86_64.rpm
MD5: cc970cbc749a6496ebe25ae9d887fb61
SHA-256: 10cb6d2145ecbd2448238a5fb4b28d5d334ca35b1c990e8238152fd85bbc0dd1
Size: 46.58 kB - fuse-overlayfs-debugsource-0.3-5.module+el8+1218+0628d1db.x86_64.rpm
MD5: 9bdf035035b75c1440e9c03bcbb0f009
SHA-256: 6e708653f9554ac3046d9f3bd17c25aad4a6acffb69d8d46eda0fddd9741a454
Size: 35.87 kB - oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8+1218+0628d1db.x86_64.rpm
MD5: 0ed01d2ab864e1f34b46a8b614234d7d
SHA-256: 9672fe35a0baf51dcd7d491de5ec7aa10a81f8424ef623831afc69632be57db4
Size: 38.05 kB - oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8+1218+0628d1db.x86_64.rpm
MD5: 845a747bb01d0e364a4606dd92ba2fab
SHA-256: 035dafc701514cc21c2f3a9e3a6a10161d076b8622c3ddf82843de87ca126b2e
Size: 18.08 kB - oci-umount-2.3.4-2.git87f9237.module+el8+1218+0628d1db.x86_64.rpm
MD5: c1716024985631509bd5bbae56eddfc5
SHA-256: 1aff74c5b94b40945e149517018ab60d957a0715aef6c54f41bdf1d381284ecb
Size: 36.83 kB - oci-umount-debugsource-2.3.4-2.git87f9237.module+el8+1218+0628d1db.x86_64.rpm
MD5: dc3aa2b7fe4d85576cb718c7fa09ec83
SHA-256: d6a3420af7621fdcc2377dc53468845f016b726fe18d50a90c12c43fb7c8c7d4
Size: 17.41 kB - podman-1.0.0-8.git921f98f.module+el8+1218+0628d1db.x86_64.rpm
MD5: fc718a50e614ff9f073edfeb25fc50c8
SHA-256: 7cce7ef94e3f90edec171db7b326cd75ead74d0f312c4cc541c179434c7ab129
Size: 9.43 MB - podman-debugsource-1.0.0-8.git921f98f.module+el8+1218+0628d1db.x86_64.rpm
MD5: bcd3536eebb701511f561cf0934a05b1
SHA-256: dc62d34e155fbee0e642d813c005f8b793321994397052ae674c357c7df19e13
Size: 3.31 MB - podman-docker-1.0.0-8.git921f98f.module+el8+1218+0628d1db.noarch.rpm
MD5: ffc12e301f99f23788b7682bb99a0b9f
SHA-256: 2b3fc058cfa899e097c7f8c9923b91499f1661f1d43e09b7c8698d2fbe31821f
Size: 27.86 kB - runc-1.0.0-56.rc5.dev.git2abd837.module+el8+1218+0628d1db.x86_64.rpm
MD5: 2567cda541371e8c25968f9e1cbb12e0
SHA-256: 05a311eaf1598cf8884f6931837a5a6ca6b5320008a6bf0c2d68c0caa06319b1
Size: 2.50 MB - runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8+1218+0628d1db.x86_64.rpm
MD5: 311f8f01818ad7619bcebb8e2ee6267e
SHA-256: 14247a68b8c21aa31fcf24035d03cd743eec8b9fdb762be7424766590b94620a
Size: 389.74 kB - containers-common-0.1.32-6.git1715c90.module+el8+1218+0628d1db.x86_64.rpm
MD5: 38c791d1706dcc3599590ae1e6fa3832
SHA-256: 03175801b5bc6fdd89d85f9a067f067a02902a93080793b5eda141d836add1d3
Size: 30.29 kB - skopeo-0.1.32-6.git1715c90.module+el8+1218+0628d1db.x86_64.rpm
MD5: ad1fdea7fb8c09f4c243ee4732b2f4bf
SHA-256: 3c8e2f85a94d074380c0d85b98c37dc674e72593997c86a7789ef9e85a2951a3
Size: 5.19 MB - skopeo-debugsource-0.1.32-6.git1715c90.module+el8+1218+0628d1db.x86_64.rpm
MD5: 56d55608146eef48de525edc867ffa77
SHA-256: 026ea06b1f352087488a5a2a9050513e8f57f28f9ed332f9d1f1d95e8be341d0
Size: 1.30 MB - slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8+1218+0628d1db.x86_64.rpm
MD5: 3f1490d64c479d8a414d24b56452ff80
SHA-256: bb354c30a3c200bc55e53cfc38f10bb8475ebd2080a96358377325b0a0df4893
Size: 53.78 kB - slirp4netns-debugsource-0.1-5.dev.gitc4e1bc5.module+el8+1218+0628d1db.x86_64.rpm
MD5: 6185558ecb48d3a6264cf33636e49698
SHA-256: d6531e0bea7164306a4b5e8bea3201e04a7d09f910f5507a381177310e8b6472
Size: 96.37 kB
English