container-tools:3.0 security and bug fix update
エラータID: AXSA:2022-3168:01
リリース日:
2022/05/06 Friday - 04:52
題名:
container-tools:3.0 security and bug fix update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- container-tools には、不正にコンテナが起動でき、ファイルケーパビリティを持つ
プログラムにアクセスできる攻撃者が、execve 実行時、それらのケーパビリティを
permitted セットに引き上げることが可能な脆弱性があります。(CVE-2022-27649)
- container-tools には、不正にコンテナが起動でき、ファイルケーパビリティを持つ
プログラムにアクセスできる攻撃者が、execve 実行時、それらのケーパビリティを
permitted セットに引き上げることができ、システムの機密性、完全性に影響を与えうる
脆弱性があります。(CVE-2022-27651)
Modularity name:container-tools
Stream name: 3.0
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-27651
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
追加情報:
N/A
ダウンロード:
SRPMS
- buildah-1.19.9-2.module+el8+1408+31fafd7f.src.rpm
MD5: 2af61e1ddab38416030507b56f591791
SHA-256: 123a8bd8ebc91937df5e5dc63028578631db8cf2b2e21a3a43cbfb502bf15b1f
Size: 10.07 MB - cockpit-podman-29-2.module+el8+1408+31fafd7f.src.rpm
MD5: 99b7e587f9ca5106e298b40d4c3483f7
SHA-256: 8021c4f69071d86991b896c23381425f55562d324f909a1785ac6b2ff22b04e3
Size: 1.34 MB - conmon-2.0.26-1.module+el8+1408+31fafd7f.src.rpm
MD5: becb0bd9960d82b3314c50206f41cd8e
SHA-256: 55f3823e5ea17bf8bfa579706fa3a496723fcff412075d90a944f790eb0992d3
Size: 113.22 kB - containernetworking-plugins-0.9.1-1.module+el8+1408+31fafd7f.src.rpm
MD5: 56f4f3f77f61f5b673714a5e2940a535
SHA-256: 1136473d45bc0949898becd9f769e5e133b4fbc44c0739803d85c67a63510216
Size: 2.44 MB - container-selinux-2.167.0-1.module+el8+1408+31fafd7f.src.rpm
MD5: e4983625e7ab6e6271b9d9283d6b1676
SHA-256: c140c076fa348f86376d07db4692e6cb85778f73579f5dab9a74a2528b4e3804
Size: 49.57 kB - criu-3.15-1.module+el8+1408+31fafd7f.src.rpm
MD5: 52f96b5ba350fe5e21404330814deec8
SHA-256: d74d4474621d6051abf216ef2ca32a75a817025d6ad93fe81acf29103323d641
Size: 1.15 MB - crun-0.18-2.module+el8+1408+31fafd7f.src.rpm
MD5: a6b016943b1e7bce838f9fe8b6e52f4d
SHA-256: face2b2273f03852e64d1cf8c4a32e85ec51e3b20bfcbc6f0d13d0101179d5e4
Size: 1.34 MB - fuse-overlayfs-1.4.0-2.module+el8+1408+31fafd7f.src.rpm
MD5: 8ed17142b7b50fcffe1f303b4b9b9647
SHA-256: e58adf0981ebcd9ad7e41b738ed826e7d0e9bf26868ec57b0af5a4ef3c87927d
Size: 112.58 kB - libslirp-4.3.1-1.module+el8+1408+31fafd7f.src.rpm
MD5: 6116e1eede48257797021437b5dddb78
SHA-256: f868cc03894108211965ba9a47a3d2921cbe1886e961e4c5309f8108473c9a77
Size: 105.81 kB - oci-seccomp-bpf-hook-1.2.0-3.module+el8+1408+31fafd7f.src.rpm
MD5: 72e7f93529d9d2154d18c57b22d38357
SHA-256: 44d0c9b3c7b857d2d16b43f40982e2214ef11f47220bbaff0c824d24c39d8b94
Size: 930.15 kB - podman-3.0.1-8.module+el8+1408+31fafd7f.src.rpm
MD5: e398ea093e0ca8094b69eb367322b08f
SHA-256: c13f5655b8a68e11e037257174051c40ff40e9e7ba6e5995336886cbf6ef72c5
Size: 11.97 MB - runc-1.0.0-73.rc95.module+el8+1408+31fafd7f.src.rpm
MD5: 1ca147fd7db0a621e83149b8187c2f0d
SHA-256: 17a3fbb9477a349435a63d9c2a00821a0aaf72fce45dd1e452c04085c5fc5fa5
Size: 2.18 MB - skopeo-1.2.4-1.module+el8+1408+31fafd7f.src.rpm
MD5: 069f79b270a33ab80cfb11cee02ec4e1
SHA-256: 30ff2bd95f74d123b2183bb90a7fe9f8ce24636cedb1e952e4b685fd2ce13b99
Size: 5.33 MB - slirp4netns-1.1.8-1.module+el8+1408+31fafd7f.src.rpm
MD5: a3bc8e43e15b4bfaa9f6bbb90439b19c
SHA-256: fee7e3c025dea280331e65ec37a3ddf02d99a5adfe97a9f026501bb36aa1ffc2
Size: 67.45 kB - toolbox-0.0.99.3-1.module+el8+1408+31fafd7f.src.rpm
MD5: 86e4b1031d48d2a755d27626e8109b31
SHA-256: db93a7202b443a2949ff798f19cceac278843c9488937777fa108e3df3fd9eff
Size: 5.88 MB - udica-0.2.4-1.module+el8+1408+31fafd7f.src.rpm
MD5: 5585fb1eac6726f97d05f07b7a0279f8
SHA-256: 57c36471ff85ef047ef6846fb57273e40c21d4f40bb21c95c5381a277611aa7d
Size: 133.54 kB
Asianux Server 8 for x86_64
- buildah-1.19.9-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 086b45af4714766024ac6e38415bedbc
SHA-256: abf9fa68f228c3bf11a09bdec9432894bea113dd9944b988dff4ce152494cb15
Size: 6.93 MB - buildah-debugsource-1.19.9-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: fb8eefef590dda6796b5cbbff077eeaf
SHA-256: 64ccc8a136508d2510be5097d8cca7531005439e138f30e3eba83d32c83ae510
Size: 2.52 MB - buildah-tests-1.19.9-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 10276b0f4445b6e1683cda8549f67cad
SHA-256: 26b472804ba7eb7eabdc0dbf8c9f78780f7c9df60fda10cb1ebbfef437f6a74f
Size: 8.29 MB - cockpit-podman-29-2.module+el8+1408+31fafd7f.noarch.rpm
MD5: b4e44971d78062f52ba33a1feeb19a37
SHA-256: 06d7e4da142f112fc90209ca5906937754762f2b848841db4ad53ea7d425e1e1
Size: 1.07 MB - conmon-2.0.26-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 52177cc48381c5e2fc99d71b82f24fa7
SHA-256: 566094135cfd39d96e730fb5e1f6bddc873cb2d7450a6db0849f52fc301e5452
Size: 49.71 kB - conmon-debugsource-2.0.26-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: c1544228598998909dfc0efe7f9c0dd4
SHA-256: 6923c2678b53e93a9f9b43cb16f9a3c21e2f09eceea2a7f7f26437528b6c2c60
Size: 41.42 kB - containernetworking-plugins-0.9.1-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: dec4773e8a8b4bf4644d655c6689ebef
SHA-256: 9a5b548f2d58d00778d2ff3f0b8f188365b6e9f7defb6767cf9c798252a40e8f
Size: 19.66 MB - containernetworking-plugins-debugsource-0.9.1-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 9f909aa19d9cf1c2b26fd7555ddc2c42
SHA-256: 7dcb230b7b5eb7ddb124997f9c8768b321f79c3041607f909b98cb5a7e695242
Size: 343.02 kB - container-selinux-2.167.0-1.module+el8+1408+31fafd7f.noarch.rpm
MD5: 033b2cc87afd033afae09f60ffcc306c
SHA-256: 5c50a80d5b9340c12dec59fe6ae036768c4a4be82bbd94c0ceb0cbc29e272a2a
Size: 50.50 kB - crit-3.15-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 8ac78f1f2d610f6b79cf9eeb618ab9f3
SHA-256: 1c3d1f7c41d3cbbe96e64b94e3ea11821cb04962f1199eae3b5bad93941ae988
Size: 18.35 kB - criu-3.15-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 80b2efdbbabd9efea28ededbdcbf5c27
SHA-256: cbdaab7da2bf18b92e38d9e1953b7cd760d052633a2d70433bc3243b60eb61db
Size: 510.04 kB - criu-debugsource-3.15-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: f83c6de04af831c34e6f0c535d34fb13
SHA-256: e3026986312a8cd685acbdc3598048d5ebcc7017cb15fa771d0fb0c5f3a2ea0d
Size: 663.60 kB - python3-criu-3.15-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 428611af67a8ec07882b9dbda7a06a6b
SHA-256: a72fad54feb139ee697a38478dc8c89e384e0cc1416e157b9b19dbe7bba1f38d
Size: 168.54 kB - crun-0.18-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 95eff8059244782f43bec2fbe4d5f78b
SHA-256: 491e806724ea9eee428b6a00556348b6e88f589ac6bed18cb7194fba771e9445
Size: 183.58 kB - crun-debugsource-0.18-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: fc84b28c3abc705f79b432d1a2ae18ed
SHA-256: 94be519d43c48e7efbe410383e60c4f237f14c677cdebb6c83cca4db1cfa2b62
Size: 134.19 kB - fuse-overlayfs-1.4.0-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 299812aa6cc6d53f8f7f88633727a906
SHA-256: afa80a939655bdae73e0c0c7f71ad94c4a985b15328fe456441d73bf07220be4
Size: 70.72 kB - fuse-overlayfs-debugsource-1.4.0-2.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 35b9af615532de918f8148565104f3ee
SHA-256: 40611fa03205001fa7c164e93aad9b4e3b4b8cac39686e1ef23d56f49b94d572
Size: 52.34 kB - libslirp-4.3.1-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 2d0520ef75bb47565fac6d94dad0082d
SHA-256: b8cceedeb5e70f069dc64f25a4d3296a7aa603abf6fba35205212f60d1027c95
Size: 67.84 kB - libslirp-debugsource-4.3.1-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 1fa4fed47bfad1a30e435b8b7bec8695
SHA-256: db35d993f810cefa60035d38a85c285d5ac63b14e7b7be042f88f67b5d7114cb
Size: 112.94 kB - libslirp-devel-4.3.1-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 7ec6ced1c327fc659dfead98dd235715
SHA-256: 29da06bb8fa1888b90e7f1b928e2d7f2b9a32e733d670ebe12dea69cdf41f7b0
Size: 11.15 kB - oci-seccomp-bpf-hook-1.2.0-3.module+el8+1408+31fafd7f.x86_64.rpm
MD5: fdf6500c4ed0c016d325877bca1c5449
SHA-256: ade978f9b4891771872eee7d81db2185a2580bcf214af243eac9c08c4dab10c7
Size: 1.07 MB - oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8+1408+31fafd7f.x86_64.rpm
MD5: c3937a23e79d28088bbdeef0d001f935
SHA-256: d8b9e74ea5fa63b1f4715ca56bf41ac27a7be8e8ab620fa4acd812bf14d499cb
Size: 143.75 kB - podman-3.0.1-8.module+el8+1408+31fafd7f.x86_64.rpm
MD5: e67761ff906e2d27172d820e90a82a90
SHA-256: 9e2f63e6205ff87c972b069d9f70a882b0b8ecd62710777a210aa106f9caf944
Size: 11.26 MB - podman-catatonit-3.0.1-8.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 09db979c19f4bf3ec5856c3880805541
SHA-256: 624f2b703babb3f713df439e00819b4124f6939b66197b420544312bb7c316a9
Size: 319.16 kB - podman-debugsource-3.0.1-8.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 489bbea874df96d08f91c4e40462500e
SHA-256: eeb27d4a456c90e0952f6bc96b9d5a9a475ac72ad5dc44e56a9536a959e768a1
Size: 4.34 MB - podman-docker-3.0.1-8.module+el8+1408+31fafd7f.noarch.rpm
MD5: d651f38a53ea93b41a37267c195055cc
SHA-256: 84ca30fb01b4ad538835fd3bb5a1b82ff7cc1b380ecfa104b3f99b6dead22908
Size: 54.50 kB - podman-plugins-3.0.1-8.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 8a9f9e9ee7bf231759ca3baee59052aa
SHA-256: 512217255ceaa2cf6f317ac8a527e5e6d3d5ff1c35bfa52ec1025a23a27616e0
Size: 1.20 MB - podman-remote-3.0.1-8.module+el8+1408+31fafd7f.x86_64.rpm
MD5: dcc8d2019d5c8cd2902928ce23cff130
SHA-256: e7b1566c7dfba7229061510498bc6a2cc705e5b846a3039f87fd734b051afb89
Size: 8.56 MB - podman-tests-3.0.1-8.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 88eb5224029d4429865405b9d4f33d21
SHA-256: 09cec50ae4a903acc0706091e6a395529cf974e89fba66402b4c4699a59c2510
Size: 105.23 kB - runc-1.0.0-73.rc95.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 229c1f6609b44abb663a42d648aa855d
SHA-256: cfab50dcd800e3dff1d782609e14d647ccc0314cba766252949f4d5d503372bf
Size: 2.99 MB - runc-debugsource-1.0.0-73.rc95.module+el8+1408+31fafd7f.x86_64.rpm
MD5: b4b5c17fd01a8fc72d3f7cd1848f9dc4
SHA-256: f4add629499933af8b3ebe1ab14ee60a10548c00f07443681d501349638e78f8
Size: 864.04 kB - containers-common-1.2.4-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 3812254d08aa9af845b25efb5d63a834
SHA-256: 1379799ca28b9297db2a2fa97869c0495bb9cea22699b90515dac89e0e2f574a
Size: 100.29 kB - skopeo-1.2.4-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 7b9123306af0f34832091ad16b0abb0d
SHA-256: a229d4eaf57eb43111bb27ffa45ec568c4485bd3337c9043d34577efc262c261
Size: 6.55 MB - skopeo-debugsource-1.2.4-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 71adfee881d4528d4851aa7ff2988a2b
SHA-256: f8dacab31ca3cb0c839a2d5e0432ba090df53856e9592e79dc2dd570e406fdf3
Size: 2.38 MB - skopeo-tests-1.2.4-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 36a97a6e6dadb7ed4e3aea6e253d7c75
SHA-256: b7350be99b60351a499a66fb16b0f71929f53cdeb705b72f939f690bef6cb7e0
Size: 38.28 kB - slirp4netns-1.1.8-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 7de1e325a191adebf13fbc3f2675cc28
SHA-256: 03a7e6500b54a9640590ee152ecd4f64e19b193936196529e84adbbe5f9b1db0
Size: 49.99 kB - slirp4netns-debugsource-1.1.8-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: b4374e58d6ecf0e16561d177ddaa1edc
SHA-256: 29d44a285670028a211099266ec21369966e9529a354951530c5788b68a33ad4
Size: 38.60 kB - toolbox-0.0.99.3-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: b0fdbb0dbf93bfd5e38db9b813fe3f28
SHA-256: ae6b7f42b771e6b536a2fb0a50c458bbc91bf59b36f78ea816968d34d3bdef1f
Size: 2.25 MB - toolbox-debugsource-0.0.99.3-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: 8f593886f9c2542ca8e81b4fa6b36775
SHA-256: bafec5e9ac4743789f5ab51bf2ecf7a2c11a69ff7326df52a34759c3419e9ea5
Size: 448.28 kB - toolbox-tests-0.0.99.3-1.module+el8+1408+31fafd7f.x86_64.rpm
MD5: b30c3d618f44461ca4324c165b5742ec
SHA-256: 7822314af77bbc43cd1be9937b6eefaea5d143e7bf05442a6825611f3fff59e9
Size: 28.86 kB - udica-0.2.4-1.module+el8+1408+31fafd7f.noarch.rpm
MD5: 458478ee5f1101b0a00f8c0e168f3e77
SHA-256: 20cab358f68fe605f3246cc56aaa0e00ce01e76b79bd7ba48c92b3c194dbedda
Size: 49.30 kB