container-tools:rhel8 security update
エラータID: AXSA:2024-7515:01
リリース日:
2024/02/14 Wednesday - 15:00
題名:
container-tools:rhel8 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- runc には、ファイルディスクリプタがリークしてしまう
問題があるため、ローカルの攻撃者により、細工された
ワークディレクトリの設置を介して、コンテナ内部から
ホストのファイルシステムへの不正なアクセスを可能と
する脆弱性が存在します。(CVE-2024-21626)
Modularity name: container-tools
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
追加情報:
N/A
ダウンロード:
SRPMS
- aardvark-dns-1.7.0-1.module+el8+1722+9d7a18b6.src.rpm
MD5: da073faa685f39cb6a202c87d4d3e73c
SHA-256: 7fadedcb5103e3cc8c5d32260b9bf7a2759e18f2ceae0e31dbc9b83ff7f092da
Size: 7.56 MB - buildah-1.31.3-3.module+el8+1722+9d7a18b6.src.rpm
MD5: 213b771be7560983c069c6466d345d7f
SHA-256: 19f9bc0bbab059196a58bb740e16c2dd3ac42979ecedca75050496ef8d8d4179
Size: 14.76 MB - cockpit-podman-75-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 04ebfd1907ad6e3530e2eada56199969
SHA-256: edce67cc95f67267a512f9b9289bc2d38d7b67bbb1e741390a125598256bbfcc
Size: 1.30 MB - conmon-2.1.8-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 19e9eeaaa0c5420f021dcdb929294cf2
SHA-256: 79aaf57ab5b51baab324a9e5f7fcde483cf129668f6689e56c9b20e422b4d2e9
Size: 132.94 kB - containernetworking-plugins-1.3.0-8.module+el8+1722+9d7a18b6.src.rpm
MD5: 9e6ae2cdcc2954cde2bfac5c94a59282
SHA-256: df20dbadc9ea343fc46563c3a2e988276a93177596cd407f8a7d2a5f9062fb25
Size: 3.36 MB - containers-common-1-71.module+el8+1722+9d7a18b6.src.rpm
MD5: 212d3108a6762ce02ff4322bff49113e
SHA-256: 963db6c1b20e1e3fd0029d7ea42f64f3dbe3a4a1950c2c4e77690ba739c26fd4
Size: 132.24 kB - container-selinux-2.221.0-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 8199fbcdaf397b862923307220a095bd
SHA-256: d4e9c61e193ad63a6828b2fae49c508d82f787723c841602efd0a69f75d97966
Size: 63.52 kB - criu-3.18-4.module+el8+1722+9d7a18b6.src.rpm
MD5: f28c413fd8b54141b9059d32a0ec7d9e
SHA-256: df7bc9eaabdd95c2af1f3293a60d9e70c8b4d71ef5537077085fbe7ead06f73b
Size: 1.32 MB - crun-1.8.7-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 69889894367e82420690e4e7224f2aaf
SHA-256: e2957d1d2eebf04dcdebda609ee998d31d858ca923d156d1a1d65b676eeb5cad
Size: 1.66 MB - fuse-overlayfs-1.12-1.module+el8+1722+9d7a18b6.src.rpm
MD5: b625f2e7c81e9577ce808c09d6f4ff4e
SHA-256: 8f601d743812a971b59ac03bd3d1d0f2df32effa521bdcaf48b1de791390f5ae
Size: 112.01 kB - libslirp-4.4.0-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 4e1ccf23ad9897adc0e63c1cbc4740e5
SHA-256: 75c1d0e850c7cc2cee9aebcd8736f074739b4cb42b1262853647379ba6867f90
Size: 114.78 kB - netavark-1.7.0-2.module+el8+1722+9d7a18b6.src.rpm
MD5: 0fd2003212c671624d2422d7cc8b7746
SHA-256: 96ed4de26a90c260811f9b2a85c761f24342432611a7d5163b2d6a39fa0aa7c3
Size: 12.25 MB - oci-seccomp-bpf-hook-1.2.9-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 086fe5c0354aef1790dd8ca6cdcc52e9
SHA-256: 32869365cdd59c4cd9f7ed468f3352142192ac2818df09854fdd1291f327d30e
Size: 1.45 MB - podman-4.6.1-8.module+el8+1722+9d7a18b6.src.rpm
MD5: 3815c5f817ef076b81251d8cb67c9c22
SHA-256: 6218417de653fb8cd824ccddbfe909350268e0d5f86c89bd4e036a983913d61e
Size: 28.44 MB - python-podman-4.6.0-2.module+el8+1722+9d7a18b6.src.rpm
MD5: 757a5ef309edb2e1fb8fd5b0875185cc
SHA-256: 8a377bbdc254ed69d9d994035945b23eae1078c2743d62eca959532f698ba9e5
Size: 185.24 kB - runc-1.1.12-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 7bada8d95219c3c4d2f0e61b87e0c8fd
SHA-256: 6bf3d4e464fd5870ac4dc6bed39ee7c43c7f63ba69c96ac67d6dab79c574f680
Size: 2.38 MB - skopeo-1.13.3-3.module+el8+1722+9d7a18b6.src.rpm
MD5: d2b1faeaf72f3dc0e9bcc63cced081fe
SHA-256: 7995fd83532cd993102218b172e0350a46d8668feecf38c8c1217da8d25090fd
Size: 7.49 MB - slirp4netns-1.2.1-1.module+el8+1722+9d7a18b6.src.rpm
MD5: 7bb49fc51aca238f937eab122cea65a4
SHA-256: b3ea565f43ffa0866fde1b64baec5a643e56174e456e413b0c51e7b8a7cabe3a
Size: 74.94 kB - toolbox-0.0.99.4-5.module+el8+1722+9d7a18b6.src.rpm
MD5: 8efbaf570fc2df6fdbe59f7835e34aa5
SHA-256: 1747fba2f2514ed56fe65147aefe96b8f97b5f6de5f6c09bc9bbd11607ed000f
Size: 2.25 MB - udica-0.2.6-20.module+el8+1722+9d7a18b6.src.rpm
MD5: 55c0467e1ba4a78f045945965e67c9f4
SHA-256: cc75766378f24ce7c3a87f00aaceac8930476649cc4addfd888a973a4480d89e
Size: 134.17 kB
Asianux Server 8 for x86_64
- aardvark-dns-1.7.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 2bb67a58708d02960bc0cbece3e50fc6
SHA-256: e76bb1a29f484c3bea64ab8083e21a3bbbd999812f143bb4f27685dd02157cff
Size: 1.01 MB - buildah-1.31.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 68d889de5ca023611f1fcab2edbe1642
SHA-256: c4fcfe9f81367fff5b0ebc0ffd869064a2a6031ce0967cb7cfa840064ece9b1e
Size: 8.81 MB - buildah-debugsource-1.31.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 2c6624ee78c6ac74d6e85cad685dc7ea
SHA-256: 42ac54540f1abee6b6e176aceb5e2bbb79448a1a0869d7a6f9e05c01a2df2fb9
Size: 3.87 MB - buildah-tests-1.31.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 60c91925002ad5b4c68fee9e9ebdb497
SHA-256: f519bd670bc9bb37d4f3316a6edd3ace23dbe078987c70370c2c1b79e6782c4f
Size: 28.44 MB - cockpit-podman-75-1.module+el8+1722+9d7a18b6.noarch.rpm
MD5: efb8cd194d8ddd0b404e5a11d9f36fbf
SHA-256: 9d5662f46f0ca15d2cde8d7da97b1ec61f8058b13cbee4c2c6bf5969eeb96f6e
Size: 738.05 kB - conmon-2.1.8-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: e6c5946d320653303f917f8745504d63
SHA-256: 4b2624df16e3129c4129b4fa73755a5d93fcded86c1ea0cec8d9ae07975fe1d6
Size: 56.29 kB - conmon-debugsource-2.1.8-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 69ae31a394f650c0d1ffac216ff951a9
SHA-256: e58e5110b33648755c2ead4c781f292446c48af53ae042e754d85b4b73e9503c
Size: 49.92 kB - containernetworking-plugins-1.3.0-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 289fba1b32761eee36495162e8ffc5c1
SHA-256: e0a080797935aa00ceba4dd6f28d4fc234fd062edaefa926505797f2ed977541
Size: 21.43 MB - containernetworking-plugins-debugsource-1.3.0-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: a03657272a4f07aaf9c135e20b4aa408
SHA-256: b0cf1f153f5cb492dbc636ebd757cdced0cede04f50db64a98f6116b09fff1d9
Size: 428.01 kB - containers-common-1-71.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 43b0cdd67773f67133b560c9dd59cb82
SHA-256: 912c7724e83926372afc41548784266cd99cc953f786f8a64a0164a8fd86837b
Size: 133.27 kB - container-selinux-2.221.0-1.module+el8+1722+9d7a18b6.noarch.rpm
MD5: 24b115b026191aded069f7383789bad4
SHA-256: 7f1ef0d7c533c7056b05c501b55be9ffb6e58dcfb47ceda1ea6b9d27c1d1a0af
Size: 67.85 kB - crit-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: f157ad9ca4717eee30280d2c2ec9a07c
SHA-256: ba427a3f63399bebca13cfef675350c7a76f4ebe3b079f194af8aa38d5665efc
Size: 22.00 kB - criu-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 8a1fad17336abc3f40069ff3cae017c1
SHA-256: 1d4b8675c4f6a440d6eccd9da63d748a8a71a81bfaa78ebdd89f8730471dbd0a
Size: 563.03 kB - criu-debugsource-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: d50b8bb85489b854f162c5782157c0cf
SHA-256: 58d6dc26c25f13cd84f1c61bc8e276f4d0df5545bc9f65010f443ca152416ea3
Size: 729.68 kB - criu-devel-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 77149037ae6806e979872574e757b20e
SHA-256: 838e27e99d96707afebc4f596b9279d0f9a489219e4568a89882a6f767172207
Size: 28.13 kB - criu-libs-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 65877c775f4d3ccd8bfaa6dc4edf1db1
SHA-256: 73520d737e8729a2506f053c89d02d1007eff574de62af14de1b008ddccf1451
Size: 38.06 kB - crun-1.8.7-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 51c52476a417c9cf638061f1db04de17
SHA-256: 36b31c86a588e799b1ec453cdfdcd4d553b342c199c2d3db18ef9b919c00647e
Size: 237.92 kB - crun-debugsource-1.8.7-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 2efe195b835e2e277c66e57d903a5ca5
SHA-256: 4fc03b3d7efe25ec8833933f9b75f02b69303d51c2de89dc2ac7ea02c903c622
Size: 183.80 kB - fuse-overlayfs-1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 1f736ffb826c0b6f8a4a16a0c3383490
SHA-256: 58c7cc243205f7fde57ccbd96e02cb82bf662f4bac9c30cd6f9a59a3e49d708a
Size: 68.56 kB - fuse-overlayfs-debugsource-1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 722c013f7df67e550d60d3c0c6fc5981
SHA-256: 8c3db0d1b7ef287396fa93cb8f167ee45e5b1314b62ec7c4e379bfa1e6217cf3
Size: 55.41 kB - libslirp-4.4.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 3f45e218b1f210ce512041b0f0c7df9b
SHA-256: f7d25842dc6b7da747657a920d593d06670c0deb8e9c589c1fef07ea8af840fd
Size: 69.17 kB - libslirp-debugsource-4.4.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 912075841af10075011a525b9ee9fb9a
SHA-256: 9e1c74155e3dc65aced9623dec05dabb432681bac60e5ad662e7ef6e0e0715cb
Size: 114.43 kB - libslirp-devel-4.4.0-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: ecb889943ae1d4794739e1e7ee73a4fc
SHA-256: 377d3c84cc3913ba7826838ca498035ccc535f2de37fffd943d32edf04697e8e
Size: 11.29 kB - netavark-1.7.0-2.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 662b569943da745ce08f47112e7cde69
SHA-256: 8e5c494d1668d7a4f2f58529dd2a0a2cccfe3ac178c95c4c308fb94c89fd764c
Size: 3.71 MB - oci-seccomp-bpf-hook-1.2.9-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: dda01f873a394ade6d56c7067203c454
SHA-256: 294366cba04333215f9d5d34bd8537855074e742bcbb3ab0b68b20c0b1a9eab0
Size: 1.06 MB - oci-seccomp-bpf-hook-debugsource-1.2.9-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 2e51548036a1318fed74a9203f3b7dc9
SHA-256: 133c3da02b047d240dcb275e64602030a7ac340fb9e460d975f04250d6c099d4
Size: 190.06 kB - podman-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: ee93862ec6fc1c0f931b268e86870fa4
SHA-256: 91f3f62094ed4458c8a66f7470f6fa64646d502d10988b49f9467332d5957f21
Size: 15.34 MB - podman-catatonit-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 686cb73154b9ba2fce4035f1c40e9c0e
SHA-256: 35295a49a65d9c584e2ac6cee83906c1fee3e046153aeed8b6db4491873183bf
Size: 361.68 kB - podman-debugsource-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 5b53534ff6a3480e353a563239161a2e
SHA-256: dc7b7ee2ca84404768e11cf6b69c004e11e1ade880f34c885a65ad28a3c9c6a9
Size: 8.79 MB - podman-docker-4.6.1-8.module+el8+1722+9d7a18b6.noarch.rpm
MD5: 2d39848020e97cbf0e07552936b7a814
SHA-256: 37507eceb0d42c416700426db11c45cf286531830b76736b10b8060fc44bf8fe
Size: 109.28 kB - podman-gvproxy-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: ec5189561a201de017af0b4ae3e00c90
SHA-256: 60df38b1ddeba16aedd9535a7bfef2a8f91de839d58df3d07c68761a6912c3f8
Size: 3.80 MB - podman-plugins-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 5cee445ba42337f5122f2731de9463b0
SHA-256: bd8dde0fb6e122dd6760f9bd6e0e644f0109e44b97d527527f8d8cf8a6c1a213
Size: 1.27 MB - podman-remote-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 5c98a8fee4cdefa56af9ff4d7a569af8
SHA-256: d7a663099c9a0bd232dda37c0ee666a6e12ac219039dad1011770e10d8e41ab0
Size: 9.66 MB - podman-tests-4.6.1-8.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 8bf8c5f9a2fc0eb209e73c1cae7e3fcf
SHA-256: 065b76df0a10d3ba123418e38045ff87d3b81b80796e1913b214a6c0d6a6e4cf
Size: 238.21 kB - python3-criu-3.18-4.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 39d7da05814d6eb3c698d7bb64a7bfce
SHA-256: 24692c9b09b678adb6d98750515cfc768b371ea235b2743789bb20a1bf033ed0
Size: 177.14 kB - python3-podman-4.6.0-2.module+el8+1722+9d7a18b6.noarch.rpm
MD5: 206ec5afe2b8008ef070be7ed743ee49
SHA-256: 733ecaca1e742e89488118c32d3b123f3e7c70e52f613497f5c3b50136356e44
Size: 152.27 kB - runc-1.1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: cabf5a38daa2543f60bf4e0f98955dd0
SHA-256: 682a8da2d7a8bf3341fa7f3918aa076c721a1a0d62f56bd9f1a5c7fc841623f8
Size: 3.09 MB - runc-debugsource-1.1.12-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 66716c07333682a71a311b3c99031bea
SHA-256: fddbab896526bcc381edabf100120fb83b5e81a167c548dfec2d9cf1c45c109d
Size: 893.45 kB - skopeo-1.13.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: f34f0a05f7da41a2a08f035617eda1f1
SHA-256: 75a1813708af6964eda853b27c78654e15e2810ac5fcd7f3da12d91e4a8d41be
Size: 8.14 MB - skopeo-tests-1.13.3-3.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 5eacc292af1031be512d7cd61de2864e
SHA-256: 7025acec81c3f65e86485ef5b8df21755e7cd5ec1a3fe571aafa0b42164a5ca6
Size: 783.44 kB - slirp4netns-1.2.1-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 01fec3e2e7bddc99956a2708d04aaf7f
SHA-256: 86efc26e0f0ac4fa6b9b6b25a7770b929a7bd4784b6568441e81c61fe653429b
Size: 54.51 kB - slirp4netns-debugsource-1.2.1-1.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 6b2923661d3c7ba0f199b02a7df8870b
SHA-256: 620977e013c3a83fdbbea6292359b0370df5a519749f96180fb812fe536116e2
Size: 43.31 kB - toolbox-0.0.99.4-5.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 47d667fe6d578d8d57293f9583c1df36
SHA-256: 1dd2211f684d8178c70f92f3fc8ec7ca56ae9e4590164179daf93507d9ec3ecc
Size: 2.53 MB - toolbox-debugsource-0.0.99.4-5.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: 21e9a3f36d3e7d89cb300c60bd59cb2f
SHA-256: 5315c730b6372b24d64570c9030b365c4cd9cca6988999d71ecb01e90375c0fe
Size: 559.50 kB - toolbox-tests-0.0.99.4-5.module+el8+1722+9d7a18b6.x86_64.rpm
MD5: ea95ac081cfdca5a9fff4635e215e3a3
SHA-256: 83198157466237968202cdeb379226a0817bd34f0a109d093f8f970548c97701
Size: 37.56 kB - udica-0.2.6-20.module+el8+1722+9d7a18b6.noarch.rpm
MD5: e38ba44cdb65463a2c9c34027da11abd
SHA-256: 415fec3f5f38d7bd211e666ef297e6eeebc681512c6d95615c7f7183672f4607
Size: 48.15 kB
English