container-tools:4.0 security update

エラータID: AXSA:2024-7516:02

リリース日: 
2024/02/14 Wednesday - 16:35
題名: 
container-tools:4.0 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Go の net/http エンコーディングリーダーのチャンク拡張機能の
処理には、最大 1 GiByte の本文のよりも大きいデータの読み取りを
許容してしまう問題があるため、リモートの攻撃者により、細工された
大量のデータの送信を介して、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2023-39326)

- Go の crypto/tls ライブラリには、RSA を利用した TLS キー交換
処理の処理時間が一定にならない math/big ライブラリが使用されている
問題があるため、リモートの攻撃者により、タイミングサイドチャネル
攻撃を可能とする脆弱性が存在します。(CVE-2023-45287)

- runc には、ファイルディスクリプタがリークしてしまう問題がある
ため、ローカルの攻撃者により、細工されたワークディレクトリの設置を
介して、コンテナ内部からホストのファイルシステムへの不正なアクセス
を可能とする脆弱性が存在します。(CVE-2024-21626)

Modularity name: container-tools
Stream name: 4.0

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
CVE-2023-45287
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. buildah-1.24.6-7.module+el8+1723+347257cc.src.rpm
    MD5: 37befdf15a3b27ddc151c1a31ffba74f
    SHA-256: 9dbbfb6e77d53e9002f61432d251c26c1847257c81fc8422db59f3085676cf0f
    Size: 13.27 MB
  2. cockpit-podman-46-1.module+el8+1723+347257cc.src.rpm
    MD5: e90d1a5fd16ac8ea13d6374d6a5f7787
    SHA-256: e13db31ab343ff6899e5c3dc71da48f2b6c763e0bf71134bb67795c3fb79dbec
    Size: 738.04 kB
  3. conmon-2.1.4-2.module+el8+1723+347257cc.src.rpm
    MD5: 015d88fc3f058d95b3c683913c1e795a
    SHA-256: 908c287e8db762797c560a2e26050b5b98e7364c8d5c8616fb072329659e7fd8
    Size: 171.22 kB
  4. containernetworking-plugins-1.1.1-6.module+el8+1723+347257cc.src.rpm
    MD5: 0bb378c9699e2d4f0563b0d83d93ed75
    SHA-256: 41b26baee2807cae846d4f7f7d571db01327553dfce2b3f32afea6b38f906ebb
    Size: 2.80 MB
  5. containers-common-1-38.module+el8+1723+347257cc.src.rpm
    MD5: c07ace4dc8ce79305e710a9bed851c99
    SHA-256: 99ae37056fb1ae75be3b236f5803b347656e90ed4d9e73004e56424355744c53
    Size: 42.42 MB
  6. container-selinux-2.205.0-3.module+el8+1723+347257cc.src.rpm
    MD5: 6c69650e7caeb38b506847d1d62abd54
    SHA-256: fcdc3fc062bde4db64bc9e018ca4f6eed96420821fed8962b7bad060be032107
    Size: 59.75 kB
  7. criu-3.15-3.module+el8+1723+347257cc.src.rpm
    MD5: 82bcbe310570418f8396681810b4b2d1
    SHA-256: b7648df30e364075f749798e3f9f1f2285bcea517c248404ced1741aba057c4d
    Size: 914.16 kB
  8. crun-1.8.7-1.module+el8+1723+347257cc.src.rpm
    MD5: 9f002ef2cd02a8b45ea13aa1c9399771
    SHA-256: ebcf754e2cabf938b0c6fcdc9865af4eeea7714e08277d3d943dd5bae600f05a
    Size: 1.66 MB
  9. fuse-overlayfs-1.9-2.module+el8+1723+347257cc.src.rpm
    MD5: 78bfb72ad3bcc6b1fa1b8d82a43abe7b
    SHA-256: 31ee28af4a4d21207ae43897043971e3a7d97d69524484bea5fe61fbaecef1ed
    Size: 115.66 kB
  10. libslirp-4.4.0-1.module+el8+1723+347257cc.src.rpm
    MD5: e40939af77a979d8f6f0e3405cfeb704
    SHA-256: 02f2b3d2e5dfdfa095dc903452f09159a50f751aba097a8044c72a9e9622b910
    Size: 114.78 kB
  11. oci-seccomp-bpf-hook-1.2.5-2.module+el8+1723+347257cc.src.rpm
    MD5: 572fe17b2a8d4874d68e42523304bc8b
    SHA-256: 5dbf4bbc3b723d489bdaade66328649595dee81feec09fff748509b2de9b4414
    Size: 1.20 MB
  12. podman-4.0.2-26.module+el8+1723+347257cc.ML.1.src.rpm
    MD5: ea680878580c1358b397b2379883886c
    SHA-256: 552e224587f9c30b48f781ee55d1960e06aab3e3088fa58fc8759cbcf335d522
    Size: 17.14 MB
  13. python-podman-4.0.0-2.module+el8+1723+347257cc.src.rpm
    MD5: d5f20f9331f34cbe9b083e937331f835
    SHA-256: 6150778097947a7b2466e1ad93096b48701cbc8116deffe52ba989c8a518206a
    Size: 79.45 kB
  14. runc-1.1.12-1.module+el8+1723+347257cc.src.rpm
    MD5: a0ab28d65f2108971b257b99f2f76bf8
    SHA-256: 40af15bdb655173bcf9c838f823266b368828dcd22664cc706910714fc32d12e
    Size: 2.38 MB
  15. skopeo-1.6.2-9.module+el8+1723+347257cc.ML.1.src.rpm
    MD5: e1fd4b002b2be65fa82ec08159ddb218
    SHA-256: be1d7998042c453d6cdef4c4dd784c82f6bf89d7b585a43fbcad7e19b51ffd7c
    Size: 6.19 MB
  16. slirp4netns-1.1.8-3.module+el8+1723+347257cc.src.rpm
    MD5: 26f14d772be818b5089b34386076d92f
    SHA-256: 3bd51d43b07fdd4013299b82f67739206a51c7a520d9627f96636ef36c32e8fc
    Size: 69.55 kB
  17. toolbox-0.0.99.4-5.module+el8+1723+347257cc.src.rpm
    MD5: 424d5930fad949540e6422d2baccbb19
    SHA-256: 2139bbcc732bb72f2934a5fb1f85de777bb7c53e1431b7575f195c211ad6c65a
    Size: 2.25 MB
  18. udica-0.2.6-4.module+el8+1723+347257cc.src.rpm
    MD5: e8f27a4908164a7129762588d9a6c5d0
    SHA-256: b6d4cf7c20fc0495f7f789f510b533c4b83b67b26c6e821668fadb6ba43e74ab
    Size: 134.00 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.0.1-38.module+el8+1723+347257cc.x86_64.rpm
    MD5: abcd0a541b44f79d39e197f5355be150
    SHA-256: 52177a51727cb3c812d2dfbfde9395f333b653f3104336c20c8042a375fbe70e
    Size: 1.01 MB
  2. buildah-1.24.6-7.module+el8+1723+347257cc.x86_64.rpm
    MD5: e936e8f8c002f282ab52360261dd25b7
    SHA-256: 8b1f171df42e44bf8d8b3a3023b6cd9c3028037eae3d6c19820bcad4fb2930b5
    Size: 8.00 MB
  3. buildah-debugsource-1.24.6-7.module+el8+1723+347257cc.x86_64.rpm
    MD5: a474a1d3948b5b744d773ee29cdeec01
    SHA-256: 8393f2e9d5f93b5e2ba71ee17fdffff979b75120b2a60beba8d4854d12f0012f
    Size: 3.29 MB
  4. buildah-tests-1.24.6-7.module+el8+1723+347257cc.x86_64.rpm
    MD5: 5c3cfc42e36ee8b0405e9556072ff1a0
    SHA-256: 2bae9e52fc8c78366d5eb15c99b7ff7038cdedada1e8b042916efd194cd0f0c0
    Size: 18.06 MB
  5. cockpit-podman-46-1.module+el8+1723+347257cc.noarch.rpm
    MD5: 83e179ba01301c908535910d12291a43
    SHA-256: f5dda3cdb39565b0408814d0cb20b0f1600a9f319faf77dd22e2a7f511f01559
    Size: 499.61 kB
  6. conmon-2.1.4-2.module+el8+1723+347257cc.x86_64.rpm
    MD5: 017ae3ced3de66f8a7d440e21fa48134
    SHA-256: 85152077b478198ca060f24cb45ceda3d6731d366788843c7a13f049ef4284e9
    Size: 55.13 kB
  7. conmon-debugsource-2.1.4-2.module+el8+1723+347257cc.x86_64.rpm
    MD5: ab42fb9c40b46f70469ad0f8ae125176
    SHA-256: 01b4855c2fdc76899913acf539c0dee34e252e10fbe5c4a15dfa6d17d6e78aab
    Size: 48.45 kB
  8. containernetworking-plugins-1.1.1-6.module+el8+1723+347257cc.x86_64.rpm
    MD5: 5c7f59518168804c81f8c99610e18eaa
    SHA-256: a2cfacf2d7348c54e8dea730ede3b3bca5d6194aa1a0e89d651c5cc94fbec2c2
    Size: 19.08 MB
  9. containernetworking-plugins-debugsource-1.1.1-6.module+el8+1723+347257cc.x86_64.rpm
    MD5: 07d6c3d6f49d2648c8e8e9a031c2d60c
    SHA-256: fb2f00d717a37823b05fb69d8a80ee829542e1dd4e77f0b07520133066deb723
    Size: 376.24 kB
  10. containers-common-1-38.module+el8+1723+347257cc.x86_64.rpm
    MD5: a2322846570eb5abe6f5f102ae79ef0e
    SHA-256: 0e08299d1190d4aa554eeb803450d22e087a1615e43b13ad397fc3b869ea809f
    Size: 105.56 kB
  11. container-selinux-2.205.0-3.module+el8+1723+347257cc.noarch.rpm
    MD5: 81e34a88cd40150d3add84818cb59f22
    SHA-256: e84a2b9e1bb373cb8369def3aa04f49b23ea493d3ed5f1e493dc7bfb6898c16a
    Size: 62.17 kB
  12. crit-3.15-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: cc196ccb105e40c17c38654768065217
    SHA-256: 471d3536ae831af9860cf8bd2bcc30d228ace93d0bc6479669523c209070c346
    Size: 18.60 kB
  13. criu-3.15-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: a688f0899292e387a76d1a1cfba1d9e2
    SHA-256: 283d74249f54893b496f2c6f8ba28b72fad7672809f53beae1f212cd830e65c3
    Size: 517.04 kB
  14. criu-debugsource-3.15-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: 9893dcf21c937b00719a119d6d74733b
    SHA-256: 3aa25a99b023bba71bab505e2c197e98c294f1cd04434bae1c9a8ba89d2eedd4
    Size: 675.26 kB
  15. criu-devel-3.15-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: 7765bd22ea36b3ec6805bd930afd033d
    SHA-256: 4903a887a41a4bd8260cd669c18a7ac7a1c4cfd50057583f1e2cb19483c5d502
    Size: 23.81 kB
  16. criu-libs-3.15-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: c8e4de315072ece504249d76fb5207b9
    SHA-256: e4d15099cdbf44efd808126eefa2079cd3216e06d71239ef9f0e6a591336d134
    Size: 36.65 kB
  17. crun-1.8.7-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: 6939bf59ec7c60ac17ff482f9b939e00
    SHA-256: 214aaf08cd2fb6426eeae4ff3a25b98350b14fb8b2f06ea49e6d62b148fbe1e1
    Size: 236.95 kB
  18. crun-debugsource-1.8.7-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: c0cb42824dcc7d6c4fc486cafc49aa4e
    SHA-256: 3fe612d5e15976c3948888a51ffeac8241f958e65541132ec715934c8faba9b8
    Size: 182.78 kB
  19. fuse-overlayfs-1.9-2.module+el8+1723+347257cc.x86_64.rpm
    MD5: f897d0ed74f9d5c5d876daf8412d0e72
    SHA-256: c686fe884fe2a65ea5cdc65700759e939697b484aef0dc452b1b0995ae5ab08d
    Size: 72.27 kB
  20. fuse-overlayfs-debugsource-1.9-2.module+el8+1723+347257cc.x86_64.rpm
    MD5: 29065a713a9de1bfd88cb8235d97a8ab
    SHA-256: 081501f905697a03b8ba34a597e4f6f911c683c3a5c08d271398cd3c42ee3914
    Size: 54.22 kB
  21. libslirp-4.4.0-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: c6a299d2c4eed33dc3e2c8f72c923fcf
    SHA-256: bae9b107510359d1a1adc1515a22a29dbddcfbd67e72f7a92d7c682a9fcab2d2
    Size: 69.16 kB
  22. libslirp-debugsource-4.4.0-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: b2cee3ab6c9ca664784f10cef2cafce3
    SHA-256: 7bcdf30936c028eee396f05c1be468afd2667d5a59e4c40105f26022a51300d1
    Size: 114.43 kB
  23. libslirp-devel-4.4.0-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: b63596041a1b57dc7791676fca4195d9
    SHA-256: ed4f66cd3f364122a11e7ceea2a2f29c9c055408f0f10ea4b949172c3735c9ef
    Size: 11.29 kB
  24. netavark-1.0.1-38.module+el8+1723+347257cc.x86_64.rpm
    MD5: b9a9ea521c0e5aa1587a45ed378c9d18
    SHA-256: 7bb9a49837f7fb8d5133a6d3db4192e9f6009b7c2d62b4736c9b1dc7471b52a8
    Size: 2.06 MB
  25. oci-seccomp-bpf-hook-1.2.5-2.module+el8+1723+347257cc.x86_64.rpm
    MD5: 7ee93884c1c596191ee722d358d3318f
    SHA-256: 49f40fcd54901416a5d7315e665eea4481c6c8aa2f0de76bd951aaee12f02c6b
    Size: 1.06 MB
  26. oci-seccomp-bpf-hook-debugsource-1.2.5-2.module+el8+1723+347257cc.x86_64.rpm
    MD5: 1c653a0305adc7224b1f0efefa82f1dc
    SHA-256: b6b2f441996dabd9e4cd020ff51f14695492113ec1e8bca342ce14009fee4bda
    Size: 174.59 kB
  27. podman-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: d0607323c52cb327fb38ac9ede1d6bd4
    SHA-256: 9d50909d722435d89a1af30f05305fec868e636dd355d2c8d8bfcc1b82cdea9a
    Size: 13.10 MB
  28. podman-catatonit-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 3bab683b3691f30fc324d9ada7f97a4f
    SHA-256: 92ddccbbfaa4e39992311a962026ce52e5368ac4cf3747923675a409c18aae9d
    Size: 355.36 kB
  29. podman-debugsource-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 9af912bfa1abf41d93ff42aeeca6c5c1
    SHA-256: 76044712b76f1e3f7f07718917f36c98e465d85d320f52ed6a7d299ea44a4e85
    Size: 6.07 MB
  30. podman-docker-4.0.2-26.module+el8+1723+347257cc.ML.1.noarch.rpm
    MD5: 0292b809cd7caf5a03eed76fa9847573
    SHA-256: 20101ae268f1e7f660e23bfaea4d1c2b2b389a8ec8855c149a6bd3e09b455555
    Size: 69.08 kB
  31. podman-gvproxy-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 28dbb6bcc73126892e20e596d3fcfb4e
    SHA-256: 6497a537c28d6da9470d52a633f094f126021b751b2d35a8730a781b04f81f66
    Size: 3.73 MB
  32. podman-plugins-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: b84ea589d85bdb55f6d77f9ef7287b0b
    SHA-256: 2e8f9063716a0d92bf80259ae66e2b5b44b64b4cdc56d95023335e34922b55bc
    Size: 3.28 MB
  33. podman-remote-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 4648a08941052d248ae3343fe2dedf3f
    SHA-256: accbc6738b79bbf088f598566f1a781f6642cbeae630f6828237dfe1618e343d
    Size: 8.10 MB
  34. podman-tests-4.0.2-26.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 0a45fbd519f234e9255511bfc7cb99e7
    SHA-256: 1aad7cf344d8d3ba67ee257cb65ece6e55727fa807b20c3ef6f7cc0549b0aa34
    Size: 176.51 kB
  35. python3-criu-3.15-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: a61baf717bf12a5fea792987c78275da
    SHA-256: 66e24221605fe07e8a6650d2fbef6790f323983507bdbbc4d79fc9ef17d932db
    Size: 168.79 kB
  36. python3-podman-4.0.0-2.module+el8+1723+347257cc.noarch.rpm
    MD5: a687fe2fabfb3c981570bd568608880b
    SHA-256: 43af2cf95caf68281bc8f8cd504ab1ab9bd35b09310bcc683d76ca1a744f379e
    Size: 148.11 kB
  37. runc-1.1.12-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: 9f8f937cde7e2992e3f109c4c9c722af
    SHA-256: 9af4f3e94fbafdf5af9a2b67d77f291a2fc7974cf2a0c14f2be8f5427a01c485
    Size: 3.08 MB
  38. runc-debugsource-1.1.12-1.module+el8+1723+347257cc.x86_64.rpm
    MD5: 9a47156b21b7adcd937bba72001ab26f
    SHA-256: c409e1b3d4f14eed6d60bc7ee4f713a80509a52b5646299d402e2637c23584a6
    Size: 892.20 kB
  39. skopeo-1.6.2-9.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 0bb398b96e29a8032bad53defe69ffbe
    SHA-256: 401ae6938c9dc8062980c9eaa70995347f3525380d9120240646671ab30b0b68
    Size: 6.64 MB
  40. skopeo-debugsource-1.6.2-9.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: da30abe6c65824686d0a69c1d84421d8
    SHA-256: f0368eb6c2f3ad22f9a551da6b3462743a9998393418301041e2fd43d012a832
    Size: 2.49 MB
  41. skopeo-tests-1.6.2-9.module+el8+1723+347257cc.ML.1.x86_64.rpm
    MD5: 8cd994f384c8e87310776dcaedd027ef
    SHA-256: 6d47ede1002c3e3776659eaeaf2af2554ee68fccd101804df83b2ce4d59f1d50
    Size: 780.28 kB
  42. slirp4netns-1.1.8-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: da84c15178c9695bcadf4216f18411e7
    SHA-256: d83ce391dab401d717718c1647c1c71181a7f856c03f88c2c1d29dad87436d8a
    Size: 50.31 kB
  43. slirp4netns-debugsource-1.1.8-3.module+el8+1723+347257cc.x86_64.rpm
    MD5: 7138253fb9ced785d3133bf795ae06f5
    SHA-256: 6b5607d75b45baa5d8f18739fa77cfd4407d79bef801933ad8c4a17cf391fc68
    Size: 38.88 kB
  44. toolbox-0.0.99.4-5.module+el8+1723+347257cc.x86_64.rpm
    MD5: 9cbe60f1ab5997197026ae5ed116ccdb
    SHA-256: 21b81a13def14b50e601304ddd51fdbf5deac9ee13a5895a9ef2f14fc70a8512
    Size: 2.53 MB
  45. toolbox-debugsource-0.0.99.4-5.module+el8+1723+347257cc.x86_64.rpm
    MD5: cb12228683007d4bec11474d78b9a7be
    SHA-256: f6ba73b6c12aa2befd6ae9b7149ab2a391ebe40152434cd668bd31c5d27e0ea7
    Size: 559.42 kB
  46. toolbox-tests-0.0.99.4-5.module+el8+1723+347257cc.x86_64.rpm
    MD5: d41279d4aa430c9bf6b973659f36d8ca
    SHA-256: 769b6b9e2178183f68fdcc7801b4e5203399a25274e225ac4b1eeab8e0edb05b
    Size: 37.48 kB
  47. udica-0.2.6-4.module+el8+1723+347257cc.noarch.rpm
    MD5: 4dadc305fcecc6a5119b5e313f75e2c2
    SHA-256: 3d97f9a6f7d9a339ca85c9cd75650315b78abf0579802ec60268f8267d35dc26
    Size: 48.04 kB