container-tools:4.0 security update

エラータID: AXSA:2024-7735:01

リリース日: 
2024/05/09 Thursday - 11:00
題名: 
container-tools:4.0 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Buildah には、コンテナ内部からホストマシン上の任意
のディレクトリをマウントできてしまう問題があるため、
ローカルの攻撃者により、細工された Containerfile を
介して、ホストマシン上のファイルの不正な操作を可能
とする脆弱性が存在します。(CVE-2024-1753)

Modularity name: container-tools
Stream name: 4.0

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-1753
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. buildah-1.24.7-1.module+el8+1747+514b8dab.ML.1.src.rpm
    MD5: 5bbf2a0cb104c09605aa4f6a170a2c2d
    SHA-256: af0dbffaaf6f0e52a21ca766cf0b60bcab328a14bc7478eb2cc76167bc1ee9b6
    Size: 13.29 MB
  2. cockpit-podman-46-1.module+el8+1747+514b8dab.src.rpm
    MD5: 010844a55066feefa8ecd288cd868adf
    SHA-256: 740cb8baf899648bba96401c34a61b9dde577009c2bb65966bc5a2889bfd4c14
    Size: 738.04 kB
  3. conmon-2.1.4-2.module+el8+1747+514b8dab.src.rpm
    MD5: 4281f9d3436da0f5736119ff80a1b351
    SHA-256: d700ad07b30514ac5aaf9cdf70bcd2044f53d0ae23752eae7634e6287adf6cfa
    Size: 171.22 kB
  4. containernetworking-plugins-1.1.1-6.module+el8+1747+514b8dab.src.rpm
    MD5: b3f8a7cf36d7d830b0351f3c68d196f7
    SHA-256: 4cf33e120b029b66b584db6ccc7a0ec4ba30315b4bb6287473654408ed5c5a23
    Size: 2.80 MB
  5. containers-common-1-38.module+el8+1747+514b8dab.src.rpm
    MD5: e81b30afe310a52d756aef51a4138068
    SHA-256: cc890f1380405845656a7224736aa1027bf985235a781ac6d5e9ba8591baabdf
    Size: 42.42 MB
  6. container-selinux-2.205.0-3.module+el8+1747+514b8dab.src.rpm
    MD5: 2c99f8c5f9dbe5d6ac23eb2b82e7fa0e
    SHA-256: 8c6ba90e261f4620b68c67d3aa461c24d204f737a8771c9c627f4281fa51ff87
    Size: 59.75 kB
  7. criu-3.15-3.module+el8+1747+514b8dab.src.rpm
    MD5: 39edfb96f54a7657a599f7424dfe9d0d
    SHA-256: bf68a8c2f59ae30f477c9040e84ea874487fd319d8c332b8c34da7fd664c3d33
    Size: 914.16 kB
  8. crun-1.8.7-1.module+el8+1747+514b8dab.src.rpm
    MD5: 329ece863abd1dc940298849b0f2f632
    SHA-256: d7b295423558d57c46c7ba16cd0119e326b5720a240da76cdcbca5a0621342e2
    Size: 1.66 MB
  9. fuse-overlayfs-1.9-2.module+el8+1747+514b8dab.src.rpm
    MD5: 0af7c0c5f47f23bb6d4378be790736f5
    SHA-256: 15f968a7d85020747a198571fdb7199c0aff552cc8ccb85d5e797b8731bf4f34
    Size: 115.66 kB
  10. libslirp-4.4.0-1.module+el8+1747+514b8dab.src.rpm
    MD5: 240aeaafbc57735b8774a9b177785c4b
    SHA-256: 1561b1e47f4657a3585e8cfc3b595688512f31393fc9ab58e96548b3176bec58
    Size: 114.78 kB
  11. oci-seccomp-bpf-hook-1.2.5-2.module+el8+1747+514b8dab.src.rpm
    MD5: 6f7edec2294281c70113916e1b10324d
    SHA-256: 2bcc1807bb765f94c818308e0e0ae60b9699015e82800c7de8f3cb3d62a0e7ce
    Size: 1.20 MB
  12. podman-4.0.2-26.module+el8+1747+514b8dab.ML.1.src.rpm
    MD5: 72f24b70e78ef56d3dc7a8d0642595b8
    SHA-256: 28844548d5cc8fea05ede5c2d9624369f2d8b780bc693d7c91ade7ffe179d517
    Size: 17.14 MB
  13. python-podman-4.0.0-2.module+el8+1747+514b8dab.src.rpm
    MD5: 1c96cca077a4c0dfbfd95862ca91c105
    SHA-256: 31ac7cf02bc752196300fe435b2c6a394663c1147f4ab3ef04b56f279ac30b3f
    Size: 79.45 kB
  14. runc-1.1.12-1.module+el8+1747+514b8dab.src.rpm
    MD5: 970dbd95b0cd4d8af70e49cc8a03b785
    SHA-256: 5136a9823876770b54a165587d4ec54ff46add6a3dead83d1e9e23b0cc46630b
    Size: 2.38 MB
  15. skopeo-1.6.2-9.module+el8+1747+514b8dab.ML.1.src.rpm
    MD5: 824ed40229a1d5b6935dd70a3d8dc1d0
    SHA-256: 6044bd95e3e8538ff7a136aa2ce22cf5af1635cc751b2dcbdd19a1cc7351be33
    Size: 6.19 MB
  16. slirp4netns-1.1.8-3.module+el8+1747+514b8dab.src.rpm
    MD5: f6028ed1caa8b76c5bb72fbf0ce31953
    SHA-256: 942b6823875681faa86550f8415763ea2b1116d7600199a58a8f6413707d88b8
    Size: 69.55 kB
  17. toolbox-0.0.99.4-5.module+el8+1747+514b8dab.src.rpm
    MD5: f78563473f7653b7bf12a40cc0480e60
    SHA-256: b28bdf5f645546a6809658de0d25fc0fb0296d3377c58136e909ec6de858953e
    Size: 2.25 MB
  18. udica-0.2.6-4.module+el8+1747+514b8dab.src.rpm
    MD5: be04740808e7ddc6f71c01aa86399684
    SHA-256: ccbb75b8cf6561f5af37afa43faf517145e646eb7f28186f51ac6c4417cab20f
    Size: 134.00 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.0.1-38.module+el8+1747+514b8dab.x86_64.rpm
    MD5: f5d4562a4a955d81200c9fcdfaeb2671
    SHA-256: 8a816b01d3b0d50bde471ea85ff0aae7aa87bcaaa03c95cbbc5b3df135dd2ea4
    Size: 1.01 MB
  2. buildah-1.24.7-1.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 182e5ff7a07daf1de3d363508e4a0ad4
    SHA-256: ae67a5047c5a14f80c9d628ce209223c22c769949a1dcd7d7726c0bfd3a83013
    Size: 8.00 MB
  3. buildah-debugsource-1.24.7-1.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 45435d24f5594135bbdeee7bc7898235
    SHA-256: c9e8b7fadbf5e0a0088c1c03b89eea53609d9b4f2410a8835d9ecd382e1690a8
    Size: 3.31 MB
  4. buildah-tests-1.24.7-1.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 03ae0d44b137010594196f826a5f60af
    SHA-256: d840a7ae8a5b5a4d6eeb8f00b94ed3e69864fd4e28269789546c1b976d74e220
    Size: 18.06 MB
  5. cockpit-podman-46-1.module+el8+1747+514b8dab.noarch.rpm
    MD5: 56428d32840dc87fd3f0d998bcabc25d
    SHA-256: 4bf0e043dc9845c643704273a613902cbdaeb7587ee2c5892f558b7da857f296
    Size: 499.61 kB
  6. conmon-2.1.4-2.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 46123e133cf734ac463feb8520ed2e04
    SHA-256: 483df5b7122a2928ae2a02fff71c74839b1ee4fb52727d062a7f31f85ecc06fa
    Size: 55.13 kB
  7. conmon-debugsource-2.1.4-2.module+el8+1747+514b8dab.x86_64.rpm
    MD5: e61722a1998210389bc86046e39b30b1
    SHA-256: ab8bc7203f757ea24ebc6b3701cd603e468d251c2d809ec812e22dfdb24b5c3f
    Size: 48.45 kB
  8. containernetworking-plugins-1.1.1-6.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 27ed390b6fa478d5f8a77c9d5bba8428
    SHA-256: d49407eb4bf8a563ca2efda064359543732d4745c3747115315a3b3914294e03
    Size: 19.08 MB
  9. containernetworking-plugins-debugsource-1.1.1-6.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 62e1719cf5d7c820d3a53893a42660ec
    SHA-256: f0e854316aa38dc6443bde91c66084e2a031b39f1587198de619560f1e44df1e
    Size: 376.25 kB
  10. containers-common-1-38.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 21e5a0283a2d2795f417183df9a9355a
    SHA-256: f95f7ff74c5020af51e91f6fd3136dbb4de8dff287ff9d783760c44583ef64e4
    Size: 105.56 kB
  11. container-selinux-2.205.0-3.module+el8+1747+514b8dab.noarch.rpm
    MD5: 0a6efcec13f5f5e237f4185a552998d0
    SHA-256: 7afa40e2d00621a640aacefa1d9a08533ead53a38f534648dbcc92d3320a4f98
    Size: 62.17 kB
  12. crit-3.15-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 06945e5a16efe8c6e1f3a2017e6a1ed8
    SHA-256: 97639732bd6cf3f474ed45ddcdb4797b9c06930d991d70bb05e55fa66de50dc0
    Size: 18.59 kB
  13. criu-3.15-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: a1dabf8cfb7dde4cd1f50d2265f1e209
    SHA-256: c05ad4e2b3782b1cfe1d2dd30ef5728209b5838746e86c3de528cb097810039f
    Size: 517.01 kB
  14. criu-debugsource-3.15-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 052037beb71896c8a001ca14cc47056e
    SHA-256: 16f95b36ff6a16d9319c6c5fd64f227b77c63c591fefdca5134f60b16144cedd
    Size: 675.30 kB
  15. criu-devel-3.15-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 8d445adc38ccd32218bfb59ea55b7668
    SHA-256: 1aeacb5efb1fc50042ac90e12a18fb94b81cd997c6974dd294286bfc2c6bf4ec
    Size: 23.81 kB
  16. criu-libs-3.15-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: f91cb1c666c36bf41d3444236af5d2c9
    SHA-256: d54256fbaf43b06b8c1e75b5dd7dd46fa0db210d74e61694772cc36bb02c713f
    Size: 36.65 kB
  17. crun-1.8.7-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: c499c944dc82e485ae9f9dc22bed9f39
    SHA-256: c616c5527b6067a25a3045983efb9930ec51c3976b0dce97c376a248f005da24
    Size: 236.93 kB
  18. crun-debugsource-1.8.7-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: b747bdba453bade928498e7ce01df9e4
    SHA-256: 8a3ad02efd4c13324ff57e88ac088ffde4c781a5ccff214bbc1a76b6db3f1584
    Size: 182.78 kB
  19. fuse-overlayfs-1.9-2.module+el8+1747+514b8dab.x86_64.rpm
    MD5: b53eedd3d59fe7db9b04681b214de0e5
    SHA-256: 103660d78cb05b940462d4e465b64d6bd46a6c13c0e3198318b3b37ad425ccc8
    Size: 72.27 kB
  20. fuse-overlayfs-debugsource-1.9-2.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 71904277f3e7f11a416afdf70cacde05
    SHA-256: de0121febe7bc9d75fbf1a6f87559d963a17b5ab993750c301b0ee6d7d9c4590
    Size: 54.22 kB
  21. libslirp-4.4.0-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: f83b3db9640a7ff3c0fa946e864d375a
    SHA-256: c6c15fb05a59b3bfd808a651d3911bb02b74fcff59f128115be5e02b48b77a94
    Size: 69.16 kB
  22. libslirp-debugsource-4.4.0-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 325bdebd4ca77a47e4eba372038798cd
    SHA-256: 411dd021c6bb35b5eb7997eafd666286a5ade20dfea0f5d21ef1ab7ce0541749
    Size: 114.43 kB
  23. libslirp-devel-4.4.0-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 7ee8f5ff6f5f9a6666a4abe77acc4b0c
    SHA-256: 1fa6788388f7da5db6c0baa47ecb2ccfc67e86c67523a03c9aa30bb5bc4774bc
    Size: 11.29 kB
  24. netavark-1.0.1-38.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 8c43d65a6844b56da487e2c3c56c7b99
    SHA-256: 0acde5891cae55b311d67bad50a65d11c068d6a9a0720a3f43044bba9c1244fe
    Size: 2.06 MB
  25. oci-seccomp-bpf-hook-1.2.5-2.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 5232a079e4f56d38698f4bd0bd557137
    SHA-256: 16a2f2cc554efee30812801d4a016aca13c1011384481c42e44e5a3ce52e02e0
    Size: 1.06 MB
  26. oci-seccomp-bpf-hook-debugsource-1.2.5-2.module+el8+1747+514b8dab.x86_64.rpm
    MD5: c724c1663195a6013f4b4c7faa5e2f04
    SHA-256: 126caa3c60bfe67f4ad3fb336a26bf7054fa086451f5575b26a9b25e7924ddaa
    Size: 174.59 kB
  27. podman-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: f3d158b8ea5303f72d07eb96e062e061
    SHA-256: 340aa668284ababc84675c930c34fd1beb5f7e6b9159bfbb541f8cf514f4aa97
    Size: 13.10 MB
  28. podman-catatonit-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 95ce098ffb94fa2543c40e3d395be059
    SHA-256: 220b4efbe02ccd523ab5f22b2ec82f9065c21718bd3be643a04b9444d55baabc
    Size: 355.39 kB
  29. podman-debugsource-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 9cd39fd487faeb626be17b1a01214608
    SHA-256: e8dbafd50f97a248d454c6db65613423c44d5ae96166097a7f3058bd40f7dd9d
    Size: 6.07 MB
  30. podman-docker-4.0.2-26.module+el8+1747+514b8dab.ML.1.noarch.rpm
    MD5: 86d57bb44e3ff9290f4ddbdb0a1220a5
    SHA-256: 0a61292c10781a47860d975297ccb6461fee687aef79aba723376103a48bed91
    Size: 69.08 kB
  31. podman-gvproxy-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 73dc11c2ebd417903f2acb6c2d6fc09c
    SHA-256: d41890a3b7d7d0c065ba4f253483aae793f6cd399c76d6a6407949b052fc2ee3
    Size: 3.74 MB
  32. podman-plugins-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 67f503e5918570b3090486565a390d60
    SHA-256: cfd35cecac2d67cb91ec9c43260ff8957f3a3b978c6e6b38b0a0b2c3d73b8fcb
    Size: 3.28 MB
  33. podman-remote-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 2bc5573a5e91b0335335aa1062b84ec9
    SHA-256: 578322ab4e004d2afa0b7dc88717db0930e83cb333826a6e58fc8b55aa3306a2
    Size: 8.10 MB
  34. podman-tests-4.0.2-26.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: d0566aaddddc22b5d2c7512f2a7b6846
    SHA-256: 4d2800fe4e34710ca061ead35f4e344f141611d3e7d3ad76ceffaea69009739f
    Size: 176.51 kB
  35. python3-criu-3.15-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 4a33f60e064493e33ab07220f36a7630
    SHA-256: df995f2cd2b25dc31baa0f315bed598e20d04c709c4f57f81489b2ebcc6cb3e2
    Size: 168.78 kB
  36. python3-podman-4.0.0-2.module+el8+1747+514b8dab.noarch.rpm
    MD5: 74dcbe8b5331ab30ec1532c1df3e7028
    SHA-256: cb8ed943957f0bb8493fe85e7dde587ef322acb1a8e8b1180ed0f14a82cc95bf
    Size: 148.11 kB
  37. runc-1.1.12-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: afceba30f218f36e42d511d06af6088c
    SHA-256: 40f3a55e15fdcb46c857b9d698ef7d5bf9eede8026937dfe3745d741e03d4de8
    Size: 3.09 MB
  38. runc-debugsource-1.1.12-1.module+el8+1747+514b8dab.x86_64.rpm
    MD5: df928a3c5cf9a0f3d2613a5efc9e5413
    SHA-256: dd187879ddcd76f9dd501e02cbccc16d0c90f0065473320d63f3fe91b8a556c5
    Size: 893.43 kB
  39. skopeo-1.6.2-9.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 195c7f955ac163b659099eec0b685578
    SHA-256: f726e61b9b4ab011cf668bafc73c6d381c919ba90402c5299f2e841f9feee839
    Size: 6.65 MB
  40. skopeo-debugsource-1.6.2-9.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: e2b93750d248973ec41f3e3a2674f81f
    SHA-256: 78b407f179b4ee9de0dd8b5f6735a0a6d6b84b5b2642057c7eb18ce70300de45
    Size: 2.49 MB
  41. skopeo-tests-1.6.2-9.module+el8+1747+514b8dab.ML.1.x86_64.rpm
    MD5: 81ab043ae7931fdc9ff4562bb0cf6718
    SHA-256: 67d2ae2736ee8f169e4ac5ea354ecbce4f4754171e1bd71305b422c7ec0ceafb
    Size: 780.29 kB
  42. slirp4netns-1.1.8-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: c575b79daa675b56391a3c450d372c8e
    SHA-256: f217a67c2e0550dd0cc406d9634617cf946d4fefbf9c909304b9c6113ef8c8d8
    Size: 50.30 kB
  43. slirp4netns-debugsource-1.1.8-3.module+el8+1747+514b8dab.x86_64.rpm
    MD5: ac7c817e986e6c6e49ba621ccfeab347
    SHA-256: 8dc762666af1d23437dd5309540cb52456dbc6cbf3287a63e74a3b2ac078e774
    Size: 38.88 kB
  44. toolbox-0.0.99.4-5.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 11cadf299181ef1e2b7479bd66b2bd1d
    SHA-256: 38a1a90bb0166d067d5b9856f62c07c7cf822163e2e6a172510dfc5470d651e4
    Size: 2.53 MB
  45. toolbox-debugsource-0.0.99.4-5.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 6d85e9b712aacbd35c80391a06ab2c5a
    SHA-256: 009adf4bf920fc884ada4820beff6fcb05828d3c4188ab88d95320b229355538
    Size: 559.43 kB
  46. toolbox-tests-0.0.99.4-5.module+el8+1747+514b8dab.x86_64.rpm
    MD5: 857164bf193786aa77c6bc927e196907
    SHA-256: fd270b9d15441df039f6bc9cd15169e52346bf212484f635104aa6e9ee74b892
    Size: 37.48 kB
  47. udica-0.2.6-4.module+el8+1747+514b8dab.noarch.rpm
    MD5: 8de4e5a1024fcd4899290bdc05d55a55
    SHA-256: f09166a18f1b33983494a94c3e0f1b5e0b79fa211e347d73a1f79ce887a3f97c
    Size: 48.03 kB