container-tools:rhel8 security and bug fix update
エラータID: AXSA:2024-7737:01
リリース日:
2024/05/09 Thursday - 13:29
題名:
container-tools:rhel8 security and bug fix update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Buildah には、コンテナ内部からホストマシン上の任意
のディレクトリをマウントできてしまう問題があるため、
ローカルの攻撃者により、細工された Containerfile を
介して、ホストマシン上のファイルの不正な操作を可能
とする脆弱性が存在します。(CVE-2024-1753)
Modularity name: container-tools
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-1753
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
追加情報:
N/A
ダウンロード:
SRPMS
- aardvark-dns-1.7.0-1.module+el8+1748+314d55dd.src.rpm
MD5: 668fd157ff077cfa85fcb40b6a05cf7d
SHA-256: 6fa16faea6fde670a8fd7ca41290247461d5a822183c52acf49427005228ad04
Size: 7.56 MB - buildah-1.31.5-1.module+el8+1748+314d55dd.src.rpm
MD5: 1c83b25ec4813232d7f6ec1ba76de9e0
SHA-256: 0eaca82e909bfd15ab37b97eb3bed0eff747e050cae7516788657125adb10790
Size: 14.87 MB - cockpit-podman-75-1.module+el8+1748+314d55dd.src.rpm
MD5: 994e60826530c5927e9ecc7b4a9763d4
SHA-256: 18fbecd5bf27afc098007fe40e9e803136446e7afdfdccc2f2a0916a913954eb
Size: 1.30 MB - conmon-2.1.8-1.module+el8+1748+314d55dd.src.rpm
MD5: 9a6f2de4ddcefe08dab1160856a8e8e0
SHA-256: 051e35efd8bd9644825f927bdbbd7037148dcf4a8550076c9aba19a8983e9fe2
Size: 132.94 kB - containernetworking-plugins-1.3.0-8.module+el8+1748+314d55dd.src.rpm
MD5: bee47daa0fb7d0fd77081c3bf62a4bfc
SHA-256: d906f4cd7752ea07ac24ab7ebfe2ecac5aac2226d26d14a63cc9442e66cad608
Size: 3.36 MB - containers-common-1-71.module+el8+1748+314d55dd.src.rpm
MD5: 2865ee20afd37e1fec238bda0132b71e
SHA-256: b959a9d00ea15f2ee1f873ba1276bfbf3f65c222e951abd286674308439212cf
Size: 132.24 kB - container-selinux-2.229.0-1.module+el8+1748+314d55dd.src.rpm
MD5: e55eab40c24d300bb93d865394c9303d
SHA-256: 3227009bf072e848f5ecaa5bf255d9be133087c27c2619b1efbc240706fa7f1f
Size: 64.13 kB - criu-3.18-4.module+el8+1748+314d55dd.src.rpm
MD5: 406979f95aa8871cef5af3c2506f7c13
SHA-256: 46de6b83aecc75fba6fc002d536d2ba059629898f0e120d4d38d2b709c20cefe
Size: 1.32 MB - crun-1.8.7-1.module+el8+1748+314d55dd.src.rpm
MD5: 0170031467104843f97d42c501c7d75b
SHA-256: 41d38ddc6b791e9ad4142aab3bbd7d191312cfaf92b0bb7d2bd30b1397238ff1
Size: 1.66 MB - fuse-overlayfs-1.12-1.module+el8+1748+314d55dd.src.rpm
MD5: d9865b0ca629a2b152e2de93573e7a6b
SHA-256: 3e7c4fdf7b87bde2fbf58d3328d8223a9d5c3b86c1afb270ba80c5de0bb4a380
Size: 112.01 kB - libslirp-4.4.0-1.module+el8+1748+314d55dd.src.rpm
MD5: f0bee267de345779558c2e08688e7a74
SHA-256: 747a5ece5dcd6a456d0d27e04418fb9f74be8883d0ce4f7ddffa1c98b9e48550
Size: 114.78 kB - netavark-1.7.0-2.module+el8+1748+314d55dd.src.rpm
MD5: aa7d0e5275c64dce1bdeec515f750358
SHA-256: 3d66d6e08da41b31065a62ab8cced3c4481271927973f71f784cadcee60b30ba
Size: 12.25 MB - oci-seccomp-bpf-hook-1.2.9-1.module+el8+1748+314d55dd.src.rpm
MD5: 02d23b27fc768d252b6f831305a47359
SHA-256: 842d73c37e96754c0774c534ffc4cb4acb0860e33348a9229001a658321e8fcb
Size: 1.45 MB - podman-4.6.1-9.module+el8+1748+314d55dd.src.rpm
MD5: d8c72007e88f7bc45580b731dacae64a
SHA-256: 8a133bb76d2927787260f2f2b61bd689071506d6982569be23056ae21135d4ea
Size: 28.49 MB - python-podman-4.6.0-2.module+el8+1748+314d55dd.src.rpm
MD5: b43547ec2b58f592c9f93a8eac1aaea1
SHA-256: 96cf684795a6ead9452d8529770aa865cb927d095a47071dbe2774a1f9fbfb93
Size: 185.24 kB - runc-1.1.12-1.module+el8+1748+314d55dd.src.rpm
MD5: d2b29240068375bdb5a3cc45650897d8
SHA-256: 799ee7a8d06378605a490ad2386409e5f2c2acce7f1c9b1846d3021b12a7eb31
Size: 2.38 MB - skopeo-1.13.3-3.module+el8+1748+314d55dd.src.rpm
MD5: 15a21bf137961892a4a41f4dc5cb4cae
SHA-256: cec44c345abf06b834a4483f14010039dcdbab732e8b614162beff527eefbbcc
Size: 7.49 MB - slirp4netns-1.2.1-1.module+el8+1748+314d55dd.src.rpm
MD5: 29b0db224aba7f0126188ccfbceceb5e
SHA-256: 03df72d16b838e73b142123e9ead6a2f9013d01e9b7d93ffe4fb08cef007342b
Size: 74.94 kB - toolbox-0.0.99.4-5.module+el8+1748+314d55dd.src.rpm
MD5: 66d54cf136913857b7346d65a4c532a1
SHA-256: 37f3859d13d32ced405e605be1c38600aec76a9f2bf75ad8ae42f56d31f58be6
Size: 2.25 MB - udica-0.2.6-20.module+el8+1748+314d55dd.src.rpm
MD5: c58d854bb7b1d0d2c7b514ba9c4683a3
SHA-256: fce6dbfefb0d597306c6086754a9d2c5fae0673dca42b383353856af5f0a033d
Size: 134.17 kB
Asianux Server 8 for x86_64
- aardvark-dns-1.7.0-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 4477b9f3c006965fa6e7a403b526b1f7
SHA-256: 535c60bd3ba882a3ae0bc2cb2394b1a624972c7a164daa74413a1fa88281968c
Size: 1.01 MB - buildah-1.31.5-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 1e282f4ecae6454710f6ff2514944459
SHA-256: 2ccb4698b0116d3b87ded6db4bde4cc728e688ea6dc5c3dc09ea89250cb0956e
Size: 8.84 MB - buildah-debugsource-1.31.5-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: d6059fd1de0c10ea249e6e256a9364ab
SHA-256: c35814a03d889902ce18148d96bfac37febc241209041dcfeda8b958276d76c2
Size: 3.90 MB - buildah-tests-1.31.5-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: b4f531686ff98658a04952cdb956cdca
SHA-256: 0fd60da900b998065a0d2aae11d803e3f50d8289d93ccda94dfde833148f5153
Size: 28.52 MB - cockpit-podman-75-1.module+el8+1748+314d55dd.noarch.rpm
MD5: 458e13ea0b1fa4c8cad3f29dde0237f5
SHA-256: 234641f520b3f6a4d851d3ca85ccb9cbc770b734ef37a16d9d4b87a2b9ff8a15
Size: 738.05 kB - conmon-2.1.8-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 7a4cabd914034781b1c4c9bfe1f39313
SHA-256: 861d7a44ec52b5dd7706287aeb4edf38ee9a22669f734b26a9c0185b51222990
Size: 56.28 kB - conmon-debugsource-2.1.8-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: b09e04f0881cc187fb1800daa6813910
SHA-256: d8c5f61649bf7c67764832edc334ea08b39983d87917d7ba9b92689f5c0935ce
Size: 49.91 kB - containernetworking-plugins-1.3.0-8.module+el8+1748+314d55dd.x86_64.rpm
MD5: c33006d8575182a85fff6127bb2d2dda
SHA-256: c59b30bc61f7b15e5b68a28758447a1971737594fe25be330661dfcd8e9ac4d3
Size: 21.43 MB - containernetworking-plugins-debugsource-1.3.0-8.module+el8+1748+314d55dd.x86_64.rpm
MD5: 86cb18fc9e3ec167df5bb3227547a25e
SHA-256: a3501be1e5b8fff7286f42ef13df9e7ead023484d013a9ee81e6753c2d81ef18
Size: 428.01 kB - containers-common-1-71.module+el8+1748+314d55dd.x86_64.rpm
MD5: dc07ef2f49a45c27bff061659a7d63c9
SHA-256: 405f14d43814595fad3a97f349bfecd36c20e580f724476f2406fd4717e5c39f
Size: 133.27 kB - container-selinux-2.229.0-1.module+el8+1748+314d55dd.noarch.rpm
MD5: 20a57a4079a1131817e986dc7b0f1742
SHA-256: 697022aeb0e4925b754728fa37164216eb8304830d28c330f43a3dd30ed0f5b5
Size: 68.12 kB - crit-3.18-4.module+el8+1748+314d55dd.x86_64.rpm
MD5: b55e46c6e6d46bd6e059ce490b57373e
SHA-256: f97df2da1b79ea6b837415195b7ebd2556a6f80526bcd2cf6ec3c89128718c13
Size: 22.00 kB - criu-3.18-4.module+el8+1748+314d55dd.x86_64.rpm
MD5: 287c9555229e044b08784ddf4212fbb8
SHA-256: f731409ce23db30be15e77878f9f9cda5b5a7336fab06a8f1a46cbb5486f40dd
Size: 563.03 kB - criu-debugsource-3.18-4.module+el8+1748+314d55dd.x86_64.rpm
MD5: c9c452e963ab6778421745d151097191
SHA-256: 46ff69c10f248246b4f31902c6d0111336d88d4d5180b969a4d30647f70cac10
Size: 729.69 kB - criu-devel-3.18-4.module+el8+1748+314d55dd.x86_64.rpm
MD5: 848432b1598065029ef3c921f2437539
SHA-256: 13b5c129800b74a63cbaeacaa1980419db65ed4d3604dd07f4ae0229a79fed4e
Size: 28.13 kB - criu-libs-3.18-4.module+el8+1748+314d55dd.x86_64.rpm
MD5: 9dd6e8b110d97adece5d91f7f74d33f3
SHA-256: 2e740468fdcd5226d58cfc34f5e3261f7b0da8d1d69a3c22c10bbee917ffbe91
Size: 38.05 kB - crun-1.8.7-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 6d4e9c7434f50326ceb763e5d41b713c
SHA-256: df361ddeed116bdd30126d6ecabb60f559362b9f91f703e3c03e65d3e434f94d
Size: 237.94 kB - crun-debugsource-1.8.7-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 0df0503942539d082a44d65d8cadcd53
SHA-256: 8f117a5c21c146ce69544452c52cc4dce437969146bf1923a6e81101b98eec51
Size: 183.80 kB - fuse-overlayfs-1.12-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 06577edbcd69f83237c02083ad7ab9b3
SHA-256: 58285f9da730466f08b46683facbecd10a85419db18f0c5f5f53bc916d9c8f70
Size: 68.55 kB - fuse-overlayfs-debugsource-1.12-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 1eea43dd68c89cd1f57c5bedc7ae8be0
SHA-256: 3114a9040505d2eb17e6c1dcbae5c3950821d3d4a3ecfb35aeca2d0136f6a151
Size: 55.41 kB - libslirp-4.4.0-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 769443ce1394dcc01ac64f91b62f8d30
SHA-256: a57ec8bc1838f566610b8f3c526ae126b7ef73c70bfce26072c4d512325a8abf
Size: 69.17 kB - libslirp-debugsource-4.4.0-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 72e69ffd0bd244ebc19b7370fa186060
SHA-256: 39cd48ec5a5f07d718c4d8d8dd016caeb9d84e5ff4aad1e491c953e9a4b030c8
Size: 114.43 kB - libslirp-devel-4.4.0-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 145ea1c730e2195d202b11538afd12cf
SHA-256: a9d06b03738c1ce3630e776ddabab0c3bec849a36bb85d9976977bc468d01974
Size: 11.29 kB - netavark-1.7.0-2.module+el8+1748+314d55dd.x86_64.rpm
MD5: ced8f4d66eb2841156020668ab996799
SHA-256: 369bc7756be5149d7ff1c01205a44db9594622c5da7f10fa35316594a7e7d2d5
Size: 3.71 MB - oci-seccomp-bpf-hook-1.2.9-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: da0599f215f4df06a5d2357f1367d077
SHA-256: 6d34844e0b8a6f9caffcb3e7d67e2702031b5922d2094b7fd3056b867b8181fa
Size: 1.06 MB - oci-seccomp-bpf-hook-debugsource-1.2.9-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 3bbadb9fa221c8badd05c032ca8580ed
SHA-256: 29cd742c5934b5c4d88d7e5c1e48cd1b291a7a45315c14e231a7520c2eb1b2a3
Size: 190.06 kB - podman-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: 4b5b1e833f9448e1596ca909cf297dcf
SHA-256: e96991055f4ade5e4025da2e0257af2521b6d2890bb64bd253c89800186fb3c9
Size: 15.36 MB - podman-catatonit-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: c42f23c65033841a6563361089ae21e0
SHA-256: 96306a6248251c63c6f04f902fa9f6e01b67d6b346b29f523dd39967e5b1d519
Size: 361.86 kB - podman-debugsource-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: ce6d25c0370074ed67627c8443274574
SHA-256: 4c852282028fe6e6e1f7b7cda3181ebf1b56411770c40060310a66bb7f3a3a28
Size: 8.82 MB - podman-docker-4.6.1-9.module+el8+1748+314d55dd.noarch.rpm
MD5: 9bd62462d126a6889a10c4e6d8dfe4a5
SHA-256: 8d5a8cbff9d22529eb738236bde4e9756a86101974fe147305b198db18b0e638
Size: 109.50 kB - podman-gvproxy-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: 8ec75b03bed27a5e03d625627d57668b
SHA-256: f64abaaabb0d5bf7c44d694a10b8f683784d182b12db09f8a854d2c8be404fa9
Size: 3.80 MB - podman-plugins-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: 8d2b927533a8ef85c599d75e887a28b6
SHA-256: 5a0e22b4491c624e7301dd46826de0779783a10187f5421ff0811296d682218a
Size: 1.27 MB - podman-remote-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: c7fc30e6ac296968b8937be91bdfc54e
SHA-256: ff42d1b40a196a68812f323b9531ab0e98d68e0a0878883d90711db8f1fabdbf
Size: 9.68 MB - podman-tests-4.6.1-9.module+el8+1748+314d55dd.x86_64.rpm
MD5: 00f670376fcd6767a95d7b844927db4d
SHA-256: 5c4b77b4e3195fff89268ecfe4d2056407455da3c9d89b7cde31ab5b617f9e94
Size: 238.42 kB - python3-criu-3.18-4.module+el8+1748+314d55dd.x86_64.rpm
MD5: ac9a2ea124f01f8b1d450a3545ae7b6e
SHA-256: 5a80423158c5eb6d2aa49ea14c10637ced87665b5bb4e77d89249b2025153791
Size: 177.15 kB - python3-podman-4.6.0-2.module+el8+1748+314d55dd.noarch.rpm
MD5: 7851f2c2e38eb7cf67c55f4467fbbf19
SHA-256: ad77e335851b6d24bcdc63c54f580f5ce2ea250a92bdf6fea11666ada42096df
Size: 152.28 kB - runc-1.1.12-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 36f62fe0cf867311e39a9af6d3739464
SHA-256: a47c7034593f5a81a5aa71bb2bf6f481a04e093e35cb7b15f072a328f378f146
Size: 3.09 MB - runc-debugsource-1.1.12-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: b5623df0c01f67928e01b3f33ef7180c
SHA-256: a022afa11e4b365143584fb3c65013875b7be43f1e425427fefce096f97276f3
Size: 893.45 kB - skopeo-1.13.3-3.module+el8+1748+314d55dd.x86_64.rpm
MD5: 3f4f523672c0b680bd8ad583dc962fe7
SHA-256: 9b312ad90673cf5f7c46ea965b3af24490959a7c4905f5482252531d3c4160ca
Size: 8.15 MB - skopeo-tests-1.13.3-3.module+el8+1748+314d55dd.x86_64.rpm
MD5: 853157b85b044c690a2961697a869af6
SHA-256: 771918efe42b68b856702817d94f0bb3005b64e883c7626cbc6d580f9edb4679
Size: 783.44 kB - slirp4netns-1.2.1-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 052f6066d44f1696eecf793cd2179140
SHA-256: a0444df23c2ecc5b6e826e16dcb983af54908ecf1fa1795f5dc7f49a88b1e2cb
Size: 54.51 kB - slirp4netns-debugsource-1.2.1-1.module+el8+1748+314d55dd.x86_64.rpm
MD5: 8fa32b85754df199937e2ae5f5cb7c9b
SHA-256: 20668d2aab89debf57adbdd7f5ccf10b73debf629f141ed33d6f6c8ddc17a2b5
Size: 43.31 kB - toolbox-0.0.99.4-5.module+el8+1748+314d55dd.x86_64.rpm
MD5: ada624d9e5cf14705a09c36ea68a11a7
SHA-256: 17a820ce4cd93b0ab2fa53943dfe6253aabae15f306a7575ac23a7a2d2740f38
Size: 2.53 MB - toolbox-debugsource-0.0.99.4-5.module+el8+1748+314d55dd.x86_64.rpm
MD5: 4b8aa1f1e3877b6e30ef57b956e4371a
SHA-256: b1bf310b6d17e57d8b570152f69c4364e25facaada9f11ca9b3ef270f625f688
Size: 559.51 kB - toolbox-tests-0.0.99.4-5.module+el8+1748+314d55dd.x86_64.rpm
MD5: 13d860cd0f3d16df060a321831c30574
SHA-256: 09d8e383b54143b8e147142a04a28533104c7e7dedc1e7a621d7534b10797139
Size: 37.56 kB - udica-0.2.6-20.module+el8+1748+314d55dd.noarch.rpm
MD5: 22a3144bcbd9721c2799bfc2947e5ec6
SHA-256: f387da9d934f0a1a150745d719a6f6d3a1bce92dfaf201cbc62542c840ad5293
Size: 48.16 kB