container-tools:rhel8 security update

エラータID: AXSA:2024-9041:01

リリース日: 
2024/12/02 Monday - 21:23
題名: 
container-tools:rhel8 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- Go には math/big.Rat の SetStringメソッド、または
UnmarshalTextメソッドへ大きな指数を指定するとパニックが
発生する脆弱性があります。(CVE-2021-33198)

- Podman の podman machine コマンドには、内部で利用して
いる gvproxy プロセスがすべての IP アドレスからのポート
番号 7777 宛の通信を受け付けてしまう問題があるため、外部
からポート番号 7777 宛の通信をファイアウォールで開放して
いる環境において、リモートの攻撃者により、gvproxy の API
を利用した当該ポート番号宛通信のコンテナへの転送を介して、
コンテナが内部向けに提供しているサービスの意図しない外部
公開を可能とする脆弱性が存在します。(CVE-2021-4024)

- Podman、Buildah、および CRI-O が利用している Go の
containers/storage ライブラリには、シンボリックリンク
トラバーサル攻撃を許容してしまう問題があるため、リモート
の攻撃者により、自動的に割り当てられるユーザー名前空間を
持つように細工されたコンテナイメージの実行を介して、任意
のファイルの読み取り、およびサービス拒否攻撃 (メモリ枯渇)
を可能とする脆弱性が存在します。(CVE-2024-9676)

Modularity name: container-tools
Stream name: rhel8

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2021-33198
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVE-2021-4024
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. aardvark-dns-1.10.1-2.module+el8+1824+e14c69d7.src.rpm
    MD5: 173dca6fba6b876b5494ecaa66df25ca
    SHA-256: 2a0368fa42e1bca9bea2176d98d87617d97ada9a2257d81170dd119f1d553c64
    Size: 6.14 MB
  2. buildah-1.33.11-1.module+el8+1824+e14c69d7.src.rpm
    MD5: 5ec13691eb916c7d82379507cb6b3a61
    SHA-256: 1a60b823f4f380bc201be4da32cd384144f4b6736900706a246ffcb322c71d6a
    Size: 17.49 MB
  3. cockpit-podman-84.1-1.module+el8+1824+e14c69d7.src.rpm
    MD5: 570597596902cb1556cb0cd2f8ecb7a8
    SHA-256: e2a4e935377ae672a2075c9e61de171947b852113f2eb22599cb5ea54120deee
    Size: 1.27 MB
  4. conmon-2.1.10-1.module+el8+1824+e14c69d7.src.rpm
    MD5: f9610a87247dd14714b9c0a325dd2f0d
    SHA-256: 46364b2f269b29a11f497623fc0c2e5c8c2ce1eb81137a7588650470626b579a
    Size: 133.59 kB
  5. containernetworking-plugins-1.4.0-5.module+el8+1824+e14c69d7.src.rpm
    MD5: 9c1148ecf6ab55e703717e4ade94b2cb
    SHA-256: bf589cecc7aa977041e3a3f5da60901683f3e1e51a95d9fed4e8c649271554c4
    Size: 3.62 MB
  6. containers-common-1-82.module+el8+1824+e14c69d7.src.rpm
    MD5: dcc6541271419d0495eefed8fd7f49be
    SHA-256: b90b1b3ab3ee97219eeae0f8d81cc5dbd6841cb535d5a6b970f8e3ead957d492
    Size: 145.63 kB
  7. container-selinux-2.229.0-2.module+el8+1824+e14c69d7.src.rpm
    MD5: a1781ff1093db84c245c6a8e98669999
    SHA-256: 3a49db8387e50e8f9db0a88507b7c0b9df7033f0ed24162f3b794fa5c2e12d20
    Size: 65.58 kB
  8. criu-3.18-5.module+el8+1824+e14c69d7.src.rpm
    MD5: df8ea0def2b0e9a471b6b595ef4e8df5
    SHA-256: 1a06a1d220c5a101ec654effa79e36aae37f89ac119a628baca3e8a549feaaf7
    Size: 1.32 MB
  9. crun-1.14.3-2.module+el8+1824+e14c69d7.src.rpm
    MD5: 92a2e5a1a1bce1be7b86564b7319b61c
    SHA-256: 1e12d9c1edf45d9867e449560ef1e02406cdc0a907a676f2edece1345fc39f68
    Size: 1.68 MB
  10. fuse-overlayfs-1.13-1.module+el8+1824+e14c69d7.src.rpm
    MD5: 22a9ec85a9f64986bb6dcc252ec0bf6d
    SHA-256: 5ed3b9b2658c4fd5aa58fc64aab7d96bbae0d46466b0b57a448dc93c8c5a2e80
    Size: 112.28 kB
  11. libslirp-4.4.0-2.module+el8+1824+e14c69d7.src.rpm
    MD5: 332529d9471427be53249195ff2bfc78
    SHA-256: 9e6f4060049bc92031b63c60b6233afa19fe73345a3d6cb33ff62a3627ce80be
    Size: 114.97 kB
  12. netavark-1.10.3-1.module+el8+1824+e14c69d7.src.rpm
    MD5: 1d3d231146599ab68aff537ccffd9c2f
    SHA-256: c5abec7be96caaa0e054881615ed2901ba7898b02fc9785466fe6526ddd7d3e3
    Size: 15.51 MB
  13. oci-seccomp-bpf-hook-1.2.10-1.module+el8+1824+e14c69d7.src.rpm
    MD5: 300f61511072a1a449c33a6d6a7ff817
    SHA-256: 452aa44ce496fbb05da449a0e66707a087043db067348d828dc93a4dcdaac32f
    Size: 1.43 MB
  14. podman-4.9.4-18.module+el8+1824+e14c69d7.src.rpm
    MD5: 1682c8fc768563184ba624cfd3e7e0a0
    SHA-256: a5fbac52840f8be782843571585bc45f03b884276a743ebbf1f67d9dfe3b18ea
    Size: 32.57 MB
  15. python-podman-4.9.0-3.module+el8+1824+e14c69d7.src.rpm
    MD5: e54581aab1a3cfe1d770348c111aa5fd
    SHA-256: 6ca23f469f814f004459a5cc935d7bd7520adb29ed2072bccccc0ca0cf3d5281
    Size: 188.74 kB
  16. runc-1.1.12-5.module+el8+1824+e14c69d7.src.rpm
    MD5: e9e4c6e93a4b6c9d0c43f19a1c53cfd0
    SHA-256: 31630098d02adb3bbd604968d4ce12447256e874b11ffbf515045439f4bdd751
    Size: 2.38 MB
  17. skopeo-1.14.5-3.module+el8+1824+e14c69d7.src.rpm
    MD5: 5e247d924edec96dca58b65226b00f98
    SHA-256: 265ccbb0404fc45b706346cffbbfb0db51614b28f91a613783c8b564c376d5d7
    Size: 10.00 MB
  18. slirp4netns-1.2.3-1.module+el8+1824+e14c69d7.src.rpm
    MD5: eaee1080872a03b36e64acff6308235a
    SHA-256: a9bd723227a359096f7c55b5476a13c6cddf49ce115151ad2649020e113a0097
    Size: 76.05 kB
  19. toolbox-0.0.99.5-2.module+el8+1824+e14c69d7.src.rpm
    MD5: 4a1db1071f450b8eeb81c38a40e65a33
    SHA-256: 0f58eb35e9509f5348f7379ef271bc68a26aabd14f5949b74acc4a0a56113ea9
    Size: 1.10 MB
  20. udica-0.2.6-21.module+el8+1824+e14c69d7.src.rpm
    MD5: cbe502b2c32ba38bd3bbf1453509ef11
    SHA-256: 643141f8d66b67ff21344ad3329ce6227a9a43084e97397e123ce5551e3c6a6d
    Size: 134.32 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.10.1-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 3287ba85051c5ce507efcdbdd3df75b5
    SHA-256: 0f15ea1b48e0cd26f3e4ed04d202c86e575c4fc07619b49df03bf3342395091d
    Size: 0.96 MB
  2. buildah-1.33.11-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 5bd9e2e19866e795a3e1248de8bbb55d
    SHA-256: 86c8d228f3067d2d4317eeaaa2426e61f5d3276759528d4ae08431e25a4678ec
    Size: 9.67 MB
  3. buildah-debugsource-1.33.11-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 2929f5c5c52d274af5ae8f3675e9da9b
    SHA-256: 63b997d60f894f6272d4f97ef5626b0c4b7f2d593a3a43400e1c4e688c1f25cb
    Size: 6.12 MB
  4. buildah-tests-1.33.11-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 3b3aeb4c7f2ecb04857388ec6038848a
    SHA-256: 1e70a64aafe86834c1c789839c7b2e544921ff11484cbe8bd3917a88676328d3
    Size: 30.62 MB
  5. cockpit-podman-84.1-1.module+el8+1824+e14c69d7.noarch.rpm
    MD5: 7295cb5952b305f805c0b61aa6755c37
    SHA-256: b275223b9fff2c1e18060fa4f9620fc451591430ffe64e90e6b7efb795091ae5
    Size: 682.92 kB
  6. conmon-2.1.10-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: d20f5e224adf12408f2037e56aacb3cb
    SHA-256: f908eb62e5e629deb866b70686b899f84505ead37bb3ed95996b0bfcdd52d466
    Size: 56.83 kB
  7. conmon-debugsource-2.1.10-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 7bd28152ecc39ac9aa0b115e06c73152
    SHA-256: 75feab369b07f9b26227dd85afe76f5170dcd7e140db053c594870e424ab63c7
    Size: 50.46 kB
  8. containernetworking-plugins-1.4.0-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 0a9c9a22ed15ffa5eb3e46a145f94f99
    SHA-256: 3fdecf8f309aac489578cb1b0f534ed1c57a6f372e5f8910bc047d63993d9dc4
    Size: 22.03 MB
  9. containernetworking-plugins-debugsource-1.4.0-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 77bfa852d32750e25253f4a2fc12a7c0
    SHA-256: a51cc1754456ba1b82bbff0e4410e89bb904ee1e64923a4c4fb8881e54046d59
    Size: 429.95 kB
  10. containers-common-1-82.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: b8880fc21df74c26b5f6941b21b5d14a
    SHA-256: c66affd9085ec2e9819a0fcd22e9dbc9527821cef07c46fb09fb14d88137548c
    Size: 142.03 kB
  11. container-selinux-2.229.0-2.module+el8+1824+e14c69d7.noarch.rpm
    MD5: 4d84bfc6f33bf064cce4506d4113814a
    SHA-256: 1e65d3c9c181e8b7f8ca3997419b05ad63e638be8fe5f467683f46571d0ba91e
    Size: 69.43 kB
  12. crit-3.18-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: b5f54602c9918f02f284e803519a2824
    SHA-256: 72f426935361e6b36380afce4ee6bcd702258b8525cc9eb515021266cd555d53
    Size: 22.10 kB
  13. criu-3.18-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 4411d7103667f53600dcd47845b229f9
    SHA-256: 596c141e823f19c115b576a12aa2204e1322ba3a17577a4ec3cdb501fd00262e
    Size: 563.14 kB
  14. criu-debugsource-3.18-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 91355f817da6901d48da9adb8748428a
    SHA-256: 50741bd4277fceefea441a82a43813d81cf809d9a845822833d781247b7f58d7
    Size: 729.71 kB
  15. criu-devel-3.18-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: a55658ad4f18f4febe0ed0b8f23de382
    SHA-256: af171e5458ffe1a87f1fb64e7aea659c584137829f6c24aa2fe281501e2c45a9
    Size: 28.23 kB
  16. criu-libs-3.18-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: f99e025198eaf15e1507a43db433e4f6
    SHA-256: 5e100616dd3d49cba62996bae7e2df7a226a29e9462f2f7cb8caa02df9d2d353
    Size: 38.15 kB
  17. crun-1.14.3-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: da0ce8185f4a3ace14efa5cb85c12552
    SHA-256: e63f1bd2eb480480e587d49335df87a8b5397c2be99f91834757e79762ac740c
    Size: 256.57 kB
  18. crun-debugsource-1.14.3-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: daf8b7a9342357ff1eedd101ea4b6eba
    SHA-256: fc8f9a4f63a1cd154310a331d3ca67f36665e75a2288d1bef326745658c70331
    Size: 204.13 kB
  19. fuse-overlayfs-1.13-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 0a5243c19c35629572878a7063aa22a6
    SHA-256: eda866b09084f674f4edd4f334d3dd169f61cf51b9b9af60bf20f6aa87c861a9
    Size: 68.73 kB
  20. fuse-overlayfs-debugsource-1.13-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: a7bc12f0e51bc6249c9c812fd9142213
    SHA-256: 9ed348b589a9e0a78c2a0536395cbab926ce5e91172553f1ab34b32fdb72b273
    Size: 55.61 kB
  21. libslirp-4.4.0-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 00ae29691b2dd9ff139a4440280f2984
    SHA-256: cce892f7d924e33acb572e455ff4974fee1e759b893973602fbed628f3e5d325
    Size: 69.27 kB
  22. libslirp-debugsource-4.4.0-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: f650f69fffae685cfb21a6edf99b7a7f
    SHA-256: 488456019abf0bbdd242e477c5df83b0cd4e69d75f2df521e5cce7f97ac8db2b
    Size: 114.54 kB
  23. libslirp-devel-4.4.0-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 4c121e1c81743cb0ceb9056f5a8e2e12
    SHA-256: d22fb63a0f19a1c8fb1e315d262187ddae66eadd4d4acb35e3948b354a57f16d
    Size: 11.41 kB
  24. netavark-1.10.3-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 6bc83be739b45cb1fa9ffb531f747314
    SHA-256: 310763f082f44ef8bb6957e90b9b8238b3e9d0eb4e5dcf52d8faacd6cebbd040
    Size: 4.10 MB
  25. oci-seccomp-bpf-hook-1.2.10-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: c85e7b2814ba31262cb39f17120c08d4
    SHA-256: a61f7803423b00753b90a72c5f2d9a6fb1304a68790bb48dae11e62b1ff3b056
    Size: 1.13 MB
  26. oci-seccomp-bpf-hook-debugsource-1.2.10-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 4558b331d1223e7d871e4c0cebab8532
    SHA-256: 568b7bc53cacc3c6ede3cd577eb1cbc638bd7e3b84a61561f5ea679aa047e672
    Size: 247.94 kB
  27. podman-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 37a250dc45c509f249e954ea65dd8d70
    SHA-256: 84ccae14e92e1c58bfaf1f859bcf1d8886f4e5042abfe4fa754faf7b79c54df7
    Size: 16.08 MB
  28. podman-catatonit-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 7f06128fb1c6f8a0cee06f158958f323
    SHA-256: de582b864bcbeac1b0644b69c0c25f5621897882c01a758ce9a54781da858458
    Size: 374.27 kB
  29. podman-debugsource-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 82d98c4765e78399a2c2c607f5693ff7
    SHA-256: 5387445c4b5b81bc7f4f9b94b29f2c22da5bdf093ba72ed47421f9add8b4b583
    Size: 9.33 MB
  30. podman-docker-4.9.4-18.module+el8+1824+e14c69d7.noarch.rpm
    MD5: eaf24c95e3ba4695f9a5cf92c78407a8
    SHA-256: dfb7ea8d5ee88fbd0bdd8d32e315b7713b0c56e4f7e38429e56a04a63da23793
    Size: 115.01 kB
  31. podman-gvproxy-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: b550b4a9993d1c1ec89add75aca003c4
    SHA-256: 57722526c3df036f6392e2aba2adef069cc0ef82356710cae7053e6714e51fbe
    Size: 3.86 MB
  32. podman-plugins-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: e8a4fc4276b1b4834f56f11c5f421e71
    SHA-256: 65628c5e4cb098b18e28318049f7b933406e03efe9f2356d4cff7fe4d6000dcb
    Size: 1.33 MB
  33. podman-remote-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: fcdb4a254dddad5abd2c85900f3a6ed0
    SHA-256: 6e9f22c8d6f172f444fb67035c464312e036dbb723c775a6b6212b3a45dff89c
    Size: 10.48 MB
  34. podman-tests-4.9.4-18.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 3b0ed24a6d8db0a207c2cc58260f6fac
    SHA-256: 5621c26ee2883651e1d8aee83f2bdad9d5e826a60c6fcf95c69bfae975d895b7
    Size: 266.98 kB
  35. python3-criu-3.18-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: fe134b47cfdde1f59b57056aa3fa091f
    SHA-256: 4b26b33fe18cce24cb620ae22525cfced75fc65e1a21645da41924eb43c6face
    Size: 177.25 kB
  36. python3-podman-4.9.0-3.module+el8+1824+e14c69d7.noarch.rpm
    MD5: 21d19f3e354229183874e7dc649e3ae5
    SHA-256: b8a039763cf9aca38d0062865146af5dd7dc2ff7e9b845241f17f8b304b38c32
    Size: 155.52 kB
  37. runc-1.1.12-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 7eeeb7cb1df1569dd1ee128afb68de3c
    SHA-256: d8c597bf74f91b3fc6b7c2bd3f066b8854a9eda95b8adc7dc454b6a8800be02b
    Size: 3.11 MB
  38. runc-debugsource-1.1.12-5.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 3cd03b14ea7be19e8aba826625abd60e
    SHA-256: 350e685e3dc4912b30b1f8abe99ed068b38b88b4fa21f7d64cc68f1509bf02a2
    Size: 893.96 kB
  39. skopeo-1.14.5-3.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 1b07be66446c1ef061e3f8b1a159b1c9
    SHA-256: 5e451df4527702f87f218d4e223196e39f77d99adecddcbaeb9af103ff4e4b70
    Size: 8.82 MB
  40. skopeo-tests-1.14.5-3.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 82825b7f26b3bdaddd676b5608967443
    SHA-256: 7a9a9ff55557615d1379892a25c597967874805a2795dc6b4a47a4759f28299c
    Size: 785.40 kB
  41. slirp4netns-1.2.3-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 5fbbdf8f8942604f48b9ef456eec37b6
    SHA-256: 62d4bf57257c812a5a6b7f981d0e02202c6aafa3d58c99d43f11ab30734819eb
    Size: 54.92 kB
  42. slirp4netns-debugsource-1.2.3-1.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 99f66968503567d0f08963930bfb40e2
    SHA-256: 8c6f343c2bb5cade31b8a09e9a2619bdf016e4432a1eab4cd93a436f84c62456
    Size: 43.73 kB
  43. toolbox-0.0.99.5-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 1675f11172b3914ae9382f84499180a5
    SHA-256: 6ce9c0932e342421231cdaa8b01c42cb3a5e85588f96f45e5c1987bb79c5342c
    Size: 2.52 MB
  44. toolbox-debugsource-0.0.99.5-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 1695f4eb18efa01e7fb302302b885289
    SHA-256: 60d5210e19261b2c5cc8a5c0ae620d7eb268f404ef4daf4855086a16e54afed2
    Size: 571.82 kB
  45. toolbox-tests-0.0.99.5-2.module+el8+1824+e14c69d7.x86_64.rpm
    MD5: 031c21bcb44ec3b05d64a926778b0b88
    SHA-256: ee76a2bf9b27b994e1c39a7e690fc4e58b2766dd7b7457b7c4dd7ef53bc113d5
    Size: 43.69 kB
  46. udica-0.2.6-21.module+el8+1824+e14c69d7.noarch.rpm
    MD5: 0e0b75d09e19f1c596dc7e4cac3c04f2
    SHA-256: f2c9f34b689446c1cc2685c07e3f9c4ccd07371ea9a60d3d4d31f75239b3dc69
    Size: 48.26 kB