container-tools:rhel8 security update

エラータID: AXSA:2025-11112:01

リリース日: 
2025/11/26 Wednesday - 19:30
題名: 
container-tools:rhel8 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- runc には、シンボリックリンクの解釈処理に問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-31133)

- runc には、シンボリックリンクの解釈処理に問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-52565)

- runc には、ローカルの攻撃者により、情報の漏洩、データ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-52881)

Modularity name: container-tools
Stream name: rhel8

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52881
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. aardvark-dns-1.10.1-2.module+el8+1918+d953a84a.src.rpm
    MD5: 8ff4d94dc7ae34d6aa0ca96693273981
    SHA-256: 4a26e5d779b9274fd2d9dbf64695b66b66582d96241061f893b574a311af7dde
    Size: 6.14 MB
  2. buildah-1.33.12-2.module+el8+1918+d953a84a.src.rpm
    MD5: f475d30104430f31bd0e2e8e69a91efa
    SHA-256: f8054ea505c9b2fe366358c7b205c4aff9c7eace2a7e8af507572f17ac99b95e
    Size: 17.50 MB
  3. cockpit-podman-84.1-1.module+el8+1918+d953a84a.src.rpm
    MD5: a3bd41c3fab413427b422463839119bc
    SHA-256: 2370534a0206040ed7e046aeb2069b51f25ffe373073a8c84e78dd69fc7c01ed
    Size: 1.27 MB
  4. conmon-2.1.10-1.module+el8+1918+d953a84a.src.rpm
    MD5: 4ef7ab932f6fddf5190902c2ba8a7877
    SHA-256: 87d08a9293f0274b174a604aeb631f49270f0499ba2294c552913dc04e01ab2e
    Size: 133.59 kB
  5. containernetworking-plugins-1.4.0-6.module+el8+1918+d953a84a.src.rpm
    MD5: 9f3f7e4cd3fe9c18296d89660f9daf89
    SHA-256: 24afd01e3b8a471a901744447c33cf55cbc8c19d1bae8a3ad809b2b1c529479e
    Size: 3.62 MB
  6. containers-common-1-82.module+el8+1918+d953a84a.src.rpm
    MD5: 32a6cd8f82288bd43427d46912484062
    SHA-256: afbba2bed6e33604cd9c27f9f1b2478e6e1ad24405e4debf41e9fdc1b87371e6
    Size: 145.63 kB
  7. container-selinux-2.229.0-2.module+el8+1918+d953a84a.src.rpm
    MD5: 171541b7b9851300634b13e511dd1384
    SHA-256: 63ba7f53b1023153f521690a8cf37d8af7d470cdcad19c41ae3a3a2209cda61c
    Size: 65.58 kB
  8. criu-3.18-5.module+el8+1918+d953a84a.src.rpm
    MD5: 51b687756a2bfac4ebc3521d9c11b41b
    SHA-256: 777390c22658a60c530e259adc10a323967f02ee610591ceb118eeee17eb6a15
    Size: 1.32 MB
  9. crun-1.14.3-2.module+el8+1918+d953a84a.src.rpm
    MD5: 6e9384df168c003fa5a4b94a82187b2d
    SHA-256: 6960d0afbd61df747e855c8094a6c03aae4f5b8eb0b550566513aa71ce89dfa9
    Size: 1.68 MB
  10. fuse-overlayfs-1.13-1.module+el8+1918+d953a84a.src.rpm
    MD5: f2f16be015951692e8788b246b538a55
    SHA-256: 42b225b741281aa2416c72ee17d55991595a1fefc44a80204c32b113f077c531
    Size: 112.28 kB
  11. libslirp-4.4.0-2.module+el8+1918+d953a84a.src.rpm
    MD5: 18fc1e6777284ee79f6f13900f12e9e1
    SHA-256: cb12bd2337b5e754cbbbc2c8eebf07dd67bc3e8bd318c9f1b9af2498e3230edb
    Size: 114.98 kB
  12. netavark-1.10.3-1.module+el8+1918+d953a84a.src.rpm
    MD5: c06244560e4a90aa579a75856f4eef50
    SHA-256: cdab103487677ec6fbaf681e3264d76d4852d47d3497447d3d5e303fcca9e6bc
    Size: 15.51 MB
  13. oci-seccomp-bpf-hook-1.2.10-1.module+el8+1918+d953a84a.src.rpm
    MD5: 841e3a1745a6788531328cd977f32a22
    SHA-256: 8a7f3f929eff966f6834c3d29b4fb09e4dc3c5dec1514b7b272b4956fde2bb62
    Size: 1.43 MB
  14. podman-4.9.4-23.module+el8+1918+d953a84a.src.rpm
    MD5: 45427842584ba010bb19208726f8d091
    SHA-256: dbbfd2f529744c4c71277aafe51d9d1df0b3d0ee2c3417c063959a928efcc461
    Size: 32.69 MB
  15. python-podman-4.9.0-3.module+el8+1918+d953a84a.src.rpm
    MD5: 9acb87bbcecc742bf45cab5681b4a08e
    SHA-256: 1ada93587817fefb86e5cc8479fb3a83e784d6805e6b09efe1d01a5d2a78ce92
    Size: 188.74 kB
  16. runc-1.2.5-2.module+el8+1918+d953a84a.src.rpm
    MD5: 269b78b335d41149a9e31d405e7552d5
    SHA-256: efc7396800d6e0fb3abf197925e2d8e779464e32a542f21d9c34ce4f4f2951ac
    Size: 2.73 MB
  17. skopeo-1.14.5-4.module+el8+1918+d953a84a.src.rpm
    MD5: 64d814c529ba3f4db5febcb0a6f9c023
    SHA-256: 1e83eee5c743571c0ad05af9aa3c9fac78e37196cd3aa154e117c8b23226485f
    Size: 10.00 MB
  18. slirp4netns-1.2.3-1.module+el8+1918+d953a84a.src.rpm
    MD5: dfa9196bf99e8915c16be06a7a15ce72
    SHA-256: 2972203a4986ed5f6e04a5eea4e45460849eb666b78eee1bd9814e92b5f97e80
    Size: 76.05 kB
  19. toolbox-0.0.99.5-2.module+el8+1918+d953a84a.src.rpm
    MD5: c70cfaf2b5b3e41996356ee8e9e4c6ec
    SHA-256: 5d8d3b1cfa17e8f58d77711ef82e3bf16a92169fe322481c49e2f674bb9dd6f2
    Size: 1.10 MB
  20. udica-0.2.6-21.module+el8+1918+d953a84a.src.rpm
    MD5: af56938097c8ded07ee6bc2ae8fa2b6e
    SHA-256: ecee8ad3f6e04217f9f378385ec9af3e7f96c375e64f245267f2a94b5acb2bc2
    Size: 134.32 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.10.1-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: bd9c639ca8a01b73e7e17698a3df238a
    SHA-256: 50f59c069e3ca0d43666ae6cb59e023591343e9cb415078b37ae56ddb04a6ad0
    Size: 0.99 MB
  2. buildah-1.33.12-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 8cd8d1e3475212a31ff3a13aededdbc8
    SHA-256: 230be334d315102d232d45f424cd023734baa6619ab866c6b0ebd00e88205b61
    Size: 10.19 MB
  3. buildah-debugsource-1.33.12-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: d72a9d7b4e56102b89dd9e62ec5bf517
    SHA-256: 52c75c07a3e593f5fe8514f9d7a939f71cfb42bc670faa8965dda2090c0e19b2
    Size: 6.13 MB
  4. buildah-tests-1.33.12-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 71fe57fc4c346ecfe0ff4d3acd13877f
    SHA-256: 113d85490cfa878309a909bd5bb4d531602875d9ee569d0606dd88ec9b5750a2
    Size: 32.09 MB
  5. cockpit-podman-84.1-1.module+el8+1918+d953a84a.noarch.rpm
    MD5: 811c570a532578036d74fb6fa8528fbc
    SHA-256: e58b05cd6c66cb52d69751ed4b27002d321e27f2dc3eac15b06eafe56e475ed3
    Size: 682.92 kB
  6. conmon-2.1.10-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 43dc1d9e59259b1a064d42178b854b53
    SHA-256: f3dbdc217ca6805dadc6bedaf4e346949635f1511d12f8d3d4435a96600b71f5
    Size: 56.83 kB
  7. conmon-debugsource-2.1.10-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: e36a55074e46a04070d01b75d4616516
    SHA-256: 309cc408c49ded92ee0b2073aa65ea0c5fe6b5f5500b4bf58a5065b3a9909010
    Size: 50.46 kB
  8. containernetworking-plugins-1.4.0-6.module+el8+1918+d953a84a.x86_64.rpm
    MD5: d5d96069a0348afabbf02c3c13bb35db
    SHA-256: 1ad5d23375cb9862d6b2455524a8e4607907713431e399891e48a96a135cc563
    Size: 24.50 MB
  9. containernetworking-plugins-debugsource-1.4.0-6.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 5cad9d5eae759c55d53f110e8826e407
    SHA-256: eca1504ae89c2aa132b233363ed8543312b83ec868dadbd1f845cb1c4840ba44
    Size: 430.05 kB
  10. containers-common-1-82.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 65dc677047adae4965701a4533dfd6cd
    SHA-256: 52fe62ff251793fcb90ef322b86539024d3ca6743a313b7528741f650d52801b
    Size: 142.04 kB
  11. container-selinux-2.229.0-2.module+el8+1918+d953a84a.noarch.rpm
    MD5: 72ddb35af5fd23607f0935086e73b7ec
    SHA-256: abb1741c4d1db85281f50d9272495752d555709bd72dcc860210d976900c268c
    Size: 69.43 kB
  12. crit-3.18-5.module+el8+1918+d953a84a.x86_64.rpm
    MD5: a531ec1f0b9c950784d48767a40b74bb
    SHA-256: 8205fd8b05d8bb5e51d127bb862bdbf75fcddd778be86cf2845e4a21e5813e35
    Size: 22.12 kB
  13. criu-3.18-5.module+el8+1918+d953a84a.x86_64.rpm
    MD5: fbd9eb6172f32293af1a9192b8d1461f
    SHA-256: 17f43bce22ced19c4c738f32682531f9d61c7d1f374f9d0829f9d335dd41382f
    Size: 563.21 kB
  14. criu-debugsource-3.18-5.module+el8+1918+d953a84a.x86_64.rpm
    MD5: a9e7ffe96e0e8bf5db148b227ae323ae
    SHA-256: 0a4a190a0042f81c9bfc8ef127a28cd543f97e174e8c27d380c2f37fb2cc6b96
    Size: 729.75 kB
  15. criu-devel-3.18-5.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 171645245d801c7c491eb2cb8f621acb
    SHA-256: 2f6036da33466fca5bdeeaf08bd8fb1ab683c4b82532bae5fcd5d9631755a26c
    Size: 28.23 kB
  16. criu-libs-3.18-5.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 6d6c5c4d5f8ab3cc90d9bfa114c396fe
    SHA-256: d46109bd951a69b4c8f0ab1c4a0a5794bd6c33324ca3a717b7fc7d10a9b7f552
    Size: 38.16 kB
  17. crun-1.14.3-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 8663415bae0b5ffa3ea8d0654a6a9c64
    SHA-256: cd27539c7c5cfa66cc8a450ffa7df381c22ae4bb9c44bc7059c31c93d8c05cde
    Size: 256.49 kB
  18. crun-debugsource-1.14.3-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 73e82f69aa9a7e1a5686e5fd7917ad83
    SHA-256: 114740fdc3fea4d72a5816b13d14dc9723eabfa558a21458114f8d6a289b2712
    Size: 204.13 kB
  19. fuse-overlayfs-1.13-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: f01d566f47dbc63baaf59571f377538a
    SHA-256: a890fe07d2e24544b1c0570990da9d2b46cc687da18023d60e1f8b06906d5045
    Size: 68.71 kB
  20. fuse-overlayfs-debugsource-1.13-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: dc36caa9f0069f0bdf06b461b250656a
    SHA-256: c9be16a92b01c52a6b56aec61d47751eb71ab31f14f98931bdab6cf318ac1fe5
    Size: 55.61 kB
  21. libslirp-4.4.0-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: ddbe835999c55de113eacb5ac5ea22f1
    SHA-256: 47f5c2bf64a39dfde70c6853f9124683412410df32359ed06417935eeeb2103a
    Size: 69.28 kB
  22. libslirp-debugsource-4.4.0-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 86544e741da8fdec2c1db9ef0993f525
    SHA-256: 7e46e44856cccbb7a7e6bc0abc01959fa11f705b079f184b3c624d3c49538730
    Size: 114.55 kB
  23. libslirp-devel-4.4.0-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 8b0384589099de115f71ee5c4a177917
    SHA-256: 66aedf54e254c4fa4a081e742e472d5c1b908d4fcda35b9e1c259d2697207744
    Size: 11.41 kB
  24. netavark-1.10.3-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: ac0b14f0b96c0c03ca052529cd8e9138
    SHA-256: 2296249d8478342fcd638a8bb39ed8dc7ec17a95051478b0a0372727f7b6b25c
    Size: 4.17 MB
  25. oci-seccomp-bpf-hook-1.2.10-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 781653f22a74608bd9134dedc205de7d
    SHA-256: c9eed2025bd7cdd3891154441f3dee22f2bdb12dbf865df36ccdd86c7ef65902
    Size: 1.25 MB
  26. oci-seccomp-bpf-hook-debugsource-1.2.10-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 04b2f53e58e3587e9cb59a11f9471b52
    SHA-256: 43de60612b726b5ca548efeecda4a9cf23916734709c29813b5914f1ddbe9f96
    Size: 247.94 kB
  27. podman-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 8141d4aac8ca1491bf92d074f00f876b
    SHA-256: d340fde8d0c9cb5a0579def4ba94f9a6b4a0933393a08ccd5daa94708654e73f
    Size: 16.88 MB
  28. podman-catatonit-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 558f2497c3635b51a32279e9530a9cab
    SHA-256: 7447ca49e0e02cf8e46e88e54521900e5c85f5475e83b69acac9d385a248ecc0
    Size: 378.62 kB
  29. podman-debugsource-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 2e8f42f416d6f7d8810c89272988991c
    SHA-256: 5495f2f344965b63e6f77e13a2e8c3314c4ba8dce5d2d8168285b00ddb50d1db
    Size: 9.37 MB
  30. podman-docker-4.9.4-23.module+el8+1918+d953a84a.noarch.rpm
    MD5: 94294ec4f82754d374f3f13fe5d4cb2f
    SHA-256: 9479217da4c13422e886f9e9fa3a85ee5b5c6adc14b0e9dd0a46fdd8be48b76a
    Size: 116.46 kB
  31. podman-gvproxy-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 8a5fd85e882bf699fc2169a4dd88dee5
    SHA-256: 246b86dabdb499a8ce94be32230317895f57e775de887a091cbd853a057807ac
    Size: 4.21 MB
  32. podman-plugins-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 8f70ca41ec692f4cb47f25121ba2cf89
    SHA-256: c08c9399f5c5dd81c3e8110d658b9a2b17ceea7ad5d9e9cb653be86a1e85d164
    Size: 1.48 MB
  33. podman-remote-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 01c67d8b00b0fbdbe541b71b02d16918
    SHA-256: ecdd90879afe753d3ef767905d35934f6cd37c341eac82bb7a385b6a16004b70
    Size: 11.01 MB
  34. podman-tests-4.9.4-23.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 67dffcb5ab4fa2777d5a14831f59c0de
    SHA-256: 317d9fc199fa54a08ed0d5a73f7c33804066c76eb899c743d3d2c3f7ff7edc5f
    Size: 268.73 kB
  35. python3-criu-3.18-5.module+el8+1918+d953a84a.x86_64.rpm
    MD5: ec46531b5f047aec45c82e406c62fb55
    SHA-256: 3322c380d392ffd8d3f19a1811026a15ef8d27f5eaef3d72355f0e7feaf03b1f
    Size: 177.30 kB
  36. python3-podman-4.9.0-3.module+el8+1918+d953a84a.noarch.rpm
    MD5: 5ec5ec5a809d959e3a588ad32ed4c8f0
    SHA-256: 62c74e65400abf7d9d825a452fa1b2a87a021347ef1b85232280533a23d01b59
    Size: 155.52 kB
  37. runc-1.2.5-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: a77659b693996c98955cffd2ff1363f1
    SHA-256: c2d05bf16cd4d3f57bf08674207577d43c801a4493cc03cc209659805e107e65
    Size: 3.81 MB
  38. runc-debugsource-1.2.5-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: fb442076e4e2b41bcdc0bbe19c495388
    SHA-256: d8641ba0d5d0167bfc83395f85b4cf0dcca2612357bd8fc98ac98cf3c227b1cd
    Size: 1.03 MB
  39. skopeo-1.14.5-4.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 2891e14836706935501277093d1c2ed7
    SHA-256: 031ac952fd8cac6dd14ba702c7a7436d67e002e4aa32b4e53c7d15ea47a7caa7
    Size: 9.33 MB
  40. skopeo-tests-1.14.5-4.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 565c3078afc142a4e2de08154e4bdccb
    SHA-256: 80a580493095bba06593a628c7980c4ac3e584bf51095bb9a26157775254b38f
    Size: 785.50 kB
  41. slirp4netns-1.2.3-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 6ed7495a0194280226163b8caacfe1dc
    SHA-256: b0b0c9ca27fa4bd534e511a30e7c199493796950d027f4505cfbe2659752432c
    Size: 54.91 kB
  42. slirp4netns-debugsource-1.2.3-1.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 18e59b2347ce8308b75837883e08e30c
    SHA-256: 34a728210028606bec177c57117aff078332ad09254f2eed26fb4d8b3f590e0f
    Size: 43.73 kB
  43. toolbox-0.0.99.5-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: e375fcd0d501b0e812c441c9e9e1d1d7
    SHA-256: c1759bfe490dfab95554cb1ffca4916618267b277bf08fa666d5a4cd2919fd8b
    Size: 2.97 MB
  44. toolbox-debugsource-0.0.99.5-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 560129d7234f4ab9453f32bfa85677e3
    SHA-256: a15f442c8250051faa0be5c7fc629a02ad32bae54fea353885d66fd52a775488
    Size: 571.82 kB
  45. toolbox-tests-0.0.99.5-2.module+el8+1918+d953a84a.x86_64.rpm
    MD5: 84243f721d4798e8632a2a051eda7ba2
    SHA-256: fb3558002167a6a4e8def0f42332e60c5f479247d83faa645041d183ca1a8070
    Size: 43.69 kB
  46. udica-0.2.6-21.module+el8+1918+d953a84a.noarch.rpm
    MD5: 062f6e8476568c8a5e5456e1d6d99ee3
    SHA-256: 6dc68a5fbb384c264b1a6e71503e9d944c215d75f8db4dd87f31c1c6a587dcd3
    Size: 48.26 kB