ELSA-2021-1796

ELSA-2021-1796 - container-tools:ol8 security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2021-05-25

Description


cockpit-podman
[29-2]
- fix gating test failure for cockpit-podman
- Related: #1914884

[29-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29
- Related: #1883490

conmon
[2:2.0.26-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.26
- Related: #1883490

container-selinux
[2:2.158.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490

crun
[0.18-1]
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490

[0.17-2]
- reverting back to 0.17 as theres no glibc-static in RHEL
- Related: #1883490

[0.18-1]
- update to https://github.com/containers/crun/releases/tag/0.18
- Related: #1883490

fuse-overlayfs
[1.4.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Related: #1883490

[1.4.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0
- Related: #1883490

oci-seccomp-bpf-hook
[1.2.0-2]
- revert back to 1.2.0 - build issues
- Related: #1883490

podman
[3.0.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/ad1aaba)
- Resolves: #1921128
- Resolves: #1936927
- Resolves: #1938234

[3.0.1-5]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/fcca86d)
- Resolves: #1936927

[3.0.1-4]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/c67172a)
- Resolves: #1935376

[3.0.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/7a71903)
- Resolves: #1931545

[3.0.1-2]
- update to the latest content of https://github.com/containers/podman/tree/v3.0
(https://github.com/containers/podman/commit/9a2fc37)
- Related: #1883490

[3.0.1-1]
- update to the latest content of https://github.com/containers/podman/tree/v3.0
(https://github.com/containers/podman/commit/7e286bc)
- Related: #1883490

runc
[1.0.0-70.rc92]
- add missing Provides: oci-runtime = 1
- Related: #1883490

[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1883490

[1.0.0-68.rc92]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
- Related: #1821193

[1.0.0-67.rc91]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91
- Related: #1821193

[1.0.0-66.rc10]
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193

[1.0.0-65.rc10]
- address CVE-2019-19921 by updating to rc10
- Resolves: #1801887

[1.0.0-64.rc9]
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
- Related: RHELPLAN-25139

skopeo
[1.2.2-8.0.1]
- Ignore rhel-shortnames.conf [JIRA: OLDIS-3902]
- Temporarily update shortnames.conf for oraclelinux to point to docker [JIRA: OLDIS-3902]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]

[1:1.2.2-8]
- use runc as default OCI runtime in RHEL8
- Resolves: #1940854

[1:1.2.2-7]
- update documentation and configs according to the current
versions of vendored projects
- Related: #1938234

[1:1.2.2-6]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2
(https://github.com/containers/skopeo/commit/e7880c4)
- Related: #1938234

[1:1.2.2-5]
- use infra_image = registry.redhat.io/ubi8/pause in contiainers.conf
(unlike previous one ubi8/pause doesnt require authentication)
- Related: #1934947

[1:1.2.2-4]
- quote infra_image registry, otherwise it cant be parsed
- Related: #1934947

[1:1.2.2-3]
- use infra_image = registry.redhat.io/rhel8/pause in contiainers.conf
- Resolves: #1934947

[1:1.2.2-2]
- update rhel-shortnames.conf to include only trusted registries
- Resolves: #1931785

[1:1.2.2-1]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2
(https://github.com/containers/skopeo/commit/e72dd9c)
- Related: #1883490

udica
[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490


Related CVEs


CVE-2020-29652
CVE-2021-20199

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.src.rpm91134de73e81466de00ca4157c37a303fa8875be83e67e2a29943083148aaeb3-ol8_aarch64_appstream
cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.src.rpm6f41a04c4f1d95d0ce3ee10879843b598a97fb0d21e3cf362e67feb483710053-ol8_aarch64_appstream
conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.src.rpm05fce88dd8baf752bc18701013cf1a72d0b89c48b783666824cf108c0e8fe7b2-ol8_aarch64_appstream
container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.src.rpm07167b3f72c09aa5a0e1aed8121602a22d5eb940145be7e616151edaf12efe8c-ol8_aarch64_appstream
containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.src.rpm829f3643234b5090edaed57e638759dfcb3b5697acbd2d0fe7029adf22ad47a7-ol8_aarch64_appstream
criu-3.15-1.module+el8.4.0+20157+b6591bfb.src.rpm385fef0dba96ca3f34ddf59fa93b35f5faf13a9bbb0adfff0fdd63dde7aa287a-ol8_aarch64_appstream
crun-0.18-1.module+el8.4.0+20157+b6591bfb.src.rpm1c0a61c30199d3d7ae4d7c524dfdf63c48eae3d37edc6ab7016bc47712d0aca2-ol8_aarch64_appstream
fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.src.rpmfa1021e9485108da35f72e1bf629a22a2218255d94f10dd32de67cd8d9edfe31-ol8_aarch64_appstream
libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.src.rpma1191cdb4fb0e703c387522f55b294b2db4223c3f691fe6759c6a683ebd21e18-ol8_aarch64_appstream
oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.src.rpmcc4da3761fedc3624d0c6bb7c6d43817c1f970375abb3b2c5a23b6fa893d9e6a-ol8_aarch64_appstream
podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.src.rpm1920ede3474dbc71cd4909df8cc1c4e25962725e0d0148e7a8f2e1ceed4b67dd-ol8_aarch64_appstream
runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.src.rpm0ef4bb5e20ff0b27322797818072d95310d99fe32f0717bc26f828aa87f5cfa3-ol8_aarch64_appstream
skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.src.rpm4790107ee89e0f464a392f0a271a3448ce5f656a5ff7daf897c15cd10359fc86-ol8_aarch64_appstream
slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.src.rpm5dc9cb0ff626fc5c592c475e8934158d4cdfeee91352606dbfd356fb7ab7487f-ol8_aarch64_appstream
udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.src.rpmf47c009f3c1944efb932e638ee5795335d472ef8d5d29f12727badc11cc09855-ol8_aarch64_appstream
buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm8d1d4e665bda1e78e295074dec41d83484b1b23e93148e8157ebe823ac0f9caf-ol8_aarch64_appstream
buildah-tests-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm155fca320fa165e97019e4ae9ffd2718238c27f75c27b12b79676851d094549a-ol8_aarch64_appstream
cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.noarch.rpmf0296b5f3ee71f3df74476e378e187cc2960962a5dde89bdcb1b6074229c95db-ol8_aarch64_appstream
conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm4f51b0ce9c7f10a166216fb9e3e7e474b78089407346a4ed2785086e85c90e75-ol8_aarch64_appstream
container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.noarch.rpmfdaf3f78396f1a9113d2aaa8cdc073bf38d760b44b3e593c88d4d3e0aca1057c-ol8_aarch64_appstream
containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm2b6be4c694f3b50bd98f86a2c4355ba7616f1ccfa9c93253e758fbe70a84e40e-ol8_aarch64_appstream
containers-common-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm03e947cbd42dedcf687f16c4b2f99c067891c780bb7106e0d71efb6e555c4dd8-ol8_aarch64_appstream
crit-3.15-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm95c47bd59f78e3f229d9c1913fe6fc0407f90723746fa2b692c98447b4a249bd-ol8_aarch64_appstream
criu-3.15-1.module+el8.4.0+20157+b6591bfb.aarch64.rpmb9c38c070635a78874ebf226b5b4499d0bc869ae3d4d3d83cdc53e24f4ebed79-ol8_aarch64_appstream
crun-0.18-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm2ed2804d1f85ab09619f7f8e487410b63c94dcf29a3bc213e94dda2f8193f127-ol8_aarch64_appstream
fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.aarch64.rpm0b20d09f653d828849efab98343a7413d039e49c1b0816abd8471e89860581ff-ol8_aarch64_appstream
libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm875f306cc104d55a375188193cafee45679a8327c41dcebc8a609599f401952f-ol8_aarch64_appstream
libslirp-devel-4.3.1-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm01fb33fe81493f70ec4778bd9ab5c4ee78e357bdc2a99129bd8341d33f2a2417-ol8_aarch64_appstream
oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.aarch64.rpm6d06db9bdc26410af9439282068e47a53cca5c2e68b1c9033a5411e539a009a3-ol8_aarch64_appstream
podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpmfeb2ea71885efeceaa9398c9f5b72093bb0b340282e92ccf43b415153af5bd6f-ol8_aarch64_appstream
podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpmc3d43ea403e240e6d17a664180c8640baf3ff61d670d0190668e877e274724e2-ol8_aarch64_appstream
podman-docker-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.noarch.rpm8edb6c8b2ea723eb7a714daf74df5258338de2f5d3c57926858067df862314ab-ol8_aarch64_appstream
podman-plugins-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm098de0a199637d66ae510cfc950c98ec68a78b3a4f7fdb3596cf028cc6f53e36-ol8_aarch64_appstream
podman-remote-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpmd85d81b751fd10b696a65cf8761a502401b47d8d5d5f52236c46c439bdbb6d3d-ol8_aarch64_appstream
podman-tests-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpma662443b1926dcf4fc257c724f3fd41ce57e4c66957eba7219d400e22ed6c895-ol8_aarch64_appstream
python3-criu-3.15-1.module+el8.4.0+20157+b6591bfb.aarch64.rpmb49863227899f0d5c8cb717b545e2a1e6ea70cdebc3c0b081a5ef41d74aa150a-ol8_aarch64_appstream
runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.aarch64.rpmdc65d451a47374d1953d160e56ec27a03c88dab6f6c4c18cca4d98d420d40180-ol8_aarch64_appstream
skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm3b26d4897f132140fc6914b2733a68e8335875801f6d994de5d680e7ed486783-ol8_aarch64_appstream
skopeo-tests-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpmeef2e9ecdcdef6eead82be749bae099a3f8387346774d0afe9f7606d5b93c966-ol8_aarch64_appstream
slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm725ed82485cedf5dd44cc74930d89cf83e878254c10b3e0e8bfe6234d6b580be-ol8_aarch64_appstream
udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.noarch.rpm6c521b9695d7d0e490612b9d8cf0960248b8203bc4ac4b23ff34d88ea85bb29d-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.src.rpm91134de73e81466de00ca4157c37a303fa8875be83e67e2a29943083148aaeb3-ol8_x86_64_appstream
cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.src.rpm6f41a04c4f1d95d0ce3ee10879843b598a97fb0d21e3cf362e67feb483710053-ol8_x86_64_appstream
conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.src.rpm05fce88dd8baf752bc18701013cf1a72d0b89c48b783666824cf108c0e8fe7b2-ol8_x86_64_appstream
container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.src.rpm07167b3f72c09aa5a0e1aed8121602a22d5eb940145be7e616151edaf12efe8c-ol8_x86_64_appstream
containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.src.rpm829f3643234b5090edaed57e638759dfcb3b5697acbd2d0fe7029adf22ad47a7-ol8_x86_64_appstream
criu-3.15-1.module+el8.4.0+20157+b6591bfb.src.rpm385fef0dba96ca3f34ddf59fa93b35f5faf13a9bbb0adfff0fdd63dde7aa287a-ol8_x86_64_appstream
crun-0.18-1.module+el8.4.0+20157+b6591bfb.src.rpm1c0a61c30199d3d7ae4d7c524dfdf63c48eae3d37edc6ab7016bc47712d0aca2-ol8_x86_64_appstream
fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.src.rpmfa1021e9485108da35f72e1bf629a22a2218255d94f10dd32de67cd8d9edfe31-ol8_x86_64_appstream
libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.src.rpma1191cdb4fb0e703c387522f55b294b2db4223c3f691fe6759c6a683ebd21e18-ol8_x86_64_appstream
oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.src.rpmcc4da3761fedc3624d0c6bb7c6d43817c1f970375abb3b2c5a23b6fa893d9e6a-ol8_x86_64_appstream
podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.src.rpm1920ede3474dbc71cd4909df8cc1c4e25962725e0d0148e7a8f2e1ceed4b67dd-ol8_x86_64_appstream
runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.src.rpm0ef4bb5e20ff0b27322797818072d95310d99fe32f0717bc26f828aa87f5cfa3-ol8_x86_64_appstream
skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.src.rpm4790107ee89e0f464a392f0a271a3448ce5f656a5ff7daf897c15cd10359fc86-ol8_x86_64_appstream
slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.src.rpm5dc9cb0ff626fc5c592c475e8934158d4cdfeee91352606dbfd356fb7ab7487f-ol8_x86_64_appstream
udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.src.rpmf47c009f3c1944efb932e638ee5795335d472ef8d5d29f12727badc11cc09855-ol8_x86_64_appstream
buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm5d018ee515296613fd11b584a335149fa641f0ca04f3102ce90c0ab50f802331-ol8_x86_64_appstream
buildah-tests-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpmddd8cae9c621216a5469f445823849ed5a4bbe6b6495464ee833ddc01f3349fb-ol8_x86_64_appstream
cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.noarch.rpmf0296b5f3ee71f3df74476e378e187cc2960962a5dde89bdcb1b6074229c95db-ol8_x86_64_appstream
conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm9fe6e33f3fddfea0b5c801713abaf5fe623853e47d1d80b313674ccb06745547-ol8_x86_64_appstream
container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.noarch.rpmfdaf3f78396f1a9113d2aaa8cdc073bf38d760b44b3e593c88d4d3e0aca1057c-ol8_x86_64_appstream
containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm193c84e5f7ff208dd3b40c5251db58963dbd8037ed6de925471ee60073244d75-ol8_x86_64_appstream
containers-common-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm875c54d4bc02be36ccf42f5559e848fd318c9872a132d1fcf9b27e6a2ec0247d-ol8_x86_64_appstream
crit-3.15-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm8a879f794f1ded61085f4700fdd6c5bfcb0edabf7c4b25c40ff4cf100340f87b-ol8_x86_64_appstream
criu-3.15-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm35910ebb7c458b5aaefba9e5cca82934b63973b4ef556d967734651dfdba569d-ol8_x86_64_appstream
crun-0.18-1.module+el8.4.0+20157+b6591bfb.x86_64.rpmf5ae25bde49f17c268927a271136d0a64118ec4bad21e9f86004eefb51b0d045-ol8_x86_64_appstream
fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.x86_64.rpm13b878c4e4e1fd55e4152fe456b89072c1ea4493b218771e753fbcb27468632f-ol8_x86_64_appstream
libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm7ce0ae91e95557dc6b54916d70586a9cfba84df283c051a3373532b1bf7db830-ol8_x86_64_appstream
libslirp-devel-4.3.1-1.module+el8.4.0+20157+b6591bfb.x86_64.rpmccefd10b3e6dce338e2a6cca16a395cff76e310af66fb0e33ee40a5103d759cf-ol8_x86_64_appstream
oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.x86_64.rpmbf58faf6ee3bdac90c8aac3a223061ae3b93e723aaf3a433a32e2dd3f506902f-ol8_x86_64_appstream
podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm39dd18b33191aea5a2a2e7270ed6ef0b4847db135fdd24bd907f5ff8d055ee57-ol8_x86_64_appstream
podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm986fe0bbae14e32020db54d802106f6a6d580f44dbb3a93e3d1611375f1e102d-ol8_x86_64_appstream
podman-docker-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.noarch.rpm8edb6c8b2ea723eb7a714daf74df5258338de2f5d3c57926858067df862314ab-ol8_x86_64_appstream
podman-plugins-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpme46d3cadcddd2d285519200f163d071586d0acf16608f7da6fed7cb98136e029-ol8_x86_64_appstream
podman-remote-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpmd0ccd2f95ed4b3b658327521684cc1229263c0b52c5f0c9fa4c9a3e68cec8335-ol8_x86_64_appstream
podman-tests-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm75cdb951807402ff83ceb563dc09e000bb72774e4fd937c3efbb4cf0fe7c97a5-ol8_x86_64_appstream
python3-criu-3.15-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm5194180017df0f22aafbc88cc5b5feb13dc8c2ad31d295b493cc42573177e32f-ol8_x86_64_appstream
runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.x86_64.rpmb62be0b1fa2100ded7e7c29b4d686e67009149e18794bc83dd922bb6d79eeb7f-ol8_x86_64_appstream
skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm02d6bda433550e9fc4f317cc759889ab7184e251fc27ae6545bfa838af4f7c4a-ol8_x86_64_appstream
skopeo-tests-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpmb22b6e3ce55ca5d14ae046881be59d021c1ad6bb91c150ecdeaecd4fe6118f23-ol8_x86_64_appstream
slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm364ac93b89400bbb483f49a0718dd634aac124a72024e4d3be273f7bacf7bb7d-ol8_x86_64_appstream
udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.noarch.rpm6c521b9695d7d0e490612b9d8cf0960248b8203bc4ac4b23ff34d88ea85bb29d-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete