ELSA-2021-1796

ULN >
Oracle Linux Errata repository >
ELSA-2021-1796

ELSA-2021-1796 - container-tools:ol8 security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2021-05-25

Description

cockpit-podman
[29-2]
- fix gating test failure for cockpit-podman
- Related: #1914884

[29-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29
- Related: #1883490

conmon
[2:2.0.26-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.26
- Related: #1883490

container-selinux
[2:2.158.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490

crun
[0.18-1]
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490

[0.17-2]
- reverting back to 0.17 as theres no glibc-static in RHEL
- Related: #1883490

[0.18-1]
- update to https://github.com/containers/crun/releases/tag/0.18
- Related: #1883490

fuse-overlayfs
[1.4.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Related: #1883490

[1.4.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0
- Related: #1883490

oci-seccomp-bpf-hook
[1.2.0-2]
- revert back to 1.2.0 - build issues
- Related: #1883490

podman
[3.0.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/ad1aaba)
- Resolves: #1921128
- Resolves: #1936927
- Resolves: #1938234

[3.0.1-5]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/fcca86d)
- Resolves: #1936927

[3.0.1-4]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/c67172a)
- Resolves: #1935376

[3.0.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/7a71903)
- Resolves: #1931545

[3.0.1-2]
- update to the latest content of https://github.com/containers/podman/tree/v3.0
(https://github.com/containers/podman/commit/9a2fc37)
- Related: #1883490

[3.0.1-1]
- update to the latest content of https://github.com/containers/podman/tree/v3.0
(https://github.com/containers/podman/commit/7e286bc)
- Related: #1883490

runc
[1.0.0-70.rc92]
- add missing Provides: oci-runtime = 1
- Related: #1883490

[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1883490

[1.0.0-68.rc92]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
- Related: #1821193

[1.0.0-67.rc91]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91
- Related: #1821193

[1.0.0-66.rc10]
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193

[1.0.0-65.rc10]
- address CVE-2019-19921 by updating to rc10
- Resolves: #1801887

[1.0.0-64.rc9]
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
- Related: RHELPLAN-25139

skopeo
[1.2.2-8.0.1]
- Ignore rhel-shortnames.conf [JIRA: OLDIS-3902]
- Temporarily update shortnames.conf for oraclelinux to point to docker [JIRA: OLDIS-3902]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]

[1:1.2.2-8]
- use runc as default OCI runtime in RHEL8
- Resolves: #1940854

[1:1.2.2-7]
- update documentation and configs according to the current
versions of vendored projects
- Related: #1938234

[1:1.2.2-6]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2
(https://github.com/containers/skopeo/commit/e7880c4)
- Related: #1938234

[1:1.2.2-5]
- use infra_image = registry.redhat.io/ubi8/pause in contiainers.conf
(unlike previous one ubi8/pause doesnt require authentication)
- Related: #1934947

[1:1.2.2-4]
- quote infra_image registry, otherwise it cant be parsed
- Related: #1934947

[1:1.2.2-3]
- use infra_image = registry.redhat.io/rhel8/pause in contiainers.conf
- Resolves: #1934947

[1:1.2.2-2]
- update rhel-shortnames.conf to include only trusted registries
- Resolves: #1931785

[1:1.2.2-1]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2
(https://github.com/containers/skopeo/commit/e72dd9c)
- Related: #1883490

udica
[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490

Related CVEs

CVE-2021-20199

CVE-2020-29652

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.src.rpm	38586b48a6a037644a7e1a9af24127ee	-
	cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.src.rpm	0debe3a634fd6fc5ab6f6daa44a28175	-
	conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.src.rpm	e89aa9125745224ccf90512541840b54	-
	container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.src.rpm	a9b4ad3dc5e71c4a5be99712504b8190	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.src.rpm	cc0a846516aa9688e281fdd8f520cb9a	-
	criu-3.15-1.module+el8.4.0+20157+b6591bfb.src.rpm	8624a100dfeb7f97dff5035eba808244	-
	crun-0.18-1.module+el8.4.0+20157+b6591bfb.src.rpm	1dc76a5ea9eb61db3757a612a7d79eaa	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.src.rpm	90d1a13530358d2c4021b81781c6a891	-
	libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.src.rpm	eccb5f3582e26fa590366f245284c4bf	-
	oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.src.rpm	2d1d96b0f77844bd380161f53b40a0a6	-
	podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.src.rpm	f608e43b83de7d1477f939e115b48155	-
	runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.src.rpm	15dec9795c4e79457466a13305f28aec	-
	skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.src.rpm	d56d32562fa8153df7420cdf3ef2f2ed	-
	slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.src.rpm	f203f9c6b5911269207eabed6ddd67c9	-
	udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.src.rpm	67ad6fa34f2d77982ed4ecf8dadf132f	-
	buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	e47e4d1eb500b2a63a631a196d19c54d	-
	buildah-tests-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	883b3d50db9baa42cf88aecf66cea87d	-
	cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.noarch.rpm	e44cc0b58d934efc47b59eb71fff9d99	-
	conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	bbe7196f4ed80d5ca4d959ee9e2045ca	-
	container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.noarch.rpm	e39d727d3b2370c85fd2ca758ef450cb	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	3b8b781d8ae7fa2559cbc84e677f6623	-
	containers-common-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	e4b9c40fc0bcff627ebba9b837d8a9ce	-
	crit-3.15-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	232a98d9f443d2e8c9663dcbe3ae6674	-
	criu-3.15-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	4294caa9020a4114f4c0e0b1c428206f	-
	crun-0.18-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	5198d782d8699f752874ada97fdc2950	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.aarch64.rpm	ea36895e92ae926f254a276fc1ef0e07	-
	libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	f57f67eff89e26b8f9dd7bfb80e604ac	-
	libslirp-devel-4.3.1-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	9e1431a84e048aada1a79ced935bd880	-
	oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.aarch64.rpm	d0f5cabc1a91867db505a36bd32320c7	-
	podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	0a938ee8274ffe99789425b265e46cf2	-
	podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	c0436b9b11ffadfcceea9d9c7572246f	-
	podman-docker-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.noarch.rpm	a6098ad24658b0bf0467c20ec86205d2	-
	podman-plugins-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	b0d51c6d352aa030683d13aa3434ffa8	-
	podman-remote-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	5fdb4ccf111a9b0ba87539971bcd7c85	-
	podman-tests-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	b2e32c248e8df6b121743182b56e739b	-
	python3-criu-3.15-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	5c47e9e52d4b7aae720e850cecd52499	-
	runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.aarch64.rpm	2c40718840a2a46bee3f6861de3a26f4	-
	skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	8ff052fe25c348afad77339c44d05b78	-
	skopeo-tests-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	48a51d8517365febb6e519e3b1119e2d	-
	slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.aarch64.rpm	b93d19115de3a8539b94a9c3317cd18e	-
	udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.noarch.rpm	ed698bf50498943abf5f4716d3bfe43b	-

Oracle Linux 8 (x86_64)	buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.src.rpm	38586b48a6a037644a7e1a9af24127ee	-
	cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.src.rpm	0debe3a634fd6fc5ab6f6daa44a28175	-
	conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.src.rpm	e89aa9125745224ccf90512541840b54	-
	container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.src.rpm	a9b4ad3dc5e71c4a5be99712504b8190	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.src.rpm	cc0a846516aa9688e281fdd8f520cb9a	-
	criu-3.15-1.module+el8.4.0+20157+b6591bfb.src.rpm	8624a100dfeb7f97dff5035eba808244	-
	crun-0.18-1.module+el8.4.0+20157+b6591bfb.src.rpm	1dc76a5ea9eb61db3757a612a7d79eaa	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.src.rpm	90d1a13530358d2c4021b81781c6a891	-
	libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.src.rpm	eccb5f3582e26fa590366f245284c4bf	-
	oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.src.rpm	2d1d96b0f77844bd380161f53b40a0a6	-
	podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.src.rpm	f608e43b83de7d1477f939e115b48155	-
	runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.src.rpm	15dec9795c4e79457466a13305f28aec	-
	skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.src.rpm	d56d32562fa8153df7420cdf3ef2f2ed	-
	slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.src.rpm	f203f9c6b5911269207eabed6ddd67c9	-
	udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.src.rpm	67ad6fa34f2d77982ed4ecf8dadf132f	-
	buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	9147950be5cc4812bd270319f65cf26c	-
	buildah-tests-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	4cbe8a179ca3ed7ac4969e4ae1f05e94	-
	cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb.noarch.rpm	e44cc0b58d934efc47b59eb71fff9d99	-
	conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	de1b260806c7e9775108609bcb70e5bf	-
	container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb.noarch.rpm	e39d727d3b2370c85fd2ca758ef450cb	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	a36376ced18c128a5b97b1cec46e7e6d	-
	containers-common-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	f6acbb466d79440b11ab570e7b9f06e9	-
	crit-3.15-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	1a793050aed3a727b1d9749008e44005	-
	criu-3.15-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	c0e3b436253d7640b9449f15f6ad54cb	-
	crun-0.18-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	668afda47201f3edf3d8ab6449d5526b	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb.x86_64.rpm	3f90c2e7024e9ff730dc2373004f5913	-
	libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	fe35a74b3143cbe7c111d4c5f2296b6e	-
	libslirp-devel-4.3.1-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	72d53729a254fb722cef58802c2d513e	-
	oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb.x86_64.rpm	032d2c9ed3d98c78bc10c964667aa99a	-
	podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	c2dfa9abc2b29e5d5a3c006865ecd7fd	-
	podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	ffeeaff9742a5ca6321b9ed7ae8ba2fa	-
	podman-docker-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.noarch.rpm	a6098ad24658b0bf0467c20ec86205d2	-
	podman-plugins-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	ce89ea9f7f4a8e10e19b6dd37ebb00ea	-
	podman-remote-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	c7fecea7ba6e8b7140bb2e46b1de7aa8	-
	podman-tests-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	3229e7c129aa86391a13dcbe6f5e96c0	-
	python3-criu-3.15-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	1eebef6adb9cb778aa4aa80fb8b595fd	-
	runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb.x86_64.rpm	6f826c8352d04c206781495afdd0b2fa	-
	skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	4e3b668c2df0b7e2cfca4b584eb1b8ed	-
	skopeo-tests-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	b5028e2dbedb00a76ce9a018e8badfa9	-
	slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb.x86_64.rpm	f82c42417ae64b5caef8dd2ade6217e9	-
	udica-0.2.4-1.module+el8.4.0+20157+b6591bfb.noarch.rpm	ed698bf50498943abf5f4716d3bfe43b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691