ELSA-2021-2370

ELSA-2021-2370 - container-tools:3.0 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2021-06-14

Description

buildah
[1.19.7-1.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)

[1.19.7-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.19
(https://github.com/containers/buildah/commit/a2854ed)
- Resolves: #1935376

cockpit-podman
[29-2]
- fix gating test failure for cockpit-podman
- Related: #1914884

[29-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29
- Related: #1883490

conmon
[2:2.0.26-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.26
- Related: #1883490

containernetworking-plugins
[0.9.1-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v0.9.1
- Related: #1883490

container-selinux
[2:2.158.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490

criu
[3.15-1]
- update to https://github.com/checkpoint-restore/criu/releases/tag/v3.15
- Related: #1883490

crun
[0.18-2]
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490

fuse-overlayfs
[1.4.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Related: #1883490

[1.4.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0
- Related: #1883490

oci-seccomp-bpf-hook
[1.2.0-1]
- revert back to 1.2.0 - build issues
- Related: #1883490

[1.2.1-1]
- update to
https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
- require crun >= 0.17
- Related: #1883490

podman
[3.0.1-6.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)

[3.0.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
(https://github.com/containers/podman/commit/ad1aaba)
- Resolves: #1921128
- Resolves: #1936927
- Resolves: #1938234

runc
[1.0.0-71.rc92]
- fix CVE-2021-30465
- Related: #1955655

[1.0.0-70.rc92]
- add missing Provides: oci-runtime = 1
- Related: #1883490

[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1883490

[1.0.0-68.rc92]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
- Related: #1821193

skopeo
[1.2.2-7.0.1]
- Ignore rhel-shortnames.conf [JIRA: OLDIS-3902]
- Temporarily update shortnames.conf for oraclelinux to point to docker [JIRA: OLDIS-3902]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]

[1:1.2.2-7]
- use runc as default OCI runtime in RHEL8
- Resolves: #1940854

slirp4netns
[1.1.8-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
- Related: #1883490

udica
[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490

Related CVEs

CVE-2021-30465

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 8 (aarch64)	buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm	7d6c87942b8548ac6acb4fa6a944c049	-
	cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.src.rpm	fd72bab186ffd6b1d8d2afdd3c054a47	-
	conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.src.rpm	24d62199caa3c62b3403b52f87c9ce3d	-
	container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5ad783709d0e49d3eeb9129d461e38e5	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5ccad46616b490b3ebf3ee4874a908a5	-
	criu-3.15-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5e970523eaf4db4f9fbdea6e4b991e7d	-
	crun-0.18-2.module+el8.4.0+20196+91e9c2ae.src.rpm	3f1563656abe29b4a4356e7930acd2bb	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.src.rpm	bfa8432689b4774c509f668bf6683d5e	-
	libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5173cf1cb157ab9ad4f141faa4eea3ba	-
	oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm	7b87b004522210041bef868e9018a774	-
	podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm	8ee015361e99bc74739bc819fc3a09b2	-
	runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.src.rpm	eae5fb0fbe6e25beada56fd8133cd02d	-
	skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm	c2acfcac888b7ba049cb473fb37fad8f	-
	slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.src.rpm	0ab025dc3d6cba4bb9e3da53b7f945f6	-
	udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.src.rpm	4cc3f8c2199f20b351f814437666c65b	-
	buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	3b425279a59cf04e8794924695ae9b31	-
	buildah-tests-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	2f527f00aa4c45d7a3149e03b9b3ef30	-
	cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.noarch.rpm	c5e1faaef8692d76a55964193e2fce71	-
	conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	d51bcd9cd2826a5191e7dbeeeb7a57c9	-
	container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm	7e4034b22f812b7ce2c279167756a4cc	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	0a98bb96ad9b86b7e2d2d5559e500508	-
	containers-common-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	c96944c02a6a602f4615986d253e31cd	-
	crit-3.15-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	f64a0512e136f0c6b34009e94461acb9	-
	criu-3.15-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	ba1f905e13e6e6508a6a9c455e06d30a	-
	crun-0.18-2.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	84574b19c93b8084bff8983b0cb8ac7a	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	295494344e84e2bf1ff282d4b1d77411	-
	libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	08403909ea4ad5924d1243e6d7721746	-
	libslirp-devel-4.3.1-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	8cc166f3688f27bbfc36718159fcba45	-
	oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	cf5bc4d841ad5aaf53defd6a1068d5a4	-
	podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	9838b13693b2da0555e39c708febd34b	-
	podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	27f8491333c2a5b810c01b5eeec2ce69	-
	podman-docker-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.noarch.rpm	130b9ef9788f1acfc1ee15be4c0c9c99	-
	podman-plugins-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	a5b5b0b92dc15cf6dab9d55f7f84273b	-
	podman-remote-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	eb1bb4f70ca4b843de56a17071d078fe	-
	podman-tests-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	8d6286eeccfc0fc02bc13df5304a82bf	-
	python3-criu-3.15-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	ce47353b4d2ccb9a958f9f8f7764ea5b	-
	runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	7ce10390f051352e81b7cab37a4ffe02	-
	skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	4dadef83a55fb326bb70ae4e2b188773	-
	skopeo-tests-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	e32e0d321ffd5e50d314b5b52b30b3dd	-
	slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm	05dddc6566733124e57af51ef98b36af	-
	udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm	6351519ec4fb70b5f0199b0c214dd9c9	-
Oracle Linux 8 (x86_64)	buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm	7d6c87942b8548ac6acb4fa6a944c049	-
	cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.src.rpm	fd72bab186ffd6b1d8d2afdd3c054a47	-
	conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.src.rpm	24d62199caa3c62b3403b52f87c9ce3d	-
	container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5ad783709d0e49d3eeb9129d461e38e5	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5ccad46616b490b3ebf3ee4874a908a5	-
	criu-3.15-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5e970523eaf4db4f9fbdea6e4b991e7d	-
	crun-0.18-2.module+el8.4.0+20196+91e9c2ae.src.rpm	3f1563656abe29b4a4356e7930acd2bb	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.src.rpm	bfa8432689b4774c509f668bf6683d5e	-
	libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm	5173cf1cb157ab9ad4f141faa4eea3ba	-
	oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm	7b87b004522210041bef868e9018a774	-
	podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm	8ee015361e99bc74739bc819fc3a09b2	-
	runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.src.rpm	eae5fb0fbe6e25beada56fd8133cd02d	-
	skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm	c2acfcac888b7ba049cb473fb37fad8f	-
	slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.src.rpm	0ab025dc3d6cba4bb9e3da53b7f945f6	-
	udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.src.rpm	4cc3f8c2199f20b351f814437666c65b	-
	buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	f2f10a52961273ab34251ed9b3bd77b6	-
	buildah-tests-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	367a6351818eacc87d89e29441d43d8c	-
	cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.noarch.rpm	c5e1faaef8692d76a55964193e2fce71	-
	conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	51197df3d76ad6fa7d1068be2c77f068	-
	container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm	7e4034b22f812b7ce2c279167756a4cc	-
	containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	f87e5cf9a3fd8098249f7b06c04b97a6	-
	containers-common-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	adc1768cb84ae67c8d6c22466a420b08	-
	crit-3.15-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	84b3ac1b556998ccfd26249daddf891f	-
	criu-3.15-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	0bc345cca65d3a68cdb88e48cf64a2da	-
	crun-0.18-2.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	31812ad6fb7caaa70a72e9030cf57458	-
	fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	a9cbd25245f3b8d3175d07c1385cd522	-
	libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	bb18baddf542222eb6161701a7c02bca	-
	libslirp-devel-4.3.1-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	7b008c917e9df9705cf7a09ad7ce7084	-
	oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	4de56a2f86204d0556689967714991d8	-
	podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	b542065f455bf988a68c122d820eaba9	-
	podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	66cd261742fe154740c00e6937131200	-
	podman-docker-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.noarch.rpm	130b9ef9788f1acfc1ee15be4c0c9c99	-
	podman-plugins-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	addf408eb19b9ee153f6e3b73ee5e865	-
	podman-remote-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	b9a162a4d27a0274dcf103f885282217	-
	podman-tests-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	d5c6f99b2564b2c81341424c77a9bf21	-
	python3-criu-3.15-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	e71504a61d0587d8d9e7849dfeeefd66	-
	runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	67f92798cf060218e993c62b6b4dea53	-
	skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	d5d338eb436efcf0befd78074ca2598e	-
	skopeo-tests-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	c202c235ee404095adbdbccc7f079619	-
	slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm	e166fb901aca572c0656065818aae198	-
	udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm	6351519ec4fb70b5f0199b0c214dd9c9	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team