ELSA-2022-1762

ELSA-2022-1762 - container-tools:ol8 security, bug fix, and enhancement update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-05-17

Description


buildah
[1:1.24.2-4]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.24
(https://github.com/containers/buildah/commit/7b559a3)
- Related: #2059296

[1:1.24.2-3]
- switch to RHEL maintenance branch which fixes CVE-2022-27651
- Resolves: #2067559

[1:1.24.2-2]
- Add patch to fix bash symtax for gating tests
- Upstream PR: https://github.com/containers/buildah/pull/3792
- Related: #2001445

[1:1.24.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.24.2
- Related: #2001445

[1:1.24.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.24.1
- Related: #2001445

[1:1.24.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.24.0
- Related: #2001445

cockpit-podman
[43-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/43
- Related: #2017266

conmon
[2:2.1.0-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.0
- Related: #2001445

containernetworking-plugins
[1:1.0.1-2]
- revert back to https://github.com/containernetworking/plugins/releases/tag/v1.0.1
- Related: #2001445

containers-common
[1-27.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)

[2:1-27]
- update vendored tarballs to avoid unwanted licenses
(thanks to Brent Baude)
- Related: #2065707

container-selinux
[2:2.179.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1
- Related: #2001445

criu
[3.15-3]
- add Requires: criu-libs = %{version}-%{release} in criu-devel
- add gating tests
- Related: #1934415

[3.15-2]
- add -devel and -libs subpackages
- Resolves: #1971718

crun
[1.4.4-1]
- update to https://github.com/containers/crun/releases/tag/1.4.4
- Resolves: #2067577

fuse-overlayfs
[1.8.2-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.2
- Related: #2001445

libslirp
[4.4.0-1]
- Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
- Related: #1934415

oci-seccomp-bpf-hook
[1.2.3-3]
- change runc dependency to conflict
- Related: #1934415

podman
[2:4.0.2-6]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/3d24a66)
- Related: #2059296

[2:4.0.2-5]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/bb1e6e6)
- Related: #2059296

[2:4.0.2-4]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/5a54f81)
- Resolves: #2066493

[2:4.0.2-3]
- depend on libseccomp >= 2.5
- Resolves: #2065292

[2:4.0.2-2]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/9237d75)
- Related: #2059296

[2:4.0.2-1]
- update to https://github.com/containers/podman/releases/tag/v4.0.2
- Related: #2059754

[2:4.0.1-1]
- update to https://github.com/containers/podman/releases/tag/v4.0.1
- Related: #2001445

python-podman
[4.0.0-1]
- bump to v4.0.0
- Related: #2001445

runc
[1.0.3-2]
- rollback to 1.0.3 due to gating test issues
- Related: #2001445

[1.1.0-1]
- update to https://github.com/opencontainers/runc/releases/tag/v1.1.0
- Related: #2001445

skopeo
[2:1.6.1-2]
- fix CVE-2022-21698
- Related: #2059296

[2:1.6.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.6.1
- Related: #2001445

slirp4netns
[1.1.8-2]
- fix gating - don't use insecure functions - thanks to Marc-Andre Lureau
- Related: #2001445

udica
[0.2.6-3]
- Require container-selinux shipping policy templates (#2005866)

[0.2.6-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.6
- Related: #2001445

[0.2.5-2]
- New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041)
- Replace capability dictionary with str.lower()
- Enable udica to generate policies with fifo class
- Sort container inspect data before processing
- Update templates to work properly with new cil parser
- Related: #1934415

[0.2.5-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.5
- Related: #1934415

[0.2.4-2]
- remove %check again and all related BRs
- Related: #1934415


Related CVEs


CVE-2022-27649
CVE-2022-27651
CVE-2022-1227
CVE-2022-27650
CVE-2022-21698

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.src.rpm7c0f9df12f75f80a48c2d49af8182fd4-
cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.src.rpm602b54be95183905d33f6ff02286898a-
conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.src.rpm36b0c5925e573ef32966b25f87341d44-
container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.src.rpmbf55bd1f854080ad02423099177916ac-
containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.src.rpm4603450df17024e6174b3b7fd98fb8c2-
containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.src.rpm7ac0de4fc9cba24d6170da5ebaf4169e-
criu-3.15-3.module+el8.6.0+20656+53f7e955.src.rpm319d4c1e712b85418be065047ea0e6bc-
crun-1.4.4-1.module+el8.6.0+20656+53f7e955.src.rpm0cfe863532851ef30376c615deb01eda-
fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.src.rpm8e06b619be91a642c2be5766b12b20f3-
libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.src.rpm269adf6d00ba5f1a9aeba0ee1989d8e3-
oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.src.rpm9c4755eb12fb04268c22928ab93ede7f-
podman-4.0.2-6.module+el8.6.0+20656+53f7e955.src.rpm25e3a56dc5c61f7c26486a8d4da2acc1-
python-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.src.rpm01ff624b88ef269ec288299863d44ced-
runc-1.0.3-2.module+el8.6.0+20656+53f7e955.src.rpm7b06b2a4e2833f3393ffe804711cbc2c-
skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.src.rpm5d6f6d3ea0591d7a122f3f5b45f930cd-
slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.src.rpmc449cdc289e8741f34deb3c7920507e3-
udica-0.2.6-2.module+el8.6.0+20656+53f7e955.src.rpmf6634533b88d7f08578bfc8d1131b4f8-
aardvark-dns-1.0.1-27.module+el8.6.0+20656+53f7e955.aarch64.rpm62a3594af74286e41755f0c288fc6115-
buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.aarch64.rpm7e0f430e699b86eb59dd09adeb7478d1-
buildah-tests-1.24.2-4.module+el8.6.0+20656+53f7e955.aarch64.rpmbbd01db76b5517f3713f30ca88780e52-
cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.noarch.rpmc60a9f38d27b13715de7b6de75dc69ec-
conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.aarch64.rpme882a6fcbc91078f79a6a1bd23a0bae6-
container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.noarch.rpmf52e6ffb0f51016f7b3351873f2ad31e-
containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.aarch64.rpm5daa6aeb79ce0d8d388974fce4a98477-
containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.aarch64.rpme8360e0ee0bd09bafc5e7f33f6f2317e-
crit-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpmfbdc1f5c87eafeba24c6f63c44276163-
criu-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm5247bc4c1a527aed7feb9d9523ea9ed2-
criu-devel-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm5f1ce31cd7c0daf8690a71d3ffa497b6-
criu-libs-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm9f85806b4c3c5a546622bf580b17e3de-
crun-1.4.4-1.module+el8.6.0+20656+53f7e955.aarch64.rpmdb77f8ae96b16199eec6054259f2b616-
fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.aarch64.rpm5d8e932a619f90cee5ef2bf404d3e58c-
libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.aarch64.rpmb1526a35426418e0b7ea14434dc27726-
libslirp-devel-4.4.0-1.module+el8.6.0+20656+53f7e955.aarch64.rpmcdf68acf21a481cad47b11a7b3703437-
netavark-1.0.1-27.module+el8.6.0+20656+53f7e955.aarch64.rpm520e192a60331bcb72cb6e982ac004db-
oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.aarch64.rpm20f2cd33a61eef34e30703cee78452d1-
podman-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpma6f4d07900cf181860757f0af19bc614-
podman-catatonit-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm0f64b1a5235193b7e522f839da55c100-
podman-docker-4.0.2-6.module+el8.6.0+20656+53f7e955.noarch.rpm72b816ae0e9743366b8caa2858b9e742-
podman-gvproxy-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm744f6b7dedcde3169af92ef9b6dba2f2-
podman-plugins-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm85c123cccb18fe431944981ca2bcf4e9-
podman-remote-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm5b75f1f9d9f2a19909b8cb70b9c2c456-
podman-tests-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm44c9071ba2e062c5d429d2d178111017-
python3-criu-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm8bb790eb3c1ef486c01c71a450872f6f-
python3-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.noarch.rpm9f48444055f1b8a0104b2077b9d9222d-
runc-1.0.3-2.module+el8.6.0+20656+53f7e955.aarch64.rpmf3f8ed4c15772ae7cacb732b78d650fa-
skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.aarch64.rpm4a4ae12e4cc933c8e8fd43d80eeed99a-
skopeo-tests-1.6.1-2.module+el8.6.0+20656+53f7e955.aarch64.rpm87b1c50b876e0fe53bc1d16d29c55516-
slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.aarch64.rpm2f1afdcff05d0e90d528108a5b890543-
udica-0.2.6-2.module+el8.6.0+20656+53f7e955.noarch.rpm846d172c29a1212b4d3bb0bd165a351b-
Oracle Linux 8 (x86_64) buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.src.rpm7c0f9df12f75f80a48c2d49af8182fd4-
cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.src.rpm602b54be95183905d33f6ff02286898a-
conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.src.rpm36b0c5925e573ef32966b25f87341d44-
container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.src.rpmbf55bd1f854080ad02423099177916ac-
containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.src.rpm4603450df17024e6174b3b7fd98fb8c2-
containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.src.rpm7ac0de4fc9cba24d6170da5ebaf4169e-
criu-3.15-3.module+el8.6.0+20656+53f7e955.src.rpm319d4c1e712b85418be065047ea0e6bc-
crun-1.4.4-1.module+el8.6.0+20656+53f7e955.src.rpm0cfe863532851ef30376c615deb01eda-
fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.src.rpm8e06b619be91a642c2be5766b12b20f3-
libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.src.rpm269adf6d00ba5f1a9aeba0ee1989d8e3-
oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.src.rpm9c4755eb12fb04268c22928ab93ede7f-
podman-4.0.2-6.module+el8.6.0+20656+53f7e955.src.rpm25e3a56dc5c61f7c26486a8d4da2acc1-
python-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.src.rpm01ff624b88ef269ec288299863d44ced-
runc-1.0.3-2.module+el8.6.0+20656+53f7e955.src.rpm7b06b2a4e2833f3393ffe804711cbc2c-
skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.src.rpm5d6f6d3ea0591d7a122f3f5b45f930cd-
slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.src.rpmc449cdc289e8741f34deb3c7920507e3-
udica-0.2.6-2.module+el8.6.0+20656+53f7e955.src.rpmf6634533b88d7f08578bfc8d1131b4f8-
aardvark-dns-1.0.1-27.module+el8.6.0+20656+53f7e955.x86_64.rpmc2aaed695317fa478a42d234fd637a39-
buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.x86_64.rpm83e347d6e89b1c0b63dd9bd568bd6365-
buildah-tests-1.24.2-4.module+el8.6.0+20656+53f7e955.x86_64.rpm5c5e4e4e8cb80312bf3ad782748e320c-
cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.noarch.rpmc60a9f38d27b13715de7b6de75dc69ec-
conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.x86_64.rpm0d82a68b8d3ff9f1a33f382ff81349a2-
container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.noarch.rpmf52e6ffb0f51016f7b3351873f2ad31e-
containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.x86_64.rpm2e83716eb946b08c05626452379ca511-
containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.x86_64.rpmcdcc1a78f22aac45f611b399faa8e96d-
crit-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm214114afd5f0fd6ea08f7e011c1e7fc6-
criu-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm0c1a41f3a790f971f98933ad65637951-
criu-devel-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm9338b62c27afd7b0ef84085e49135638-
criu-libs-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpmd1059b06d90a3ac6062edec13e3de8df-
crun-1.4.4-1.module+el8.6.0+20656+53f7e955.x86_64.rpmeeeb5c91a74fe3c1c51524be7a7d8389-
fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.x86_64.rpme8db3822803826487fbc9661824773a3-
libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.x86_64.rpm7ce1ca53091aae514ef283a98ba60d13-
libslirp-devel-4.4.0-1.module+el8.6.0+20656+53f7e955.x86_64.rpm012373e0abb05ffc2f6498fb90c03f75-
netavark-1.0.1-27.module+el8.6.0+20656+53f7e955.x86_64.rpmec44102372033e1c813d7a466b2b08d5-
oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.x86_64.rpm577adde6a2ae9a599aa91a1b6c07bba7-
podman-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm101fb58485303705f43411c88346dec9-
podman-catatonit-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpmdd959d33ce7fb16aff968bf242875f2b-
podman-docker-4.0.2-6.module+el8.6.0+20656+53f7e955.noarch.rpm72b816ae0e9743366b8caa2858b9e742-
podman-gvproxy-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm9fc97845f01e89d5aae063b74d9a9e06-
podman-plugins-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpmfc23e79dab624a075c734b09fbc962ae-
podman-remote-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpmaca81d5d10991cb7e9321c254fd17a37-
podman-tests-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpmb9f07e6e8b56d73f9875c5c7cf0c5b14-
python3-criu-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm46ddb5dd7c7aa89ec32142c78d73d8bd-
python3-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.noarch.rpm9f48444055f1b8a0104b2077b9d9222d-
runc-1.0.3-2.module+el8.6.0+20656+53f7e955.x86_64.rpm59a30d69abdf23b2077ee81bc074b000-
skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.x86_64.rpm9cc4f8493d0418109f304e19bcfad9e8-
skopeo-tests-1.6.1-2.module+el8.6.0+20656+53f7e955.x86_64.rpm08228ad74f6388970b5455e123dc7278-
slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.x86_64.rpm71e6dde6023554c7bd91ee62dc6b7576-
udica-0.2.6-2.module+el8.6.0+20656+53f7e955.noarch.rpm846d172c29a1212b4d3bb0bd165a351b-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete