ELSA-2022-1762

ULN >
Oracle Linux Errata repository >
ELSA-2022-1762

ELSA-2022-1762 - container-tools:ol8 security, bug fix, and enhancement update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-05-17

Description

buildah
[1:1.24.2-4]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.24
(https://github.com/containers/buildah/commit/7b559a3)
- Related: #2059296

[1:1.24.2-3]
- switch to RHEL maintenance branch which fixes CVE-2022-27651
- Resolves: #2067559

[1:1.24.2-2]
- Add patch to fix bash symtax for gating tests
- Upstream PR: https://github.com/containers/buildah/pull/3792
- Related: #2001445

[1:1.24.2-1]
- update to https://github.com/containers/buildah/releases/tag/v1.24.2
- Related: #2001445

[1:1.24.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.24.1
- Related: #2001445

[1:1.24.0-1]
- update to https://github.com/containers/buildah/releases/tag/v1.24.0
- Related: #2001445

cockpit-podman
[43-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/43
- Related: #2017266

conmon
[2:2.1.0-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.0
- Related: #2001445

containernetworking-plugins
[1:1.0.1-2]
- revert back to https://github.com/containernetworking/plugins/releases/tag/v1.0.1
- Related: #2001445

containers-common
[1-27.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)

[2:1-27]
- update vendored tarballs to avoid unwanted licenses
(thanks to Brent Baude)
- Related: #2065707

container-selinux
[2:2.179.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1
- Related: #2001445

criu
[3.15-3]
- add Requires: criu-libs = %{version}-%{release} in criu-devel
- add gating tests
- Related: #1934415

[3.15-2]
- add -devel and -libs subpackages
- Resolves: #1971718

crun
[1.4.4-1]
- update to https://github.com/containers/crun/releases/tag/1.4.4
- Resolves: #2067577

fuse-overlayfs
[1.8.2-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.2
- Related: #2001445

libslirp
[4.4.0-1]
- Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
- Related: #1934415

oci-seccomp-bpf-hook
[1.2.3-3]
- change runc dependency to conflict
- Related: #1934415

podman
[2:4.0.2-6]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/3d24a66)
- Related: #2059296

[2:4.0.2-5]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/bb1e6e6)
- Related: #2059296

[2:4.0.2-4]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/5a54f81)
- Resolves: #2066493

[2:4.0.2-3]
- depend on libseccomp >= 2.5
- Resolves: #2065292

[2:4.0.2-2]
- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
(https://github.com/containers/podman/commit/9237d75)
- Related: #2059296

[2:4.0.2-1]
- update to https://github.com/containers/podman/releases/tag/v4.0.2
- Related: #2059754

[2:4.0.1-1]
- update to https://github.com/containers/podman/releases/tag/v4.0.1
- Related: #2001445

python-podman
[4.0.0-1]
- bump to v4.0.0
- Related: #2001445

runc
[1.0.3-2]
- rollback to 1.0.3 due to gating test issues
- Related: #2001445

[1.1.0-1]
- update to https://github.com/opencontainers/runc/releases/tag/v1.1.0
- Related: #2001445

skopeo
[2:1.6.1-2]
- fix CVE-2022-21698
- Related: #2059296

[2:1.6.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.6.1
- Related: #2001445

slirp4netns
[1.1.8-2]
- fix gating - don't use insecure functions - thanks to Marc-Andre Lureau
- Related: #2001445

udica
[0.2.6-3]
- Require container-selinux shipping policy templates (#2005866)

[0.2.6-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.6
- Related: #2001445

[0.2.5-2]
- New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041)
- Replace capability dictionary with str.lower()
- Enable udica to generate policies with fifo class
- Sort container inspect data before processing
- Update templates to work properly with new cil parser
- Related: #1934415

[0.2.5-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.5
- Related: #1934415

[0.2.4-2]
- remove %check again and all related BRs
- Related: #1934415

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.src.rpm	7c0f9df12f75f80a48c2d49af8182fd4	-
	cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.src.rpm	602b54be95183905d33f6ff02286898a	-
	conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.src.rpm	36b0c5925e573ef32966b25f87341d44	-
	container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.src.rpm	bf55bd1f854080ad02423099177916ac	-
	containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.src.rpm	4603450df17024e6174b3b7fd98fb8c2	-
	containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.src.rpm	7ac0de4fc9cba24d6170da5ebaf4169e	-
	criu-3.15-3.module+el8.6.0+20656+53f7e955.src.rpm	319d4c1e712b85418be065047ea0e6bc	-
	crun-1.4.4-1.module+el8.6.0+20656+53f7e955.src.rpm	0cfe863532851ef30376c615deb01eda	-
	fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.src.rpm	8e06b619be91a642c2be5766b12b20f3	-
	libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.src.rpm	269adf6d00ba5f1a9aeba0ee1989d8e3	-
	oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.src.rpm	9c4755eb12fb04268c22928ab93ede7f	-
	podman-4.0.2-6.module+el8.6.0+20656+53f7e955.src.rpm	25e3a56dc5c61f7c26486a8d4da2acc1	-
	python-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.src.rpm	01ff624b88ef269ec288299863d44ced	-
	runc-1.0.3-2.module+el8.6.0+20656+53f7e955.src.rpm	7b06b2a4e2833f3393ffe804711cbc2c	-
	skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.src.rpm	5d6f6d3ea0591d7a122f3f5b45f930cd	-
	slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.src.rpm	c449cdc289e8741f34deb3c7920507e3	-
	udica-0.2.6-2.module+el8.6.0+20656+53f7e955.src.rpm	f6634533b88d7f08578bfc8d1131b4f8	-
	aardvark-dns-1.0.1-27.module+el8.6.0+20656+53f7e955.aarch64.rpm	62a3594af74286e41755f0c288fc6115	-
	buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.aarch64.rpm	7e0f430e699b86eb59dd09adeb7478d1	-
	buildah-tests-1.24.2-4.module+el8.6.0+20656+53f7e955.aarch64.rpm	bbd01db76b5517f3713f30ca88780e52	-
	cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.noarch.rpm	c60a9f38d27b13715de7b6de75dc69ec	-
	conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.aarch64.rpm	e882a6fcbc91078f79a6a1bd23a0bae6	-
	container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.noarch.rpm	f52e6ffb0f51016f7b3351873f2ad31e	-
	containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.aarch64.rpm	5daa6aeb79ce0d8d388974fce4a98477	-
	containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.aarch64.rpm	e8360e0ee0bd09bafc5e7f33f6f2317e	-
	crit-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm	fbdc1f5c87eafeba24c6f63c44276163	-
	criu-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm	5247bc4c1a527aed7feb9d9523ea9ed2	-
	criu-devel-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm	5f1ce31cd7c0daf8690a71d3ffa497b6	-
	criu-libs-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm	9f85806b4c3c5a546622bf580b17e3de	-
	crun-1.4.4-1.module+el8.6.0+20656+53f7e955.aarch64.rpm	db77f8ae96b16199eec6054259f2b616	-
	fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.aarch64.rpm	5d8e932a619f90cee5ef2bf404d3e58c	-
	libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.aarch64.rpm	b1526a35426418e0b7ea14434dc27726	-
	libslirp-devel-4.4.0-1.module+el8.6.0+20656+53f7e955.aarch64.rpm	cdf68acf21a481cad47b11a7b3703437	-
	netavark-1.0.1-27.module+el8.6.0+20656+53f7e955.aarch64.rpm	520e192a60331bcb72cb6e982ac004db	-
	oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.aarch64.rpm	20f2cd33a61eef34e30703cee78452d1	-
	podman-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm	a6f4d07900cf181860757f0af19bc614	-
	podman-catatonit-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm	0f64b1a5235193b7e522f839da55c100	-
	podman-docker-4.0.2-6.module+el8.6.0+20656+53f7e955.noarch.rpm	72b816ae0e9743366b8caa2858b9e742	-
	podman-gvproxy-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm	744f6b7dedcde3169af92ef9b6dba2f2	-
	podman-plugins-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm	85c123cccb18fe431944981ca2bcf4e9	-
	podman-remote-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm	5b75f1f9d9f2a19909b8cb70b9c2c456	-
	podman-tests-4.0.2-6.module+el8.6.0+20656+53f7e955.aarch64.rpm	44c9071ba2e062c5d429d2d178111017	-
	python3-criu-3.15-3.module+el8.6.0+20656+53f7e955.aarch64.rpm	8bb790eb3c1ef486c01c71a450872f6f	-
	python3-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.noarch.rpm	9f48444055f1b8a0104b2077b9d9222d	-
	runc-1.0.3-2.module+el8.6.0+20656+53f7e955.aarch64.rpm	f3f8ed4c15772ae7cacb732b78d650fa	-
	skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.aarch64.rpm	4a4ae12e4cc933c8e8fd43d80eeed99a	-
	skopeo-tests-1.6.1-2.module+el8.6.0+20656+53f7e955.aarch64.rpm	87b1c50b876e0fe53bc1d16d29c55516	-
	slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.aarch64.rpm	2f1afdcff05d0e90d528108a5b890543	-
	udica-0.2.6-2.module+el8.6.0+20656+53f7e955.noarch.rpm	846d172c29a1212b4d3bb0bd165a351b	-

Oracle Linux 8 (x86_64)	buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.src.rpm	7c0f9df12f75f80a48c2d49af8182fd4	-
	cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.src.rpm	602b54be95183905d33f6ff02286898a	-
	conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.src.rpm	36b0c5925e573ef32966b25f87341d44	-
	container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.src.rpm	bf55bd1f854080ad02423099177916ac	-
	containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.src.rpm	4603450df17024e6174b3b7fd98fb8c2	-
	containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.src.rpm	7ac0de4fc9cba24d6170da5ebaf4169e	-
	criu-3.15-3.module+el8.6.0+20656+53f7e955.src.rpm	319d4c1e712b85418be065047ea0e6bc	-
	crun-1.4.4-1.module+el8.6.0+20656+53f7e955.src.rpm	0cfe863532851ef30376c615deb01eda	-
	fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.src.rpm	8e06b619be91a642c2be5766b12b20f3	-
	libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.src.rpm	269adf6d00ba5f1a9aeba0ee1989d8e3	-
	oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.src.rpm	9c4755eb12fb04268c22928ab93ede7f	-
	podman-4.0.2-6.module+el8.6.0+20656+53f7e955.src.rpm	25e3a56dc5c61f7c26486a8d4da2acc1	-
	python-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.src.rpm	01ff624b88ef269ec288299863d44ced	-
	runc-1.0.3-2.module+el8.6.0+20656+53f7e955.src.rpm	7b06b2a4e2833f3393ffe804711cbc2c	-
	skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.src.rpm	5d6f6d3ea0591d7a122f3f5b45f930cd	-
	slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.src.rpm	c449cdc289e8741f34deb3c7920507e3	-
	udica-0.2.6-2.module+el8.6.0+20656+53f7e955.src.rpm	f6634533b88d7f08578bfc8d1131b4f8	-
	aardvark-dns-1.0.1-27.module+el8.6.0+20656+53f7e955.x86_64.rpm	c2aaed695317fa478a42d234fd637a39	-
	buildah-1.24.2-4.module+el8.6.0+20656+53f7e955.x86_64.rpm	83e347d6e89b1c0b63dd9bd568bd6365	-
	buildah-tests-1.24.2-4.module+el8.6.0+20656+53f7e955.x86_64.rpm	5c5e4e4e8cb80312bf3ad782748e320c	-
	cockpit-podman-43-1.module+el8.6.0+20656+53f7e955.noarch.rpm	c60a9f38d27b13715de7b6de75dc69ec	-
	conmon-2.1.0-1.module+el8.6.0+20656+53f7e955.x86_64.rpm	0d82a68b8d3ff9f1a33f382ff81349a2	-
	container-selinux-2.179.1-1.module+el8.6.0+20656+53f7e955.noarch.rpm	f52e6ffb0f51016f7b3351873f2ad31e	-
	containernetworking-plugins-1.0.1-2.module+el8.6.0+20656+53f7e955.x86_64.rpm	2e83716eb946b08c05626452379ca511	-
	containers-common-1-27.0.1.module+el8.6.0+20656+53f7e955.x86_64.rpm	cdcc1a78f22aac45f611b399faa8e96d	-
	crit-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm	214114afd5f0fd6ea08f7e011c1e7fc6	-
	criu-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm	0c1a41f3a790f971f98933ad65637951	-
	criu-devel-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm	9338b62c27afd7b0ef84085e49135638	-
	criu-libs-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm	d1059b06d90a3ac6062edec13e3de8df	-
	crun-1.4.4-1.module+el8.6.0+20656+53f7e955.x86_64.rpm	eeeb5c91a74fe3c1c51524be7a7d8389	-
	fuse-overlayfs-1.8.2-1.module+el8.6.0+20656+53f7e955.x86_64.rpm	e8db3822803826487fbc9661824773a3	-
	libslirp-4.4.0-1.module+el8.6.0+20656+53f7e955.x86_64.rpm	7ce1ca53091aae514ef283a98ba60d13	-
	libslirp-devel-4.4.0-1.module+el8.6.0+20656+53f7e955.x86_64.rpm	012373e0abb05ffc2f6498fb90c03f75	-
	netavark-1.0.1-27.module+el8.6.0+20656+53f7e955.x86_64.rpm	ec44102372033e1c813d7a466b2b08d5	-
	oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+20656+53f7e955.x86_64.rpm	577adde6a2ae9a599aa91a1b6c07bba7	-
	podman-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm	101fb58485303705f43411c88346dec9	-
	podman-catatonit-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm	dd959d33ce7fb16aff968bf242875f2b	-
	podman-docker-4.0.2-6.module+el8.6.0+20656+53f7e955.noarch.rpm	72b816ae0e9743366b8caa2858b9e742	-
	podman-gvproxy-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm	9fc97845f01e89d5aae063b74d9a9e06	-
	podman-plugins-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm	fc23e79dab624a075c734b09fbc962ae	-
	podman-remote-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm	aca81d5d10991cb7e9321c254fd17a37	-
	podman-tests-4.0.2-6.module+el8.6.0+20656+53f7e955.x86_64.rpm	b9f07e6e8b56d73f9875c5c7cf0c5b14	-
	python3-criu-3.15-3.module+el8.6.0+20656+53f7e955.x86_64.rpm	46ddb5dd7c7aa89ec32142c78d73d8bd	-
	python3-podman-4.0.0-1.module+el8.6.0+20656+53f7e955.noarch.rpm	9f48444055f1b8a0104b2077b9d9222d	-
	runc-1.0.3-2.module+el8.6.0+20656+53f7e955.x86_64.rpm	59a30d69abdf23b2077ee81bc074b000	-
	skopeo-1.6.1-2.module+el8.6.0+20656+53f7e955.x86_64.rpm	9cc4f8493d0418109f304e19bcfad9e8	-
	skopeo-tests-1.6.1-2.module+el8.6.0+20656+53f7e955.x86_64.rpm	08228ad74f6388970b5455e123dc7278	-
	slirp4netns-1.1.8-2.module+el8.6.0+20656+53f7e955.x86_64.rpm	71e6dde6023554c7bd91ee62dc6b7576	-
	udica-0.2.6-2.module+el8.6.0+20656+53f7e955.noarch.rpm	846d172c29a1212b4d3bb0bd165a351b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691