ELSA-2023-12578

ELSA-2023-12578 - buildah security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2023-07-19

Description


runc
[1:1.1.4-1.0.1]
- rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809
- rootfs: prohibit symlinks that conflicts with readonlyPaths
and/or maskedPaths to prevent CVE-2023-27561
- Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642
- JIRA: OLDIS-25589


Related CVEs


CVE-2023-28642
CVE-2023-25809
CVE-2023-27561

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.src.rpm24617846b87c5eb1356bc4a7ed6815c4-
cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.src.rpmbf0fddb229f583cb3029e551a0c189a8-
conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.src.rpm666155e0cb39e550870a4e7e86d3f7c0-
container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm0a337d095c2858bc72271a4234b6d747-
containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.src.rpmf0ff93effcbdc5d399eecbe57d5897e0-
containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.src.rpmbc7694d2f61f2542b44fd24621dc9243-
criu-3.15-3.module+el8.8.0+20984+ab6ce66c.src.rpmaa145eb35a3d2765d094b0fe230351d8-
crun-1.6-1.module+el8.8.0+20984+ab6ce66c.src.rpm74a40cae7a453b4e1fb09727696f1c7c-
fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.src.rpma3216e98db1a1718f0827df050d9fa02-
libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm4441d5d0ffb723ac3216dfd59eff0869-
oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.src.rpmdcaa8d6768cfd4a7acb8458690093607-
podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.src.rpm8360d57db9f7404602d6643cc8a55ac5-
python-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm7d82bf8e9b5f530ecfe5c8e279c82aec-
runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.src.rpm48a94660e562a2f8b6a870dfb841bd19-
skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.src.rpmbca78b7ba5c603826be2f63f00ab1da9-
slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.src.rpm8af61d1d4d247c1b712a96c611665c0f-
udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.src.rpm1ae4182689b1f9b0b035cb10f21fd8fc-
aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpmafb1f9cb041fd9fca6f896cc2c4bc622-
buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm03407dd8cd8325873fc14ee31c9b78ce-
buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpmbe67d536be87de7cd84832a6ab2f4d8b-
cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpmef6ce22267164579ed8759504f1f420f-
conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm263d6f01f436ad5ad6608381e7249212-
container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm7adb4a1aea97b514362f3ea3a1137e19-
containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpmbb5af067d43adac4e0484c4427cf68fa-
containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpma9016353b2195b470f0482aa4540ef7a-
crit-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm479a25c8c1cf396c344755e3646f69ca-
criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm42b7e27b3c4959c54fb528e1208505ed-
criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm1e50a38a70d4ca7e1c44cab1e97a4933-
criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpmedf5feeb8563321a19a6940cd043737c-
crun-1.6-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpmf3973b7cb77f14a47fc159acac4e939e-
fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm930450936c91f7e81985ef615f8459c9-
libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpmc7b3e5f7e2b5bca3459341f9227975e7-
libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm3438dafe688b4e6bb28b16da98fbb07b-
netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm86fd1f8edfbc1dff7637bafc7dc26407-
oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpmd9d01793302cb00b58f0ccb3e0869247-
podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpmbc2407911235573e600886ecd9fc62b6-
podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpmc510e46d3baa55694824ea077dfc635e-
podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpma924127616198168fa64679b806ef67f-
podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm4770b0421abef0f0a9cd72befabce9a9-
podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm52ed0e01e2546e3fcbf15da5e3030f24-
podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpmc6b7a98b87c591e4a80ac4b0eace98cd-
podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpma032006b49fc34df5a750f53179e6771-
python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm6b14a6687a0e44a3c89afbbcb55b7cf5-
python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpmbf7a87cde72dac801920b6310d1db2f7-
runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.aarch64.rpm9c391e10bddc93281bf306f227e7e635-
skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpmf62e5a8e338af4e1a4a99682738cc6fb-
skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpmadab821b04ad021cc24f40cbfa1c0c75-
slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpma19f35851e7baf5b11fe9fbb26d7042c-
udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm2af0eca0a8ba25c96021daf6a5fb0529-
Oracle Linux 8 (x86_64) buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.src.rpm24617846b87c5eb1356bc4a7ed6815c4-
cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.src.rpmbf0fddb229f583cb3029e551a0c189a8-
conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.src.rpm666155e0cb39e550870a4e7e86d3f7c0-
container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm0a337d095c2858bc72271a4234b6d747-
containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.src.rpmf0ff93effcbdc5d399eecbe57d5897e0-
containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.src.rpmbc7694d2f61f2542b44fd24621dc9243-
criu-3.15-3.module+el8.8.0+20984+ab6ce66c.src.rpmaa145eb35a3d2765d094b0fe230351d8-
crun-1.6-1.module+el8.8.0+20984+ab6ce66c.src.rpm74a40cae7a453b4e1fb09727696f1c7c-
fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.src.rpma3216e98db1a1718f0827df050d9fa02-
libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm4441d5d0ffb723ac3216dfd59eff0869-
oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.src.rpmdcaa8d6768cfd4a7acb8458690093607-
podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.src.rpm8360d57db9f7404602d6643cc8a55ac5-
python-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm7d82bf8e9b5f530ecfe5c8e279c82aec-
runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.src.rpm48a94660e562a2f8b6a870dfb841bd19-
skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.src.rpmbca78b7ba5c603826be2f63f00ab1da9-
slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.src.rpm8af61d1d4d247c1b712a96c611665c0f-
udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.src.rpm1ae4182689b1f9b0b035cb10f21fd8fc-
aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpme329ca33b8466293d97bd6a5f3cef266-
buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm5e10ca412341f98d63d0839c9c6284bc-
buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm5e2b5465afd80d24149199a4228e0c99-
cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpmef6ce22267164579ed8759504f1f420f-
conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm885dbf5f1e1126984f6a2ca117be552b-
container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm7adb4a1aea97b514362f3ea3a1137e19-
containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpmbffe894ed2121e77c2495351a009035d-
containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm7007e30832fec87b6da3a5ff72ead054-
crit-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm289207dd92419e1f0298c77b162fb73f-
criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpme8beaa06ccad6be83474b82d53486c2b-
criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm5cad082908985d2301ae2a56209bcde7-
criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpmc07a715f7a507056ad840ce0375143ca-
crun-1.6-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpmdf4d940ec6ec3e476a7123536e92b96f-
fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpmc4e04540afbb40a9e942bd564c7fe96c-
libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm91a86aea7f33fd1df64dfed06f0925ba-
libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm57be9c28e6c58ec1d8741b506e09780f-
netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpma6449daf4bf7409c31a838b00b861581-
oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm8a68de2de5293cdb46c169b67ef0fdee-
podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm0aac4c93c02047c4516ad588527f2389-
podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm740e20d9816aa985519cb0ebcf35b5bb-
podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpma924127616198168fa64679b806ef67f-
podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm9b7a2cc513e6fa0f3aa935995af73979-
podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm9a7d76b7304b791f6f0de7b25f7c49f1-
podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm2b957b7c2c259e24eab070dfd445409c-
podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm34d62962bf581b6d664db35d56f652fe-
python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpme063ed3c766b3276d1abf942c4026e8e-
python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpmbf7a87cde72dac801920b6310d1db2f7-
runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.x86_64.rpm6747ce88968ff740e05c75031c4146d7-
skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm5bd3b2c35b9eafb50b9d7dea73df30ff-
skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpmc2b3d97a9240e6cbadb0af38be67596d-
slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpmf8df9529515c533b570bdc8c15889850-
udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm2af0eca0a8ba25c96021daf6a5fb0529-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete