ELSA-2023-12578

ULN >
Oracle Linux Errata repository >
ELSA-2023-12578

ELSA-2023-12578 - buildah security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-07-19

Description

runc
[1:1.1.4-1.0.1]
- rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809
- rootfs: prohibit symlinks that conflicts with readonlyPaths
and/or maskedPaths to prevent CVE-2023-27561
- Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642
- JIRA: OLDIS-25589

Related CVEs

CVE-2023-28642

CVE-2023-25809

CVE-2023-27561

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.src.rpm	24617846b87c5eb1356bc4a7ed6815c4	-
	cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.src.rpm	bf0fddb229f583cb3029e551a0c189a8	-
	conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.src.rpm	666155e0cb39e550870a4e7e86d3f7c0	-
	container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm	0a337d095c2858bc72271a4234b6d747	-
	containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.src.rpm	f0ff93effcbdc5d399eecbe57d5897e0	-
	containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.src.rpm	bc7694d2f61f2542b44fd24621dc9243	-
	criu-3.15-3.module+el8.8.0+20984+ab6ce66c.src.rpm	aa145eb35a3d2765d094b0fe230351d8	-
	crun-1.6-1.module+el8.8.0+20984+ab6ce66c.src.rpm	74a40cae7a453b4e1fb09727696f1c7c	-
	fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.src.rpm	a3216e98db1a1718f0827df050d9fa02	-
	libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm	4441d5d0ffb723ac3216dfd59eff0869	-
	oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.src.rpm	dcaa8d6768cfd4a7acb8458690093607	-
	podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.src.rpm	8360d57db9f7404602d6643cc8a55ac5	-
	python-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm	7d82bf8e9b5f530ecfe5c8e279c82aec	-
	runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.src.rpm	48a94660e562a2f8b6a870dfb841bd19	-
	skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.src.rpm	bca78b7ba5c603826be2f63f00ab1da9	-
	slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.src.rpm	8af61d1d4d247c1b712a96c611665c0f	-
	udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.src.rpm	1ae4182689b1f9b0b035cb10f21fd8fc	-
	aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	afb1f9cb041fd9fca6f896cc2c4bc622	-
	buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	03407dd8cd8325873fc14ee31c9b78ce	-
	buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	be67d536be87de7cd84832a6ab2f4d8b	-
	cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm	ef6ce22267164579ed8759504f1f420f	-
	conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	263d6f01f436ad5ad6608381e7249212	-
	container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm	7adb4a1aea97b514362f3ea3a1137e19	-
	containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	bb5af067d43adac4e0484c4427cf68fa	-
	containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	a9016353b2195b470f0482aa4540ef7a	-
	crit-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	479a25c8c1cf396c344755e3646f69ca	-
	criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	42b7e27b3c4959c54fb528e1208505ed	-
	criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	1e50a38a70d4ca7e1c44cab1e97a4933	-
	criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	edf5feeb8563321a19a6940cd043737c	-
	crun-1.6-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	f3973b7cb77f14a47fc159acac4e939e	-
	fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	930450936c91f7e81985ef615f8459c9	-
	libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	c7b3e5f7e2b5bca3459341f9227975e7	-
	libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	3438dafe688b4e6bb28b16da98fbb07b	-
	netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	86fd1f8edfbc1dff7637bafc7dc26407	-
	oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	d9d01793302cb00b58f0ccb3e0869247	-
	podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	bc2407911235573e600886ecd9fc62b6	-
	podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	c510e46d3baa55694824ea077dfc635e	-
	podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpm	a924127616198168fa64679b806ef67f	-
	podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	4770b0421abef0f0a9cd72befabce9a9	-
	podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	52ed0e01e2546e3fcbf15da5e3030f24	-
	podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	c6b7a98b87c591e4a80ac4b0eace98cd	-
	podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	a032006b49fc34df5a750f53179e6771	-
	python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	6b14a6687a0e44a3c89afbbcb55b7cf5	-
	python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm	bf7a87cde72dac801920b6310d1db2f7	-
	runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.aarch64.rpm	9c391e10bddc93281bf306f227e7e635	-
	skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	f62e5a8e338af4e1a4a99682738cc6fb	-
	skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	adab821b04ad021cc24f40cbfa1c0c75	-
	slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm	a19f35851e7baf5b11fe9fbb26d7042c	-
	udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm	2af0eca0a8ba25c96021daf6a5fb0529	-

Oracle Linux 8 (x86_64)	buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.src.rpm	24617846b87c5eb1356bc4a7ed6815c4	-
	cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.src.rpm	bf0fddb229f583cb3029e551a0c189a8	-
	conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.src.rpm	666155e0cb39e550870a4e7e86d3f7c0	-
	container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm	0a337d095c2858bc72271a4234b6d747	-
	containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.src.rpm	f0ff93effcbdc5d399eecbe57d5897e0	-
	containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.src.rpm	bc7694d2f61f2542b44fd24621dc9243	-
	criu-3.15-3.module+el8.8.0+20984+ab6ce66c.src.rpm	aa145eb35a3d2765d094b0fe230351d8	-
	crun-1.6-1.module+el8.8.0+20984+ab6ce66c.src.rpm	74a40cae7a453b4e1fb09727696f1c7c	-
	fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.src.rpm	a3216e98db1a1718f0827df050d9fa02	-
	libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm	4441d5d0ffb723ac3216dfd59eff0869	-
	oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.src.rpm	dcaa8d6768cfd4a7acb8458690093607	-
	podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.src.rpm	8360d57db9f7404602d6643cc8a55ac5	-
	python-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm	7d82bf8e9b5f530ecfe5c8e279c82aec	-
	runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.src.rpm	48a94660e562a2f8b6a870dfb841bd19	-
	skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.src.rpm	bca78b7ba5c603826be2f63f00ab1da9	-
	slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.src.rpm	8af61d1d4d247c1b712a96c611665c0f	-
	udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.src.rpm	1ae4182689b1f9b0b035cb10f21fd8fc	-
	aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	e329ca33b8466293d97bd6a5f3cef266	-
	buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	5e10ca412341f98d63d0839c9c6284bc	-
	buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	5e2b5465afd80d24149199a4228e0c99	-
	cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm	ef6ce22267164579ed8759504f1f420f	-
	conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	885dbf5f1e1126984f6a2ca117be552b	-
	container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm	7adb4a1aea97b514362f3ea3a1137e19	-
	containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	bffe894ed2121e77c2495351a009035d	-
	containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	7007e30832fec87b6da3a5ff72ead054	-
	crit-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	289207dd92419e1f0298c77b162fb73f	-
	criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	e8beaa06ccad6be83474b82d53486c2b	-
	criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	5cad082908985d2301ae2a56209bcde7	-
	criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	c07a715f7a507056ad840ce0375143ca	-
	crun-1.6-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	df4d940ec6ec3e476a7123536e92b96f	-
	fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	c4e04540afbb40a9e942bd564c7fe96c	-
	libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	91a86aea7f33fd1df64dfed06f0925ba	-
	libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	57be9c28e6c58ec1d8741b506e09780f	-
	netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	a6449daf4bf7409c31a838b00b861581	-
	oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	8a68de2de5293cdb46c169b67ef0fdee	-
	podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	0aac4c93c02047c4516ad588527f2389	-
	podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	740e20d9816aa985519cb0ebcf35b5bb	-
	podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpm	a924127616198168fa64679b806ef67f	-
	podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	9b7a2cc513e6fa0f3aa935995af73979	-
	podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	9a7d76b7304b791f6f0de7b25f7c49f1	-
	podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	2b957b7c2c259e24eab070dfd445409c	-
	podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	34d62962bf581b6d664db35d56f652fe	-
	python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	e063ed3c766b3276d1abf942c4026e8e	-
	python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm	bf7a87cde72dac801920b6310d1db2f7	-
	runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.x86_64.rpm	6747ce88968ff740e05c75031c4146d7	-
	skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	5bd3b2c35b9eafb50b9d7dea73df30ff	-
	skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	c2b3d97a9240e6cbadb0af38be67596d	-
	slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm	f8df9529515c533b570bdc8c15889850	-
	udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm	2af0eca0a8ba25c96021daf6a5fb0529	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691