ELSA-2023-12579

ULN >
Oracle Linux Errata repository >
ELSA-2023-12579

ELSA-2023-12579 - aardvark-dns security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-07-19

Description

runc
[1:1.1.4-1.0.1]
- rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809
- rootfs: prohibit symlinks that conflicts with readonlyPaths
and/or maskedPaths to prevent CVE-2023-27561
- Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642
- JIRA: OLDIS-25589

Related CVEs

CVE-2023-25809

CVE-2023-27561

CVE-2023-28642

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.src.rpm	c7c4a82895f08b42c001013d24fe7cd1	-
	buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.src.rpm	de54d880e091a663366058069077fda5	-
	cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.src.rpm	e8947f1b3ada5e7228ff6e5c9a51506a	-
	conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.src.rpm	4b804f8231cd57c3d1d497d55a002189	-
	container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.src.rpm	67a3ba6359aae527d08a15c1acad3b89	-
	containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.src.rpm	8873c06761d486813dda7bb79fa9bb6d	-
	containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.src.rpm	b1b2b7c07485d4c1cb30c230af012d16	-
	criu-3.15-3.module+el8.8.0+21045+adcb6a64.src.rpm	4487d1bed6699a4c7e32082233a2c7ee	-
	crun-1.8.4-2.module+el8.8.0+21056+d98a0860.src.rpm	1c29a8142b34dc87a2625067cfa8deec	-
	fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.src.rpm	fd7fe674f3fe56f7f33788f3efd7e687	-
	libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.src.rpm	6b38bd2bc85c4498915f108801dec672	-
	netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.src.rpm	959b8c69b95b6ac11ffffbc5fbe4af8d	-
	oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.src.rpm	edfe8dcc3938aa4ec1afa650375995bd	-
	podman-4.4.1-12.module+el8.8.0+21056+d98a0860.src.rpm	a4621d91d3c34ccade53fd357f95cd5f	-
	python-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.src.rpm	681226bf4fe2d5838e7cc3284ccc85a2	-
	runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.src.rpm	a71fae08352e8d8aa814e18d42f8b457	-
	skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.src.rpm	bfed63d8af48529e469608b2fa353c15	-
	slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.src.rpm	3c1f313b5514362dc73739ae62f5fe1d	-
	udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.src.rpm	35ec8fad5f08d63c6783dc7cb5ead169	-
	aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.aarch64.rpm	6dd82fe4c66c90e15199ad85f73d7fe2	-
	buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.aarch64.rpm	778b44a59bca9a2da74efe43e0a3d140	-
	buildah-tests-1.29.1-2.module+el8.8.0+21056+d98a0860.aarch64.rpm	010566d1ff06b3f983e201919cc0856d	-
	cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm	93948972550b25925f4b662687b9adfa	-
	conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm	f5d45e426e80eb9e37c30db6bd0bc4be	-
	container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch.rpm	4477c8710c84fa8e14a04146b425b00a	-
	containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm	2e57f132085d8e21cf74f3703975b341	-
	containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.aarch64.rpm	5c3b8586ba63453def557a31e46147b6	-
	crit-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm	d876f313da126f0747869e3a6a20f62c	-
	criu-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm	4822b2ce52be817297cc7bde744e051e	-
	criu-devel-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm	122ff6ee6e72b0c6d0a8b526c23c316e	-
	criu-libs-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm	f09cf29247d85e7caaa842ea4a1ff83a	-
	crun-1.8.4-2.module+el8.8.0+21056+d98a0860.aarch64.rpm	3303d31ad839ac646e21a51fff309268	-
	fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.aarch64.rpm	e63c17a25e31bb22a53af010509c0d7d	-
	libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm	6974f7dc83f6f924dd658e3006cc914e	-
	libslirp-devel-4.4.0-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm	54b84e01e6bb18df847f7123c68bccc8	-
	netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.aarch64.rpm	53ddf29f53b3a5b0827026bdc29fac85	-
	oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.aarch64.rpm	f859e07b8611597ba67d6ae179a80635	-
	podman-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm	c1a9d2f20632eeecf44865e990be5dc1	-
	podman-catatonit-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm	8f6fe194d8bafb6dc5cac8f4264cec2d	-
	podman-docker-4.4.1-12.module+el8.8.0+21056+d98a0860.noarch.rpm	b5159d42fc81338d29c184c1f4369cc2	-
	podman-gvproxy-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm	4770de560738b8f56d34204ca1cbb0c5	-
	podman-plugins-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm	a9373f3b2623d6ec28991cd5ced09157	-
	podman-remote-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm	36eda84c8b8a2816d9bbdefba15373b7	-
	podman-tests-4.4.1-12.module+el8.8.0+21056+d98a0860.aarch64.rpm	887be0b090e69856ae8a7d94631b1dd7	-
	python3-criu-3.15-3.module+el8.8.0+21045+adcb6a64.aarch64.rpm	4a4aef8f9ec39736cc6ea82d666beb22	-
	python3-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm	f55dce732e5dd6e3c99141706f0862c6	-
	runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.aarch64.rpm	f284ef080eeec18d4761bcc6c3396040	-
	skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.aarch64.rpm	3c9dfd631cf8b7fb3938836f424235b7	-
	skopeo-tests-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.aarch64.rpm	f0947ee4a9714d664723f5f8eae55317	-
	slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.aarch64.rpm	ba706ab27d088ca0a4a26705373d6807	-
	udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.noarch.rpm	a0ca9718b7f9b254aa73ebb25e742ad6	-

Oracle Linux 8 (x86_64)	aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.src.rpm	c7c4a82895f08b42c001013d24fe7cd1	-
	buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.src.rpm	de54d880e091a663366058069077fda5	-
	cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.src.rpm	e8947f1b3ada5e7228ff6e5c9a51506a	-
	conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.src.rpm	4b804f8231cd57c3d1d497d55a002189	-
	container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.src.rpm	67a3ba6359aae527d08a15c1acad3b89	-
	containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.src.rpm	8873c06761d486813dda7bb79fa9bb6d	-
	containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.src.rpm	b1b2b7c07485d4c1cb30c230af012d16	-
	criu-3.15-3.module+el8.8.0+21045+adcb6a64.src.rpm	4487d1bed6699a4c7e32082233a2c7ee	-
	crun-1.8.4-2.module+el8.8.0+21056+d98a0860.src.rpm	1c29a8142b34dc87a2625067cfa8deec	-
	fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.src.rpm	fd7fe674f3fe56f7f33788f3efd7e687	-
	libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.src.rpm	6b38bd2bc85c4498915f108801dec672	-
	netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.src.rpm	959b8c69b95b6ac11ffffbc5fbe4af8d	-
	oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.src.rpm	edfe8dcc3938aa4ec1afa650375995bd	-
	podman-4.4.1-12.module+el8.8.0+21056+d98a0860.src.rpm	a4621d91d3c34ccade53fd357f95cd5f	-
	python-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.src.rpm	681226bf4fe2d5838e7cc3284ccc85a2	-
	runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.src.rpm	a71fae08352e8d8aa814e18d42f8b457	-
	skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.src.rpm	bfed63d8af48529e469608b2fa353c15	-
	slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.src.rpm	3c1f313b5514362dc73739ae62f5fe1d	-
	udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.src.rpm	35ec8fad5f08d63c6783dc7cb5ead169	-
	aardvark-dns-1.5.0-2.module+el8.8.0+21045+adcb6a64.x86_64.rpm	25ae14c694a1e6ca944424765ab9bf68	-
	buildah-1.29.1-2.module+el8.8.0+21056+d98a0860.x86_64.rpm	346ce0820f82c3b1e703ebbc34d9a9d1	-
	buildah-tests-1.29.1-2.module+el8.8.0+21056+d98a0860.x86_64.rpm	7996d21f92fb9a7f105aae6a661866a9	-
	cockpit-podman-63.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm	93948972550b25925f4b662687b9adfa	-
	conmon-2.1.6-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm	0e4d5d9aa97900dbf0da336270bb6a75	-
	container-selinux-2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch.rpm	4477c8710c84fa8e14a04146b425b00a	-
	containernetworking-plugins-1.2.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm	4fd79d72dee86f75aee3413bc8181174	-
	containers-common-1-64.0.1.module+el8.8.0+21056+d98a0860.x86_64.rpm	a6ca249e8e666bed9de881657b5092ce	-
	crit-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm	e93ee8d556364dfafe5a69fd026c6326	-
	criu-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm	22bb9129cd15a246149a255d60a65045	-
	criu-devel-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm	aff0072e9982e1d67b5640007fc483e5	-
	criu-libs-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm	ba5f102782e47cb1029a445c1f612f29	-
	crun-1.8.4-2.module+el8.8.0+21056+d98a0860.x86_64.rpm	e0ce6450e2aa70366b8752087ef38ab0	-
	fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.x86_64.rpm	5b5fadbf1d9248b7f1f59289fb114490	-
	libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm	30f3ee2d8f0296da430854872198ebc9	-
	libslirp-devel-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm	4f4f3409f9e17c0d5021dbdef8f8ab63	-
	netavark-1.5.0-5.module+el8.8.0+21056+d98a0860.x86_64.rpm	3d58cde9f9bb1e4f385ab012666f9559	-
	oci-seccomp-bpf-hook-1.2.8-1.module+el8.8.0+21045+adcb6a64.x86_64.rpm	5a84291fd98259e4883786a17b28cbd1	-
	podman-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm	bdb79fc169daa2e916dbdce5f5a0ee74	-
	podman-catatonit-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm	7f24c84e8e88fa2213325212f71b2713	-
	podman-docker-4.4.1-12.module+el8.8.0+21056+d98a0860.noarch.rpm	b5159d42fc81338d29c184c1f4369cc2	-
	podman-gvproxy-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm	b7b209b10d1abc5cbe9434c99acbbb72	-
	podman-plugins-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm	e853c29aedb589c9364bff5811939c46	-
	podman-remote-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm	c6e1a61820224e33a0f069666a1179e1	-
	podman-tests-4.4.1-12.module+el8.8.0+21056+d98a0860.x86_64.rpm	472feebdcadb77ba05099e7eeb8c9a12	-
	python3-criu-3.15-3.module+el8.8.0+21045+adcb6a64.x86_64.rpm	1de9d5a7297a2832b442c7ff6d71690b	-
	python3-podman-4.4.1-1.module+el8.8.0+21045+adcb6a64.noarch.rpm	f55dce732e5dd6e3c99141706f0862c6	-
	runc-1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.x86_64.rpm	d98a81d2a6620b7c3f70ed9649cc8b81	-
	skopeo-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.x86_64.rpm	d9d4a45d84bf087e8f2b327fbcb174ed	-
	skopeo-tests-1.11.2-0.2.module+el8.8.0+21045+adcb6a64.x86_64.rpm	e57a77de3e4bbbb5055adc601eacea3d	-
	slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.x86_64.rpm	15f472e45a71edd1f6f4fb07c6f5a08e	-
	udica-0.2.6-20.module+el8.8.0+21045+adcb6a64.noarch.rpm	a0ca9718b7f9b254aa73ebb25e742ad6	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691