RLSA-2024:2084
Important: container-tools:4.0 security update
Topic
An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.fuse-overlayfs, runc, criu, module.toolbox, module.container-selinux, container-selinux, containers-common, module.conmon, containernetworking-plugins, crun, module.podman, module.skopeo, podman, module.containernetworking-plugins, slirp4netns, oci-seccomp-bpf-hook, module.slirp4netns, module.python-podman, cockpit-podman, module.cockpit-podman, skopeo, module.udica, module.criu, toolbox.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Description
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* buildah: full container escape at build time (CVE-2024-1753)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Rocky Linux 8
SRPMs
- buildah-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.src.rpm
- cockpit-podman-0:46-1.module+el8.9.0+1445+07728297.src.rpm
- conmon-2:2.1.4-2.module+el8.9.0+1445+07728297.src.rpm
- containernetworking-plugins-1:1.1.1-6.module+el8.9.0+1653+32675f1c.src.rpm
- containers-common-2:1-38.module+el8.9.0+1445+07728297.src.rpm
- container-selinux-2:2.205.0-3.module+el8.9.0+1445+07728297.src.rpm
- criu-0:3.15-3.module+el8.9.0+1445+07728297.src.rpm
- crun-0:1.8.7-1.module+el8.9.0+1580+e76741f0.src.rpm
- fuse-overlayfs-0:1.9-2.module+el8.9.0+1445+07728297.src.rpm
- libslirp-0:4.4.0-1.module+el8.9.0+1420+91577025.src.rpm
- oci-seccomp-bpf-hook-0:1.2.5-2.module+el8.9.0+1445+07728297.src.rpm
- podman-2:4.0.2-26.module+el8.9.0+1702+822f0675.src.rpm
- python-podman-0:4.0.0-2.module+el8.9.0+1445+07728297.src.rpm
- runc-1:1.1.12-1.module+el8.9.0+1702+822f0675.src.rpm
- skopeo-2:1.6.2-9.module+el8.9.0+1578+aa900b44.src.rpm
- slirp4netns-0:1.1.8-3.module+el8.9.0+1445+07728297.src.rpm
- toolbox-0:0.0.99.4-5.module+el8.9.0+1445+07728297.src.rpm
- udica-0:0.2.6-4.module+el8.9.0+1445+07728297.src.rpm
RPMs
- aardvark-dns-2:1.0.1-38.module+el8.9.0+1445+07728297.aarch64.rpm
- aardvark-dns-2:1.0.1-38.module+el8.9.0+1445+07728297.x86_64.rpm
- buildah-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.aarch64.rpm
- buildah-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
- buildah-debuginfo-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.aarch64.rpm
- buildah-debuginfo-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
- buildah-debugsource-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.aarch64.rpm
- buildah-debugsource-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
- buildah-tests-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.aarch64.rpm
- buildah-tests-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
- buildah-tests-debuginfo-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.aarch64.rpm
- buildah-tests-debuginfo-1:1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
- cockpit-podman-0:46-1.module+el8.9.0+1445+07728297.noarch.rpm
- conmon-2:2.1.4-2.module+el8.9.0+1445+07728297.aarch64.rpm
- conmon-2:2.1.4-2.module+el8.9.0+1445+07728297.x86_64.rpm
- conmon-debuginfo-2:2.1.4-2.module+el8.9.0+1445+07728297.aarch64.rpm
- conmon-debuginfo-2:2.1.4-2.module+el8.9.0+1445+07728297.x86_64.rpm
- conmon-debugsource-2:2.1.4-2.module+el8.9.0+1445+07728297.aarch64.rpm
- conmon-debugsource-2:2.1.4-2.module+el8.9.0+1445+07728297.x86_64.rpm
- containernetworking-plugins-1:1.1.1-6.module+el8.9.0+1653+32675f1c.aarch64.rpm
- containernetworking-plugins-1:1.1.1-6.module+el8.9.0+1653+32675f1c.x86_64.rpm
- containernetworking-plugins-debuginfo-1:1.1.1-6.module+el8.9.0+1653+32675f1c.aarch64.rpm
- containernetworking-plugins-debuginfo-1:1.1.1-6.module+el8.9.0+1653+32675f1c.x86_64.rpm
- containernetworking-plugins-debugsource-1:1.1.1-6.module+el8.9.0+1653+32675f1c.aarch64.rpm
- containernetworking-plugins-debugsource-1:1.1.1-6.module+el8.9.0+1653+32675f1c.x86_64.rpm
- containers-common-2:1-38.module+el8.9.0+1445+07728297.aarch64.rpm
- containers-common-2:1-38.module+el8.9.0+1445+07728297.x86_64.rpm
- container-selinux-2:2.205.0-3.module+el8.9.0+1445+07728297.noarch.rpm
- crit-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- crit-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- criu-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- criu-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- criu-debuginfo-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- criu-debuginfo-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- criu-debugsource-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- criu-debugsource-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- criu-devel-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- criu-devel-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- criu-libs-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- criu-libs-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- criu-libs-debuginfo-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- criu-libs-debuginfo-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- crun-0:1.8.7-1.module+el8.9.0+1580+e76741f0.aarch64.rpm
- crun-0:1.8.7-1.module+el8.9.0+1580+e76741f0.x86_64.rpm
- crun-debuginfo-0:1.8.7-1.module+el8.9.0+1580+e76741f0.aarch64.rpm
- crun-debuginfo-0:1.8.7-1.module+el8.9.0+1580+e76741f0.x86_64.rpm
- crun-debugsource-0:1.8.7-1.module+el8.9.0+1580+e76741f0.aarch64.rpm
- crun-debugsource-0:1.8.7-1.module+el8.9.0+1580+e76741f0.x86_64.rpm
- fuse-overlayfs-0:1.9-2.module+el8.9.0+1445+07728297.aarch64.rpm
- fuse-overlayfs-0:1.9-2.module+el8.9.0+1445+07728297.x86_64.rpm
- fuse-overlayfs-debuginfo-0:1.9-2.module+el8.9.0+1445+07728297.aarch64.rpm
- fuse-overlayfs-debuginfo-0:1.9-2.module+el8.9.0+1445+07728297.x86_64.rpm
- fuse-overlayfs-debugsource-0:1.9-2.module+el8.9.0+1445+07728297.aarch64.rpm
- fuse-overlayfs-debugsource-0:1.9-2.module+el8.9.0+1445+07728297.x86_64.rpm
- libslirp-0:4.4.0-1.module+el8.9.0+1420+91577025.aarch64.rpm
- libslirp-0:4.4.0-1.module+el8.9.0+1420+91577025.x86_64.rpm
- libslirp-debuginfo-0:4.4.0-1.module+el8.9.0+1420+91577025.aarch64.rpm
- libslirp-debuginfo-0:4.4.0-1.module+el8.9.0+1420+91577025.x86_64.rpm
- libslirp-debugsource-0:4.4.0-1.module+el8.9.0+1420+91577025.aarch64.rpm
- libslirp-debugsource-0:4.4.0-1.module+el8.9.0+1420+91577025.x86_64.rpm
- libslirp-devel-0:4.4.0-1.module+el8.9.0+1420+91577025.aarch64.rpm
- libslirp-devel-0:4.4.0-1.module+el8.9.0+1420+91577025.x86_64.rpm
- netavark-2:1.0.1-38.module+el8.9.0+1445+07728297.aarch64.rpm
- netavark-2:1.0.1-38.module+el8.9.0+1445+07728297.x86_64.rpm
- oci-seccomp-bpf-hook-0:1.2.5-2.module+el8.9.0+1445+07728297.aarch64.rpm
- oci-seccomp-bpf-hook-0:1.2.5-2.module+el8.9.0+1445+07728297.x86_64.rpm
- oci-seccomp-bpf-hook-debuginfo-0:1.2.5-2.module+el8.9.0+1445+07728297.aarch64.rpm
- oci-seccomp-bpf-hook-debuginfo-0:1.2.5-2.module+el8.9.0+1445+07728297.x86_64.rpm
- oci-seccomp-bpf-hook-debugsource-0:1.2.5-2.module+el8.9.0+1445+07728297.aarch64.rpm
- oci-seccomp-bpf-hook-debugsource-0:1.2.5-2.module+el8.9.0+1445+07728297.x86_64.rpm
- podman-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-catatonit-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-catatonit-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-catatonit-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-catatonit-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-debugsource-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-debugsource-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-docker-2:4.0.2-26.module+el8.9.0+1702+822f0675.noarch.rpm
- podman-gvproxy-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-gvproxy-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-gvproxy-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-gvproxy-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-plugins-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-plugins-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-plugins-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-plugins-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-remote-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-remote-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-remote-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-remote-debuginfo-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- podman-tests-2:4.0.2-26.module+el8.9.0+1702+822f0675.aarch64.rpm
- podman-tests-2:4.0.2-26.module+el8.9.0+1702+822f0675.x86_64.rpm
- python3-criu-0:3.15-3.module+el8.9.0+1445+07728297.aarch64.rpm
- python3-criu-0:3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
- python3-podman-0:4.0.0-2.module+el8.9.0+1445+07728297.noarch.rpm
- runc-1:1.1.12-1.module+el8.9.0+1702+822f0675.aarch64.rpm
- runc-1:1.1.12-1.module+el8.9.0+1702+822f0675.x86_64.rpm
- runc-debuginfo-1:1.1.12-1.module+el8.9.0+1702+822f0675.aarch64.rpm
- runc-debuginfo-1:1.1.12-1.module+el8.9.0+1702+822f0675.x86_64.rpm
- runc-debugsource-1:1.1.12-1.module+el8.9.0+1702+822f0675.aarch64.rpm
- runc-debugsource-1:1.1.12-1.module+el8.9.0+1702+822f0675.x86_64.rpm
- skopeo-2:1.6.2-9.module+el8.9.0+1578+aa900b44.aarch64.rpm
- skopeo-2:1.6.2-9.module+el8.9.0+1578+aa900b44.x86_64.rpm
- skopeo-debuginfo-2:1.6.2-9.module+el8.9.0+1578+aa900b44.aarch64.rpm
- skopeo-debuginfo-2:1.6.2-9.module+el8.9.0+1578+aa900b44.x86_64.rpm
- skopeo-debugsource-2:1.6.2-9.module+el8.9.0+1578+aa900b44.aarch64.rpm
- skopeo-debugsource-2:1.6.2-9.module+el8.9.0+1578+aa900b44.x86_64.rpm
- skopeo-tests-2:1.6.2-9.module+el8.9.0+1578+aa900b44.aarch64.rpm
- skopeo-tests-2:1.6.2-9.module+el8.9.0+1578+aa900b44.x86_64.rpm
- slirp4netns-0:1.1.8-3.module+el8.9.0+1445+07728297.aarch64.rpm
- slirp4netns-0:1.1.8-3.module+el8.9.0+1445+07728297.x86_64.rpm
- slirp4netns-debuginfo-0:1.1.8-3.module+el8.9.0+1445+07728297.aarch64.rpm
- slirp4netns-debuginfo-0:1.1.8-3.module+el8.9.0+1445+07728297.x86_64.rpm
- slirp4netns-debugsource-0:1.1.8-3.module+el8.9.0+1445+07728297.aarch64.rpm
- slirp4netns-debugsource-0:1.1.8-3.module+el8.9.0+1445+07728297.x86_64.rpm
- toolbox-0:0.0.99.4-5.module+el8.9.0+1445+07728297.aarch64.rpm
- toolbox-0:0.0.99.4-5.module+el8.9.0+1445+07728297.x86_64.rpm
- toolbox-debuginfo-0:0.0.99.4-5.module+el8.9.0+1445+07728297.aarch64.rpm
- toolbox-debuginfo-0:0.0.99.4-5.module+el8.9.0+1445+07728297.x86_64.rpm
- toolbox-debugsource-0:0.0.99.4-5.module+el8.9.0+1445+07728297.aarch64.rpm
- toolbox-debugsource-0:0.0.99.4-5.module+el8.9.0+1445+07728297.x86_64.rpm
- toolbox-tests-0:0.0.99.4-5.module+el8.9.0+1445+07728297.aarch64.rpm
- toolbox-tests-0:0.0.99.4-5.module+el8.9.0+1445+07728297.x86_64.rpm
- udica-0:0.2.6-4.module+el8.9.0+1445+07728297.noarch.rpm
Issued: 5/6/2024
Type: Security
Severity: Important
Affected Product
- Rocky Linux 8
Fixes
References
- No references