AlmaLinux 2325 Published by

A container-tools:rhel8 security, bug fix, and enhancement update has been released for AlmaLinux 8.



ALSA-2022:7822 Low: container-tools:rhel8 security, bug fix, and enhancement update


Type:
security

Severity:
low

Release date:
2022-11-15

Description
Security Fix(es):
* podman: possible information disclosure and modification (CVE-2022-2989)
* buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644)
* (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645)
* podman kill may deadlock (BZ#2125647)
* Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied AlmaLinux 8.7 (BZ#2125648)
* containers-common-1-44 is missing RPM-GPG-KEY-AlmaLinux-beta AlmaLinux 8.7 (BZ#2125686)
* ADD Dockerfile reference is not validating HTTP status code rhel8-8.7.0 (BZ#2129767)
* Two aardvark-dns instances trying to use the same port on the same interface. rhel-8.7.0.z (netavark) (BZ#2130234)
* containers config.json gets empty after sudden power loss (BZ#2130236)
* PANIC podman API service endpoint handler panic (BZ#2132412)
* Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390)
* Skopeo push image to AlmaLinux quay with sigstore was failed (BZ#2136406)
* Podman push image to AlmaLinux quay with sigstore was failed (BZ#2136433)
* Buildah push image to AlmaLinux quay with sigstore was failed (BZ#2136438)
* Two aardvark-dns instances trying to use the same port on the same interface. rhel-8.8 (aardvark-dns) (BZ#2137295)
Enhancement(s):
* RFEPodman support to perform custom actions on unhealthy containers (BZ#2130911)
* RFE python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360)
* Podman volume plugin timeout should be configurable (BZ#2132992)

References:
RHSA-2022:7822
CVE-2022-2989
CVE-2022-2990
ALSA-2022:7822

Updates packages:
udica-0.2.6-3.module_el8.7.0+3344+484dae7b.noarch.rpm
cockpit-podman-53-1.module_el8.7.0+3344+484dae7b.noarch.rpm
container-selinux-2.189.0-1.module_el8.7.0+3344+5bcd850f.noarch.rpm
python3-podman-4.2.1-1.module_el8.7.0+3344+484dae7b.noarch.rpm
podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
fuse-overlayfs-1.9-1.module_el8.7.0+3344+5bcd850f.ppc64le.rpm
podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.ppc64le.rpm
podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
criu-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
criu-devel-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.ppc64le.rpm
toolbox-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
python3-criu-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.ppc64le.rpm
libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
criu-libs-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
podman-docker-4.2.0-4.module_el8.7.0+3344+484dae7b.noarch.rpm
slirp4netns-1.2.0-2.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
podman-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
crit-3.15-3.module_el8.6.0+2877+8e437bf5.ppc64le.rpm
buildah-1.27.2-2.module_el8.7.0+3348+f3135399.ppc64le.rpm
skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
runc-1.1.4-1.module_el8.7.0+3344+484dae7b.ppc64le.rpm
crun-1.5-1.module_el8.7.0+3344+5bcd850f.ppc64le.rpm
containers-common-1-43.module_el8.7.0+3344+484dae7b.ppc64le.rpm
podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.ppc64le.rpm
podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.ppc64le.rpm
buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.ppc64le.rpm
crun-1.5-1.module_el8.7.0+3344+5bcd850f.x86_64.rpm
fuse-overlayfs-1.9-1.module_el8.7.0+3344+5bcd850f.x86_64.rpm
skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm
containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.x86_64.rpm
aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.x86_64.rpm
toolbox-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.x86_64.rpm
containers-common-1-43.module_el8.7.0+3344+484dae7b.x86_64.rpm
slirp4netns-1.2.0-2.module_el8.6.0+3070+1510fbd1.x86_64.rpm
skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
criu-devel-3.15-3.module_el8.6.0+2877+8e437bf5.x86_64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.x86_64.rpm
podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
crit-3.15-3.module_el8.6.0+2877+8e437bf5.x86_64.rpm
podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.x86_64.rpm
conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
criu-libs-3.15-3.module_el8.6.0+2877+8e437bf5.x86_64.rpm
runc-1.1.4-1.module_el8.7.0+3344+484dae7b.x86_64.rpm
podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
buildah-1.27.2-2.module_el8.7.0+3348+f3135399.x86_64.rpm
buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.x86_64.rpm
podman-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
criu-3.15-3.module_el8.6.0+2877+8e437bf5.x86_64.rpm
python3-criu-3.15-3.module_el8.6.0+2877+8e437bf5.x86_64.rpm
toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.x86_64.rpm
libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.x86_64.rpm
podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.x86_64.rpm
skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.s390x.rpm
containers-common-1-43.module_el8.7.0+3344+484dae7b.s390x.rpm
libslirp-devel-4.4.0-1.module_el8.6.0+3137+d33c3efb.s390x.rpm
podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
fuse-overlayfs-1.9-1.module_el8.7.0+3344+5bcd850f.s390x.rpm
netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.s390x.rpm
criu-devel-3.15-3.module_el8.6.0+3137+d33c3efb.s390x.rpm
buildah-1.27.2-2.module_el8.7.0+3348+f3135399.s390x.rpm
runc-1.1.4-1.module_el8.7.0+3344+484dae7b.s390x.rpm
crit-3.15-3.module_el8.6.0+3137+d33c3efb.s390x.rpm
buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.s390x.rpm
python3-criu-3.15-3.module_el8.6.0+3137+d33c3efb.s390x.rpm
toolbox-0.0.99.3-0.6.module_el8.6.0+3128+1510fbd1.s390x.rpm
podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3128+1510fbd1.s390x.rpm
crun-1.5-1.module_el8.7.0+3344+5bcd850f.s390x.rpm
podman-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.s390x.rpm
podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
slirp4netns-1.2.0-2.module_el8.6.0+3128+1510fbd1.s390x.rpm
criu-3.15-3.module_el8.6.0+3137+d33c3efb.s390x.rpm
podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.s390x.rpm
criu-libs-3.15-3.module_el8.6.0+3137+d33c3efb.s390x.rpm
libslirp-4.4.0-1.module_el8.6.0+3137+d33c3efb.s390x.rpm
containernetworking-plugins-1.1.1-3.module_el8.6.0+3128+1510fbd1.s390x.rpm
conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.s390x.rpm
skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.s390x.rpm
oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.s390x.rpm
aardvark-dns-1.1.0-5.module_el8.7.0+3344+484dae7b.aarch64.rpm
slirp4netns-1.2.0-2.module_el8.6.0+3070+1510fbd1.aarch64.rpm
buildah-1.27.2-2.module_el8.7.0+3348+f3135399.aarch64.rpm
podman-plugins-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
toolbox-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.aarch64.rpm
skopeo-tests-1.9.3-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
skopeo-1.9.3-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
criu-devel-3.15-3.module_el8.6.0+2877+8e437bf5.aarch64.rpm
podman-gvproxy-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
podman-tests-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
libslirp-4.4.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm
containers-common-1-43.module_el8.7.0+3344+484dae7b.aarch64.rpm
conmon-2.1.4-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
podman-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
containernetworking-plugins-1.1.1-3.module_el8.6.0+3070+1510fbd1.aarch64.rpm
runc-1.1.4-1.module_el8.7.0+3344+484dae7b.aarch64.rpm
netavark-1.1.0-7.module_el8.7.0+3344+484dae7b.aarch64.rpm
fuse-overlayfs-1.9-1.module_el8.7.0+3344+5bcd850f.aarch64.rpm
libslirp-devel-4.4.0-1.module_el8.6.0+2877+8e437bf5.aarch64.rpm
toolbox-tests-0.0.99.3-0.6.module_el8.6.0+3070+1510fbd1.aarch64.rpm
buildah-tests-1.27.2-2.module_el8.7.0+3348+f3135399.aarch64.rpm
podman-remote-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
podman-catatonit-4.2.0-4.module_el8.7.0+3344+484dae7b.aarch64.rpm
criu-3.15-3.module_el8.6.0+2877+8e437bf5.aarch64.rpm
crun-1.5-1.module_el8.7.0+3344+5bcd850f.aarch64.rpm
criu-libs-3.15-3.module_el8.6.0+2877+8e437bf5.aarch64.rpm
crit-3.15-3.module_el8.6.0+2877+8e437bf5.aarch64.rpm
python3-criu-3.15-3.module_el8.6.0+2877+8e437bf5.aarch64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module_el8.6.0+3336+00d107d5.aarch64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2022:7822 Low: container-tools:rhel8 security, bug fix, and enhancement update