El-errata: ELSA-2021-2370 Important: Oracle Linux 8 container-tools:3.0 security update
Oracle Linux Security Advisory ELSA-2021-2370
http://linux.oracle.com/errata/ELSA-2021-2370.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
buildah-tests-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.noarch.rpm
conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
containers-common-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm
crit-3.15-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
criu-3.15-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
crun-0.18-2.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
libslirp-devel-4.3.1-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
podman-docker-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.noarch.rpm
podman-plugins-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
podman-remote-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
podman-tests-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
python3-criu-3.15-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
skopeo-tests-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.x86_64.rpm
udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm
aarch64:
buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
buildah-tests-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.noarch.rpm
conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
containers-common-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm
crit-3.15-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
criu-3.15-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
crun-0.18-2.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
libslirp-devel-4.3.1-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
podman-docker-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.noarch.rpm
podman-plugins-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
podman-remote-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
podman-tests-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
python3-criu-3.15-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
skopeo-tests-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.aarch64.rpm
udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/buildah-1.19.7-1.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/cockpit-podman-29-2.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.0.26-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containernetworking-plugins-0.9.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/container-selinux-2.158.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/criu-3.15-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/crun-0.18-2.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/fuse-overlayfs-1.4.0-2.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/libslirp-4.3.1-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/podman-3.0.1-6.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/runc-1.0.0-71.rc92.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/skopeo-1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/slirp4netns-1.1.8-1.module+el8.4.0+20196+91e9c2ae.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/udica-0.2.4-1.module+el8.4.0+20196+91e9c2ae.src.rpm
Related CVEs:
CVE-2021-30465
Description of changes:
buildah
[1.19.7-1.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
[1.19.7-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.19
( https://github.com/containers/buildah/commit/a2854ed)
- Resolves: #1935376
cockpit-podman
[29-2]
- fix gating test failure for cockpit-podman
- Related: #1914884
[29-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29
- Related: #1883490
conmon
[2:2.0.26-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.26
- Related: #1883490
containernetworking-plugins
[0.9.1-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v0.9.1
- Related: #1883490
container-selinux
[2:2.158.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490
criu
[3.15-1]
- update to https://github.com/checkpoint-restore/criu/releases/tag/v3.15
- Related: #1883490
crun
[0.18-2]
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490
fuse-overlayfs
[1.4.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Related: #1883490
[1.4.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0
- Related: #1883490
oci-seccomp-bpf-hook
[1.2.0-1]
- revert back to 1.2.0 - build issues
- Related: #1883490
[1.2.1-1]
- update to
https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
- require crun >= 0.17
- Related: #1883490
podman
[3.0.1-6.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
[3.0.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel
( https://github.com/containers/podman/commit/ad1aaba)
- Resolves: #1921128
- Resolves: #1936927
- Resolves: #1938234
runc
[1.0.0-71.rc92]
- fix CVE-2021-30465
- Related: #1955655
[1.0.0-70.rc92]
- add missing Provides: oci-runtime = 1
- Related: #1883490
[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1883490
[1.0.0-68.rc92]
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
- Related: #1821193
skopeo
[1.2.2-7.0.1]
- Ignore rhel-shortnames.conf [JIRA: OLDIS-3902]
- Temporarily update shortnames.conf for oraclelinux to point to docker [JIRA: OLDIS-3902]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]
[1:1.2.2-7]
- use runc as default OCI runtime in RHEL8
- Resolves: #1940854
slirp4netns
[1.1.8-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
- Related: #1883490
udica
[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490
A container-tools:3.0 security update has been released for Oracle Linux 8.