1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2021-0531

[ELSA-2021-0531] container-tools:ol8 security, bug fix, and enhancement update

Severity Moderate
Affected Packages 27
CVEs 1
Info Packages References Vulnerabilities

buildah
[1.16.7-4.0.1]
- Handling redirect from the docker registry Orabug: 29874238

[1.16.7-4]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.16
(https://github.com/containers/buildah/commit/aaed66b)
- Related: #1888571

[1.16.7-3]
- revert back to buildah-1.16 for the quarterly release
- Related: #1888571

[1.19.0-2]
- bump version to refrect buildah upgrade
- Related: #1888571

[1.16.7-2]
- bump to release-1.19 branch
- Related: #1888571

[1.16.5-5]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.16
(https://github.com/containers/buildah/commit/56ed75b)
- Related: #1888571

[1.16.5-4]
- simplify spec file
- use short commit ID in tarball name
- Related: #1888571

[1.16.5-3]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.16
(https://github.com/containers/buildah/commit/9e02bf9)
- Related: #1888571

[1.16.5-2]
- use shortcommit ID in branch tarball name
- Related: #1888571

[1.16.5-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

cockpit-podman
[27.1-3]
- run much more tests - patch from Matej Marusak
- Related: #1888571

[27.1-2]
- gating tests - always set VM password
- Related: #1888571

[27.1-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/27.1
- Related: #1888571

[27-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/27
- Related: #1888571

[26-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/26
- Related: #1888571

[25-5]
- remove redundant patch
- Related: #1888571

[25-4]
- replace docker.io with quay.io for gating tests due do
docker.io new pull rate limit requirements
- Related: #1888571

[25-3]
- test: Cleanup images before pulling the ones we need - thanks to Matej Marusak
- Related: #1888571

[25-2]
- remove hack in tests
- add LICENSE
- Related: #1888571

[25-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

conmon
[2:2.0.22-3]
- exclude i686 as golang is not suppoerted there
- Related: #1888571

[2:2.0.22-2]
- add BR: golang, go-md2man
- add man pages
- Related: #1888571

[2:2.0.22-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.22
- Related: #1888571

[2:2.0.21-3]
- simplify spec
- Related: #1888571

[2:2.0.21-2]
- be sure to harden the linked binary
- compile with debuginfo enabled
- Related: #1888571

[2:2.0.21-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

containernetworking-plugins
[0.9.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v0.9.0
- Related: #1888571

container-selinux
[2:2.155.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0
- Related: #1888571

[2:2.154.0-1]
- update to
https://github.com/containers/container-selinux/releases/tag/v2.154.0
- Related: #1888571

[2:2.153.0-1]
- update to
https://github.com/containers/container-selinux/releases/tag/v2.153.0
- Related: #1888571

[2:2.152.0-1]
- update to
https://github.com/containers/container-selinux/releases/tag/v2.152.0
- Related: #1888571

[2:2.151.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0
- Related: #1888571

[2:2.150.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0
- Related: #1888571

[2:2.145.0-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Resolves: #1873064

criu
[3.15-1]
- update to https://github.com/checkpoint-restore/criu/releases/tag/v3.15
- Related: #1888571

[3.14-2]
- fix 'Need to fix bugs found by coverity.'
- Related: #1821193

[3.14-1]
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193

crun
[0.16-2]
- exclude i686 because of build failures
- Related: #1888571

[0.16-1]
- update to https://github.com/containers/crun/releases/tag/0.16
- Related: #1888571

[0.15.1-1]
- update to https://github.com/containers/crun/releases/tag/0.15.1
- Related: #1888571

[0.15-2]
- backport 'exec: check read bytes from sync' (gscrivan@redhat.com)
(https://github.com/containers/crun/issues/511)
- Related: #1888571

[0.15-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

fuse-overlayfs
[1.3.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Resolves: #1921863

[1.3.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.3.0
- Related: #1888571

[1.2.0-3]
- be sure to harden the linked binary
- Related: #1888571

[1.2.0-2]
- ensure fuse module is loaded
- Related: #1888571

[1.2.0-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

libslirp
oci-seccomp-bpf-hook
[1.2.0-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.0
- Related: #1888571

podman
[2.2.1-7.0.1]
- Handling redirect from the docker registry Orabug: 29874238

[2.2.1-7]
- Resolves: #1925928 - Fix varlink GetVersion()
- Upstream PR: https://github.com/containers/podman/pull/9274

[2.2.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel
(https://github.com/containers/podman/commit/1741f15)
- Related: #1888571

[2.2.1-5]
- update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel
(https://github.com/containers/podman/commit/b5bc6a7)
- Related: #1877188

[2.2.1-4]
- add Requires: oci-runtime
- Related: #1888571

[2.2.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel
(https://github.com/containers/podman/commit/14c35f6)
- Related: #1888571

[2.2.1-2]
- update to https://github.com/containers/dnsname/releases/tag/v1.1.1

[2.2.1-1]
- update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel
(https://github.com/containers/podman/commit/a0d478e)
- Related: #1888571

[2.2.0-2]
- attempt to fix gatng tests
- Related: #1888571

[2.2.0-1]
- update to https://github.com/containers/podman/releases/tag/v2.2.0
- Related: #1888571

[2.1.1-3]
- attempt to fix linker error with golang-1.15
- add Requires: httpd-tools to tests, needed to work around
missing htpasswd in docker registry image, thanks to Ed Santiago
- Related: #1888571

[2.1.1-2]
- update to the latest content of https://github.com/containers/podman/tree/v2.1.1-rhel
(https://github.com/containers/podman/commit/450615a)
- Resolves: #1873204
- Resolves: #1884668

[2.1.1-1]
- update podman to 2.1.1-rhel
- Resolves: #1743687
- Resolves: #1811570
- Resolves: #1869322
- Resolves: #1678546
- Resolves: #1853455
- Resolves: #1874271

python-podman-api
[1.2.0-0.2.gitd0a45fe]
- revert update to 1.6.0 due to new python3-pbr dependency which
is not in RHEL
- Related: RHELPLAN-25139

[1.2.0-0.1.gitd0a45fe]
- Initial package

runc
[1.0.0-70.rc92]
- add Provides: oci-runtime = 1
- Related: #1888571

[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1888571

skopeo
[1:1.2.0-9.0.1]
- Handling redirect from the docker registry Orabug: 29874238
- Add oracle registry into the conf file [Orabug: 29845934 31306708]

[1:1.2.0-9]
- upload proper source tarball
- Related: #1888571

[1:1.2.0-8]
- revert back to version aimed at 8.3.1 - skopeo-1.2.0
- also downgrade versions of vendored libraries
- Related: #1888571

[1:1.2.1-1]
- update vendored component versions
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2
(https://github.com/containers/skopeo/commit/2e90a8a)
- Related: #1888571

[1:1.2.0-6]
- always build with debuginfo
- use less verbose output when compiling
- Related: #1888571

[1:1.2.0-5]
- re-sync config files
- assure events_logger = 'file'
- Related: #1888571

[1:1.2.0-4]
- change default logging mechanism to use for container engine events
in containers.conf to be events_logger = 'file' - it should fix
RHEL gating tests for podman nonroot (thanks to Dan Walsh)
- Related: #1888571

[1:1.2.0-3]
- simplify spec file
- use short commit ID in tarball name
- Related: #1888571

[1:1.2.0-2]
- use shortcommit ID in branch tarball name
- Related: #1888571

[1:1.2.0-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

slirp4netns
[1.1.8-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
- Related: #1888571

[1.1.7-2]
- exclude i686 because of build failures
- Related: #1888571

[1.1.7-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.7
- Related: #1888571

[1.1.6-2]
- - be sure to harden the linked binary
- Related: #1888571

[1.1.6-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.6
- Related: #1888571

udica
[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1888571

[0.2.3-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

[0.2.2-1]
- https://github.com/containers/udica/releases/tag/v0.2.2
- Related: #1821193

Package Affected Version
pkg:rpm/oraclelinux/udica?distro=oraclelinux-8.3 < 0.2.4-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/slirp4netns?distro=oraclelinux-8.3 < 1.1.8-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/skopeo?distro=oraclelinux-8.3 < 1.2.0-9.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/skopeo-tests?distro=oraclelinux-8.3 < 1.2.0-9.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/runc?distro=oraclelinux-8.3 < 1.0.0-70.rc92.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/python3-criu?distro=oraclelinux-8.3 < 3.15-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/python-podman-api?distro=oraclelinux-8.3 < 1.2.0-0.2.gitd0a45fe.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/podman?distro=oraclelinux-8.3 < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/podman-tests?distro=oraclelinux-8.3 < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/podman-remote?distro=oraclelinux-8.3 < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/podman-plugins?distro=oraclelinux-8.3 < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/podman-docker?distro=oraclelinux-8.3 < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/podman-catatonit?distro=oraclelinux-8.3 < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/oci-seccomp-bpf-hook?distro=oraclelinux-8.3 < 1.2.0-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/libslirp?distro=oraclelinux-8.3 < 4.3.1-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/libslirp-devel?distro=oraclelinux-8.3 < 4.3.1-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/fuse-overlayfs?distro=oraclelinux-8.3 < 1.3.0-2.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/crun?distro=oraclelinux-8.3 < 0.16-2.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/criu?distro=oraclelinux-8.3 < 3.15-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/crit?distro=oraclelinux-8.3 < 3.15-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/containers-common?distro=oraclelinux-8.3 < 1.2.0-9.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/containernetworking-plugins?distro=oraclelinux-8.3 < 0.9.0-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/container-selinux?distro=oraclelinux-8.3 < 2.155.0-1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/conmon?distro=oraclelinux-8.3 < 2.0.22-3.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/cockpit-podman?distro=oraclelinux-8.3 < 27.1-3.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/buildah?distro=oraclelinux-8.3 < 1.16.7-4.0.1.module+el8.3.1+9659+c1901784
pkg:rpm/oraclelinux/buildah-tests?distro=oraclelinux-8.3 < 1.16.7-4.0.1.module+el8.3.1+9659+c1901784
ID
ELSA-2021-0531
Severity
moderate
URL
https://linux.oracle.com/errata/ELSA-2021-0531.html
Published
2021-02-20T00:00:00
(3 years ago)
Modified
2021-02-20T00:00:00
(3 years ago)
Rights
Copyright 2021 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/udica?distro=oraclelinux-8.3 oraclelinux udica < 0.2.4-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/slirp4netns?distro=oraclelinux-8.3 oraclelinux slirp4netns < 1.1.8-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/skopeo?distro=oraclelinux-8.3 oraclelinux skopeo < 1.2.0-9.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/skopeo-tests?distro=oraclelinux-8.3 oraclelinux skopeo-tests < 1.2.0-9.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/runc?distro=oraclelinux-8.3 oraclelinux runc < 1.0.0-70.rc92.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/python3-criu?distro=oraclelinux-8.3 oraclelinux python3-criu < 3.15-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/python-podman-api?distro=oraclelinux-8.3 oraclelinux python-podman-api < 1.2.0-0.2.gitd0a45fe.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/podman?distro=oraclelinux-8.3 oraclelinux podman < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/podman-tests?distro=oraclelinux-8.3 oraclelinux podman-tests < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/podman-remote?distro=oraclelinux-8.3 oraclelinux podman-remote < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/podman-plugins?distro=oraclelinux-8.3 oraclelinux podman-plugins < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/podman-docker?distro=oraclelinux-8.3 oraclelinux podman-docker < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/podman-catatonit?distro=oraclelinux-8.3 oraclelinux podman-catatonit < 2.2.1-7.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/oci-seccomp-bpf-hook?distro=oraclelinux-8.3 oraclelinux oci-seccomp-bpf-hook < 1.2.0-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/libslirp?distro=oraclelinux-8.3 oraclelinux libslirp < 4.3.1-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/libslirp-devel?distro=oraclelinux-8.3 oraclelinux libslirp-devel < 4.3.1-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/fuse-overlayfs?distro=oraclelinux-8.3 oraclelinux fuse-overlayfs < 1.3.0-2.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/crun?distro=oraclelinux-8.3 oraclelinux crun < 0.16-2.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/criu?distro=oraclelinux-8.3 oraclelinux criu < 3.15-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/crit?distro=oraclelinux-8.3 oraclelinux crit < 3.15-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/containers-common?distro=oraclelinux-8.3 oraclelinux containers-common < 1.2.0-9.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/containernetworking-plugins?distro=oraclelinux-8.3 oraclelinux containernetworking-plugins < 0.9.0-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/container-selinux?distro=oraclelinux-8.3 oraclelinux container-selinux < 2.155.0-1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/conmon?distro=oraclelinux-8.3 oraclelinux conmon < 2.0.22-3.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/cockpit-podman?distro=oraclelinux-8.3 oraclelinux cockpit-podman < 27.1-3.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/buildah?distro=oraclelinux-8.3 oraclelinux buildah < 1.16.7-4.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
Affected pkg:rpm/oraclelinux/buildah-tests?distro=oraclelinux-8.3 oraclelinux buildah-tests < 1.16.7-4.0.1.module+el8.3.1+9659+c1901784 oraclelinux-8.3
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date