[RHSA-2019:0975] container-tools:rhel8 security and bug fix update
Severity
Important
Affected Packages
42
CVEs
1
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
- A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
[stream rhel8] rebase container-selinux to 2.94 (BZ#1693675)
[stream rhel8] unable to mount disk at
/var/lib/containers
viasystemd
unit whencontainer-selinux
policy installed (BZ#1695669)[stream rhel8] don't allow a container to connect to random services (BZ#1695689)
- ID
- RHSA-2019:0975
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:0975
- Published
-
2019-05-07T00:00:00
(5 years ago) - Modified
-
2019-05-07T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS-2019-1156
- ALPINE:CVE-2019-5736
- ALSA-2019:0975
- ASA-201902-20
- ASA-201902-6
- CISCO-SA-20190215-RUNC
- ELSA-2019-0975
- ELSA-2019-4540
- ELSA-2019-4550
- ELSA-2019-4551
- ELSA-2021-9203
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-352d4b9cd8
- FEDORA-2019-3f19f13ecd
- FEDORA-2019-4bed83e978
- FEDORA-2019-4dc1e39b34
- FEDORA-2019-6174b47003
- FEDORA-2019-829524f28f
- FEDORA-2019-963ea958f9
- FEDORA-2019-a5f616808e
- FEDORA-2019-bc70b381ad
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-df2e68aa6b
- FEDORA-2019-f455ef79b8
- FEDORA-2019-fd9345f44a
- GLSA-202003-21
- MS:CVE-2019-5736
- openSUSE-SU-2019:0170-1
- openSUSE-SU-2019:0208-1
- openSUSE-SU-2019:0252-1
- openSUSE-SU-2019:0295-1
- openSUSE-SU-2019:1227-1
- openSUSE-SU-2019:1275-1
- openSUSE-SU-2019:1444-1
- openSUSE-SU-2019:1499-1
- openSUSE-SU-2019:1506-1
- openSUSE-SU-2019:2021-1
- openSUSE-SU-2019:2245-1
- openSUSE-SU-2019:2286-1
- RLSA-2019:0975
- SUSE-SU-2019:0362-1
- SUSE-SU-2019:0385-1
- SUSE-SU-2019:0495-1
- SUSE-SU-2019:0573-1
- SUSE-SU-2019:1234-1
- SUSE-SU-2019:1234-2
- SUSE-SU-2019:2117-1
- SUSE-SU-2019:2119-1
- SUSE-SU-2021:1458-1
- USN-4048-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1664908 | https://bugzilla.redhat.com/1664908 | |
RHSA | RHSA-2019:0975 | https://access.redhat.com/errata/RHSA-2019:0975 | |
CVE | CVE-2019-5736 | https://access.redhat.com/security/cve/CVE-2019-5736 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/slirp4netns?arch=x86_64&distro=redhat-8.0 | redhat | slirp4netns | < 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/slirp4netns?arch=s390x&distro=redhat-8.0 | redhat | slirp4netns | < 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/slirp4netns?arch=ppc64le&distro=redhat-8.0 | redhat | slirp4netns | < 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/slirp4netns?arch=aarch64&distro=redhat-8.0 | redhat | slirp4netns | < 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-8.0 | redhat | skopeo | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-8.0 | redhat | skopeo | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-8.0 | redhat | skopeo | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-8.0 | redhat | skopeo | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/runc?arch=x86_64&distro=redhat-8.0 | redhat | runc | < 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/runc?arch=s390x&distro=redhat-8.0 | redhat | runc | < 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/runc?arch=ppc64le&distro=redhat-8.0 | redhat | runc | < 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/runc?arch=aarch64&distro=redhat-8.0 | redhat | runc | < 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-8.0 | redhat | podman | < 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/podman?arch=s390x&distro=redhat-8.0 | redhat | podman | < 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-8.0 | redhat | podman | < 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-8.0 | redhat | podman | < 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/podman-docker?distro=redhat-8.0 | redhat | podman-docker | < 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | ||
Affected | pkg:rpm/redhat/oci-umount?arch=x86_64&distro=redhat-8.0 | redhat | oci-umount | < 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/oci-umount?arch=s390x&distro=redhat-8.0 | redhat | oci-umount | < 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/oci-umount?arch=ppc64le&distro=redhat-8.0 | redhat | oci-umount | < 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/oci-umount?arch=aarch64&distro=redhat-8.0 | redhat | oci-umount | < 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/oci-systemd-hook?arch=x86_64&distro=redhat-8.0 | redhat | oci-systemd-hook | < 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/oci-systemd-hook?arch=s390x&distro=redhat-8.0 | redhat | oci-systemd-hook | < 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/oci-systemd-hook?arch=ppc64le&distro=redhat-8.0 | redhat | oci-systemd-hook | < 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/oci-systemd-hook?arch=aarch64&distro=redhat-8.0 | redhat | oci-systemd-hook | < 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/fuse-overlayfs?arch=x86_64&distro=redhat-8.0 | redhat | fuse-overlayfs | < 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/fuse-overlayfs?arch=s390x&distro=redhat-8.0 | redhat | fuse-overlayfs | < 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/fuse-overlayfs?arch=ppc64le&distro=redhat-8.0 | redhat | fuse-overlayfs | < 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/fuse-overlayfs?arch=aarch64&distro=redhat-8.0 | redhat | fuse-overlayfs | < 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/containers-common?arch=x86_64&distro=redhat-8.0 | redhat | containers-common | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/containers-common?arch=s390x&distro=redhat-8.0 | redhat | containers-common | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/containers-common?arch=ppc64le&distro=redhat-8.0 | redhat | containers-common | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/containers-common?arch=aarch64&distro=redhat-8.0 | redhat | containers-common | < 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/containernetworking-plugins?arch=x86_64&distro=redhat-8.0 | redhat | containernetworking-plugins | < 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/containernetworking-plugins?arch=s390x&distro=redhat-8.0 | redhat | containernetworking-plugins | < 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/containernetworking-plugins?arch=ppc64le&distro=redhat-8.0 | redhat | containernetworking-plugins | < 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/containernetworking-plugins?arch=aarch64&distro=redhat-8.0 | redhat | containernetworking-plugins | < 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/container-selinux?distro=redhat-8.0 | redhat | container-selinux | < 2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551 | redhat-8.0 | ||
Affected | pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-8.0 | redhat | buildah | < 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-8.0 | redhat | buildah | < 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-8.0 | redhat | buildah | < 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-8.0 | redhat | buildah | < 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |