[RHSA-2019:0975] container-tools:rhel8 security and bug fix update
Severity
Important
Affected Packages
42
CVEs
1
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
- A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
[stream rhel8] rebase container-selinux to 2.94 (BZ#1693675)
[stream rhel8] unable to mount disk at
/var/lib/containersviasystemdunit whencontainer-selinuxpolicy installed (BZ#1695669)[stream rhel8] don't allow a container to connect to random services (BZ#1695689)
- ID
- RHSA-2019:0975
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:0975
- Published
-
2019-05-07T00:00:00
(5 years ago) - Modified
-
2019-05-07T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2019-1156
-
ALPINE:CVE-2019-5736
-
ALSA-2019:0975
-
ASA-201902-20
-
ASA-201902-6
-
CISCO-SA-20190215-RUNC
-
ELSA-2019-0975
-
ELSA-2019-4540
-
ELSA-2019-4550
-
ELSA-2019-4551
-
ELSA-2021-9203
-
FEDORA-2019-2baa1f7b19
-
FEDORA-2019-352d4b9cd8
-
FEDORA-2019-3f19f13ecd
-
FEDORA-2019-4bed83e978
-
FEDORA-2019-4dc1e39b34
-
FEDORA-2019-6174b47003
-
FEDORA-2019-829524f28f
-
FEDORA-2019-963ea958f9
-
FEDORA-2019-a5f616808e
-
FEDORA-2019-bc70b381ad
-
FEDORA-2019-c1dac1b3b8
-
FEDORA-2019-df2e68aa6b
-
FEDORA-2019-f455ef79b8
-
FEDORA-2019-fd9345f44a
-
GLSA-202003-21
-
MS:CVE-2019-5736
-
openSUSE-SU-2019:0170-1
-
openSUSE-SU-2019:0208-1
-
openSUSE-SU-2019:0252-1
-
openSUSE-SU-2019:0295-1
-
openSUSE-SU-2019:1227-1
-
openSUSE-SU-2019:1275-1
-
openSUSE-SU-2019:1444-1
-
openSUSE-SU-2019:1499-1
-
openSUSE-SU-2019:1506-1
-
openSUSE-SU-2019:2021-1
-
openSUSE-SU-2019:2245-1
-
openSUSE-SU-2019:2286-1
-
RLSA-2019:0975
-
SUSE-SU-2019:0362-1
-
SUSE-SU-2019:0385-1
-
SUSE-SU-2019:0495-1
-
SUSE-SU-2019:0573-1
-
SUSE-SU-2019:1234-1
-
SUSE-SU-2019:1234-2
-
SUSE-SU-2019:2117-1
-
SUSE-SU-2019:2119-1
-
SUSE-SU-2021:1458-1
-
USN-4048-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1664908 |
|
|
| RHSA | RHSA-2019:0975 |
|
|
| CVE | CVE-2019-5736 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/slirp4netns?arch=x86_64&distro=redhat-8.0 | redhat |
 slirp4netns
|
< 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/slirp4netns?arch=s390x&distro=redhat-8.0 | redhat |
slirp4netns
|
< 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/slirp4netns?arch=ppc64le&distro=redhat-8.0 | redhat |
slirp4netns
|
< 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/slirp4netns?arch=aarch64&distro=redhat-8.0 | redhat |
slirp4netns
|
< 0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-8.0 | redhat |
skopeo
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-8.0 | redhat |
skopeo
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-8.0 | redhat |
skopeo
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-8.0 | redhat |
skopeo
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/runc?arch=x86_64&distro=redhat-8.0 | redhat |
runc
|
< 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/runc?arch=s390x&distro=redhat-8.0 | redhat |
runc
|
< 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/runc?arch=ppc64le&distro=redhat-8.0 | redhat |
runc
|
< 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/runc?arch=aarch64&distro=redhat-8.0 | redhat |
runc
|
< 1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-8.0 | redhat |
podman
|
< 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/podman?arch=s390x&distro=redhat-8.0 | redhat |
podman
|
< 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-8.0 | redhat |
podman
|
< 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-8.0 | redhat |
podman
|
< 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/podman-docker?distro=redhat-8.0 | redhat |
podman-docker
|
< 1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551 | redhat-8.0 | ||
| Affected | pkg:rpm/redhat/oci-umount?arch=x86_64&distro=redhat-8.0 | redhat |
oci-umount
|
< 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/oci-umount?arch=s390x&distro=redhat-8.0 | redhat |
oci-umount
|
< 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/oci-umount?arch=ppc64le&distro=redhat-8.0 | redhat |
oci-umount
|
< 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/oci-umount?arch=aarch64&distro=redhat-8.0 | redhat |
oci-umount
|
< 2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/oci-systemd-hook?arch=x86_64&distro=redhat-8.0 | redhat |
oci-systemd-hook
|
< 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/oci-systemd-hook?arch=s390x&distro=redhat-8.0 | redhat |
oci-systemd-hook
|
< 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/oci-systemd-hook?arch=ppc64le&distro=redhat-8.0 | redhat |
oci-systemd-hook
|
< 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/oci-systemd-hook?arch=aarch64&distro=redhat-8.0 | redhat |
oci-systemd-hook
|
< 0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/fuse-overlayfs?arch=x86_64&distro=redhat-8.0 | redhat |
fuse-overlayfs
|
< 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/fuse-overlayfs?arch=s390x&distro=redhat-8.0 | redhat |
fuse-overlayfs
|
< 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/fuse-overlayfs?arch=ppc64le&distro=redhat-8.0 | redhat |
fuse-overlayfs
|
< 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/fuse-overlayfs?arch=aarch64&distro=redhat-8.0 | redhat |
fuse-overlayfs
|
< 0.3-2.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/containers-common?arch=x86_64&distro=redhat-8.0 | redhat |
containers-common
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/containers-common?arch=s390x&distro=redhat-8.0 | redhat |
containers-common
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/containers-common?arch=ppc64le&distro=redhat-8.0 | redhat |
containers-common
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/containers-common?arch=aarch64&distro=redhat-8.0 | redhat |
containers-common
|
< 0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/containernetworking-plugins?arch=x86_64&distro=redhat-8.0 | redhat |
containernetworking-plugins
|
< 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/containernetworking-plugins?arch=s390x&distro=redhat-8.0 | redhat |
containernetworking-plugins
|
< 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/containernetworking-plugins?arch=ppc64le&distro=redhat-8.0 | redhat |
containernetworking-plugins
|
< 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/containernetworking-plugins?arch=aarch64&distro=redhat-8.0 | redhat |
containernetworking-plugins
|
< 0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/container-selinux?distro=redhat-8.0 | redhat |
container-selinux
|
< 2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551 | redhat-8.0 | ||
| Affected | pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-8.0 | redhat |
buildah
|
< 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-8.0 | redhat |
buildah
|
< 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-8.0 | redhat |
buildah
|
< 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-8.0 | redhat |
buildah
|
< 1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551 | redhat-8.0 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |