[RHSA-2020:1926] container-tools:1.0 security and bug fix update

Severity Important

Affected Packages 54

CVEs 1

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

conflicting requests: failed to install container-tools:1.0 (BZ#1813776)
podman run container error with avc denied (BZ#1816541)

Package	Affected Version
pkg:rpm/redhat/slirp4netns?arch=x86_64&distro=redhat-8.2	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/slirp4netns?arch=s390x&distro=redhat-8.2	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/slirp4netns?arch=ppc64le&distro=redhat-8.2	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/slirp4netns?arch=aarch64&distro=redhat-8.2	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/runc?arch=x86_64&distro=redhat-8.2	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/runc?arch=s390x&distro=redhat-8.2	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/runc?arch=ppc64le&distro=redhat-8.2	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/runc?arch=aarch64&distro=redhat-8.2	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/python3-criu?arch=x86_64&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/python3-criu?arch=s390x&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/python3-criu?arch=ppc64le&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/python3-criu?arch=aarch64&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-8.2	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/podman?arch=s390x&distro=redhat-8.2	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-8.2	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-8.2	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/podman-docker?distro=redhat-8.2	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-umount?arch=x86_64&distro=redhat-8.2	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-umount?arch=s390x&distro=redhat-8.2	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-umount?arch=ppc64le&distro=redhat-8.2	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-umount?arch=aarch64&distro=redhat-8.2	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-systemd-hook?arch=x86_64&distro=redhat-8.2	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-systemd-hook?arch=s390x&distro=redhat-8.2	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-systemd-hook?arch=ppc64le&distro=redhat-8.2	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/oci-systemd-hook?arch=aarch64&distro=redhat-8.2	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/fuse-overlayfs?arch=x86_64&distro=redhat-8.2	< 0.3-5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/fuse-overlayfs?arch=s390x&distro=redhat-8.2	< 0.3-5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/fuse-overlayfs?arch=ppc64le&distro=redhat-8.2	< 0.3-5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/fuse-overlayfs?arch=aarch64&distro=redhat-8.2	< 0.3-5.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/criu?arch=x86_64&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/criu?arch=s390x&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/criu?arch=ppc64le&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/criu?arch=aarch64&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/crit?arch=x86_64&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/crit?arch=s390x&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/crit?arch=ppc64le&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/crit?arch=aarch64&distro=redhat-8.2	< 3.12-9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containers-common?arch=x86_64&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containers-common?arch=s390x&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containers-common?arch=ppc64le&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containers-common?arch=aarch64&distro=redhat-8.2	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containernetworking-plugins?arch=x86_64&distro=redhat-8.2	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containernetworking-plugins?arch=s390x&distro=redhat-8.2	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containernetworking-plugins?arch=ppc64le&distro=redhat-8.2	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/containernetworking-plugins?arch=aarch64&distro=redhat-8.2	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/container-selinux?distro=redhat-8.2	< 2.124.0-1.gitf958d0c.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-8.2	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-8.2	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-8.2	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca
pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-8.2	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca

ID

RHSA-2020:1926

Severity

important

URL

https://access.redhat.com/errata/RHSA-2020:1926

Published

2020-04-28T00:00:00
(4 years ago)

Modified

2020-04-28T00:00:00
(4 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1817651	https://bugzilla.redhat.com/1817651
RHSA	RHSA-2020:1926	https://access.redhat.com/errata/RHSA-2020:1926
CVE	CVE-2020-10696	https://access.redhat.com/security/cve/CVE-2020-10696

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/slirp4netns?arch=x86_64&distro=redhat-8.2	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/slirp4netns?arch=s390x&distro=redhat-8.2	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/slirp4netns?arch=ppc64le&distro=redhat-8.2	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/slirp4netns?arch=aarch64&distro=redhat-8.2	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-8.2	redhat	skopeo	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-8.2	redhat	skopeo	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-8.2	redhat	skopeo	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-8.2	redhat	skopeo	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/runc?arch=x86_64&distro=redhat-8.2	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/runc?arch=s390x&distro=redhat-8.2	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/runc?arch=ppc64le&distro=redhat-8.2	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/runc?arch=aarch64&distro=redhat-8.2	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/python3-criu?arch=x86_64&distro=redhat-8.2	redhat	python3-criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/python3-criu?arch=s390x&distro=redhat-8.2	redhat	python3-criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/python3-criu?arch=ppc64le&distro=redhat-8.2	redhat	python3-criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/python3-criu?arch=aarch64&distro=redhat-8.2	redhat	python3-criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-8.2	redhat	podman	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/podman?arch=s390x&distro=redhat-8.2	redhat	podman	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-8.2	redhat	podman	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-8.2	redhat	podman	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/podman-docker?distro=redhat-8.2	redhat	podman-docker	< 1.0.0-4.git921f98f.module+el8.2.0+6370+6fb6c8ca	redhat-8.2
Affected	pkg:rpm/redhat/oci-umount?arch=x86_64&distro=redhat-8.2	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/oci-umount?arch=s390x&distro=redhat-8.2	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/oci-umount?arch=ppc64le&distro=redhat-8.2	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/oci-umount?arch=aarch64&distro=redhat-8.2	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=x86_64&distro=redhat-8.2	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=s390x&distro=redhat-8.2	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=ppc64le&distro=redhat-8.2	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=aarch64&distro=redhat-8.2	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=x86_64&distro=redhat-8.2	redhat	fuse-overlayfs	< 0.3-5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=s390x&distro=redhat-8.2	redhat	fuse-overlayfs	< 0.3-5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=ppc64le&distro=redhat-8.2	redhat	fuse-overlayfs	< 0.3-5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=aarch64&distro=redhat-8.2	redhat	fuse-overlayfs	< 0.3-5.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/criu?arch=x86_64&distro=redhat-8.2	redhat	criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/criu?arch=s390x&distro=redhat-8.2	redhat	criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/criu?arch=ppc64le&distro=redhat-8.2	redhat	criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/criu?arch=aarch64&distro=redhat-8.2	redhat	criu	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/crit?arch=x86_64&distro=redhat-8.2	redhat	crit	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/crit?arch=s390x&distro=redhat-8.2	redhat	crit	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/crit?arch=ppc64le&distro=redhat-8.2	redhat	crit	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/crit?arch=aarch64&distro=redhat-8.2	redhat	crit	< 3.12-9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/containers-common?arch=x86_64&distro=redhat-8.2	redhat	containers-common	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/containers-common?arch=s390x&distro=redhat-8.2	redhat	containers-common	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/containers-common?arch=ppc64le&distro=redhat-8.2	redhat	containers-common	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/containers-common?arch=aarch64&distro=redhat-8.2	redhat	containers-common	< 0.1.32-4.git1715c90.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=x86_64&distro=redhat-8.2	redhat	containernetworking-plugins	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=s390x&distro=redhat-8.2	redhat	containernetworking-plugins	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=ppc64le&distro=redhat-8.2	redhat	containernetworking-plugins	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=aarch64&distro=redhat-8.2	redhat	containernetworking-plugins	< 0.7.4-3.git9ebe139.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64
Affected	pkg:rpm/redhat/container-selinux?distro=redhat-8.2	redhat	container-selinux	< 2.124.0-1.gitf958d0c.module+el8.2.0+6370+6fb6c8ca	redhat-8.2
Affected	pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-8.2	redhat	buildah	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	x86_64
Affected	pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-8.2	redhat	buildah	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	s390x
Affected	pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-8.2	redhat	buildah	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	ppc64le
Affected	pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-8.2	redhat	buildah	< 1.5-4.gite94b4f9.module+el8.2.0+6370+6fb6c8ca	redhat-8.2	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date