[RHSA-2021:0705] container-tools:1.0 security update

Severity Important

Affected Packages 54

CVEs 1

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

podman: container users permissions are not respected in privileged containers (CVE-2021-20188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/slirp4netns?arch=x86_64&distro=redhat-8.3	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/slirp4netns?arch=s390x&distro=redhat-8.3	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/slirp4netns?arch=ppc64le&distro=redhat-8.3	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/slirp4netns?arch=aarch64&distro=redhat-8.3	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/runc?arch=x86_64&distro=redhat-8.3	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/runc?arch=s390x&distro=redhat-8.3	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/runc?arch=ppc64le&distro=redhat-8.3	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/runc?arch=aarch64&distro=redhat-8.3	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/python3-criu?arch=x86_64&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/python3-criu?arch=s390x&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/python3-criu?arch=ppc64le&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/python3-criu?arch=aarch64&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-8.3	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/podman?arch=s390x&distro=redhat-8.3	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-8.3	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-8.3	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/podman-docker?distro=redhat-8.3	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-umount?arch=x86_64&distro=redhat-8.3	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-umount?arch=s390x&distro=redhat-8.3	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-umount?arch=ppc64le&distro=redhat-8.3	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-umount?arch=aarch64&distro=redhat-8.3	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-systemd-hook?arch=x86_64&distro=redhat-8.3	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-systemd-hook?arch=s390x&distro=redhat-8.3	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-systemd-hook?arch=ppc64le&distro=redhat-8.3	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/oci-systemd-hook?arch=aarch64&distro=redhat-8.3	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/fuse-overlayfs?arch=x86_64&distro=redhat-8.3	< 0.3-5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/fuse-overlayfs?arch=s390x&distro=redhat-8.3	< 0.3-5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/fuse-overlayfs?arch=ppc64le&distro=redhat-8.3	< 0.3-5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/fuse-overlayfs?arch=aarch64&distro=redhat-8.3	< 0.3-5.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/criu?arch=x86_64&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/criu?arch=s390x&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/criu?arch=ppc64le&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/criu?arch=aarch64&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/crit?arch=x86_64&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/crit?arch=s390x&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/crit?arch=ppc64le&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/crit?arch=aarch64&distro=redhat-8.3	< 3.12-9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containers-common?arch=x86_64&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containers-common?arch=s390x&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containers-common?arch=ppc64le&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containers-common?arch=aarch64&distro=redhat-8.3	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containernetworking-plugins?arch=x86_64&distro=redhat-8.3	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containernetworking-plugins?arch=s390x&distro=redhat-8.3	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containernetworking-plugins?arch=ppc64le&distro=redhat-8.3	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/containernetworking-plugins?arch=aarch64&distro=redhat-8.3	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/container-selinux?distro=redhat-8.3	< 2.124.0-1.gitf958d0c.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-8.3	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-8.3	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-8.3	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43
pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-8.3	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43

ID

RHSA-2021:0705

Severity

important

URL

https://access.redhat.com/errata/RHSA-2021:0705

Published

2021-03-02T00:00:00
(3 years ago)

Modified

2021-03-02T00:00:00
(3 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1915734	https://bugzilla.redhat.com/1915734
RHSA	RHSA-2021:0705	https://access.redhat.com/errata/RHSA-2021:0705
CVE	CVE-2021-20188	https://access.redhat.com/security/cve/CVE-2021-20188

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/slirp4netns?arch=x86_64&distro=redhat-8.3	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/slirp4netns?arch=s390x&distro=redhat-8.3	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/slirp4netns?arch=ppc64le&distro=redhat-8.3	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/slirp4netns?arch=aarch64&distro=redhat-8.3	redhat	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-8.3	redhat	skopeo	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-8.3	redhat	skopeo	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-8.3	redhat	skopeo	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-8.3	redhat	skopeo	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/runc?arch=x86_64&distro=redhat-8.3	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/runc?arch=s390x&distro=redhat-8.3	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/runc?arch=ppc64le&distro=redhat-8.3	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/runc?arch=aarch64&distro=redhat-8.3	redhat	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/python3-criu?arch=x86_64&distro=redhat-8.3	redhat	python3-criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/python3-criu?arch=s390x&distro=redhat-8.3	redhat	python3-criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/python3-criu?arch=ppc64le&distro=redhat-8.3	redhat	python3-criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/python3-criu?arch=aarch64&distro=redhat-8.3	redhat	python3-criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-8.3	redhat	podman	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/podman?arch=s390x&distro=redhat-8.3	redhat	podman	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-8.3	redhat	podman	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-8.3	redhat	podman	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/podman-docker?distro=redhat-8.3	redhat	podman-docker	< 1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43	redhat-8.3
Affected	pkg:rpm/redhat/oci-umount?arch=x86_64&distro=redhat-8.3	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/oci-umount?arch=s390x&distro=redhat-8.3	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/oci-umount?arch=ppc64le&distro=redhat-8.3	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/oci-umount?arch=aarch64&distro=redhat-8.3	redhat	oci-umount	< 2.3.4-2.git87f9237.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=x86_64&distro=redhat-8.3	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=s390x&distro=redhat-8.3	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=ppc64le&distro=redhat-8.3	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/oci-systemd-hook?arch=aarch64&distro=redhat-8.3	redhat	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=x86_64&distro=redhat-8.3	redhat	fuse-overlayfs	< 0.3-5.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=s390x&distro=redhat-8.3	redhat	fuse-overlayfs	< 0.3-5.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=ppc64le&distro=redhat-8.3	redhat	fuse-overlayfs	< 0.3-5.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/fuse-overlayfs?arch=aarch64&distro=redhat-8.3	redhat	fuse-overlayfs	< 0.3-5.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/criu?arch=x86_64&distro=redhat-8.3	redhat	criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/criu?arch=s390x&distro=redhat-8.3	redhat	criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/criu?arch=ppc64le&distro=redhat-8.3	redhat	criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/criu?arch=aarch64&distro=redhat-8.3	redhat	criu	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/crit?arch=x86_64&distro=redhat-8.3	redhat	crit	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/crit?arch=s390x&distro=redhat-8.3	redhat	crit	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/crit?arch=ppc64le&distro=redhat-8.3	redhat	crit	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/crit?arch=aarch64&distro=redhat-8.3	redhat	crit	< 3.12-9.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/containers-common?arch=x86_64&distro=redhat-8.3	redhat	containers-common	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/containers-common?arch=s390x&distro=redhat-8.3	redhat	containers-common	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/containers-common?arch=ppc64le&distro=redhat-8.3	redhat	containers-common	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/containers-common?arch=aarch64&distro=redhat-8.3	redhat	containers-common	< 0.1.32-6.git1715c90.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=x86_64&distro=redhat-8.3	redhat	containernetworking-plugins	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=s390x&distro=redhat-8.3	redhat	containernetworking-plugins	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=ppc64le&distro=redhat-8.3	redhat	containernetworking-plugins	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/containernetworking-plugins?arch=aarch64&distro=redhat-8.3	redhat	containernetworking-plugins	< 0.7.4-4.git9ebe139.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64
Affected	pkg:rpm/redhat/container-selinux?distro=redhat-8.3	redhat	container-selinux	< 2.124.0-1.gitf958d0c.module+el8.3.0+10171+12421f43	redhat-8.3
Affected	pkg:rpm/redhat/buildah?arch=x86_64&distro=redhat-8.3	redhat	buildah	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43	redhat-8.3	x86_64
Affected	pkg:rpm/redhat/buildah?arch=s390x&distro=redhat-8.3	redhat	buildah	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43	redhat-8.3	s390x
Affected	pkg:rpm/redhat/buildah?arch=ppc64le&distro=redhat-8.3	redhat	buildah	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43	redhat-8.3	ppc64le
Affected	pkg:rpm/redhat/buildah?arch=aarch64&distro=redhat-8.3	redhat	buildah	< 1.5-8.gite94b4f9.module+el8.3.0+10171+12421f43	redhat-8.3	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date