[RLSA-2021:0705] container-tools:1.0 security update

Severity Important

Affected Packages 28

CVEs 1

An update is available for fuse-overlayfs, container-selinux, oci-umount, runc, podman, skopeo, slirp4netns, oci-systemd-hook, containernetworking-plugins, buildah, criu. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

podman: container users permissions are not respected in privileged containers (CVE-2021-20188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/rockylinux/slirp4netns?arch=x86_64&distro=rockylinux-8.5	< 0.1-5.dev.gitc4e1bc5.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/slirp4netns?arch=aarch64&distro=rockylinux-8.5	< 0.1-5.dev.gitc4e1bc5.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/skopeo?arch=x86_64&distro=rockylinux-8.5	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/skopeo?arch=aarch64&distro=rockylinux-8.5	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/runc?arch=x86_64&distro=rockylinux-8.5	< 1.0.0-56.rc5.dev.git2abd837.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/runc?arch=aarch64&distro=rockylinux-8.5	< 1.0.0-56.rc5.dev.git2abd837.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/python3-criu?arch=x86_64&distro=rockylinux-8.5	< 3.12-9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/python3-criu?arch=aarch64&distro=rockylinux-8.5	< 3.12-9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/podman?arch=x86_64&distro=rockylinux-8.5	< 1.0.0-8.git921f98f.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/podman?arch=aarch64&distro=rockylinux-8.5	< 1.0.0-8.git921f98f.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/podman-docker?arch=noarch&distro=rockylinux-8.5	< 1.0.0-8.git921f98f.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/oci-umount?arch=x86_64&distro=rockylinux-8.4	< 2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f
pkg:rpm/rockylinux/oci-umount?arch=aarch64&distro=rockylinux-8.4	< 2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f
pkg:rpm/rockylinux/oci-systemd-hook?arch=x86_64&distro=rockylinux-8.4	< 0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f
pkg:rpm/rockylinux/oci-systemd-hook?arch=aarch64&distro=rockylinux-8.4	< 0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f
pkg:rpm/rockylinux/fuse-overlayfs?arch=x86_64&distro=rockylinux-8.5	< 0.3-5.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/fuse-overlayfs?arch=aarch64&distro=rockylinux-8.5	< 0.3-5.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/criu?arch=x86_64&distro=rockylinux-8.5	< 3.12-9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/criu?arch=aarch64&distro=rockylinux-8.5	< 3.12-9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/crit?arch=x86_64&distro=rockylinux-8.5	< 3.12-9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/crit?arch=aarch64&distro=rockylinux-8.5	< 3.12-9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/containers-common?arch=x86_64&distro=rockylinux-8.5	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/containers-common?arch=aarch64&distro=rockylinux-8.5	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/containernetworking-plugins?arch=x86_64&distro=rockylinux-8.5	< 0.7.4-4.git9ebe139.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/containernetworking-plugins?arch=aarch64&distro=rockylinux-8.5	< 0.7.4-4.git9ebe139.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/container-selinux?arch=noarch&distro=rockylinux-8.5	< 2.124.0-1.gitf958d0c.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/buildah?arch=x86_64&distro=rockylinux-8.5	< 1.5-8.gite94b4f9.module+el8.5.0+681+c9a1951f
pkg:rpm/rockylinux/buildah?arch=aarch64&distro=rockylinux-8.5	< 1.5-8.gite94b4f9.module+el8.5.0+681+c9a1951f

ID

RLSA-2021:0705

Severity

important

URL

https://errata.rockylinux.org/RLSA-2021:0705

Published

2021-03-02T18:20:39
(3 years ago)

Modified

2023-02-02T13:15:57
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2021-20188	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20188
Bugzilla	1915734	https://bugzilla.redhat.com/show_bug.cgi?id=1915734
Self	RLSA-2021:0705	https://errata.rockylinux.org/RLSA-2021:0705

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/slirp4netns?arch=x86_64&distro=rockylinux-8.5	rockylinux	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/slirp4netns?arch=aarch64&distro=rockylinux-8.5	rockylinux	slirp4netns	< 0.1-5.dev.gitc4e1bc5.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/skopeo?arch=x86_64&distro=rockylinux-8.5	rockylinux	skopeo	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/skopeo?arch=aarch64&distro=rockylinux-8.5	rockylinux	skopeo	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/runc?arch=x86_64&distro=rockylinux-8.5	rockylinux	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/runc?arch=aarch64&distro=rockylinux-8.5	rockylinux	runc	< 1.0.0-56.rc5.dev.git2abd837.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/python3-criu?arch=x86_64&distro=rockylinux-8.5	rockylinux	python3-criu	< 3.12-9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/python3-criu?arch=aarch64&distro=rockylinux-8.5	rockylinux	python3-criu	< 3.12-9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/podman?arch=x86_64&distro=rockylinux-8.5	rockylinux	podman	< 1.0.0-8.git921f98f.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/podman?arch=aarch64&distro=rockylinux-8.5	rockylinux	podman	< 1.0.0-8.git921f98f.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/podman-docker?arch=noarch&distro=rockylinux-8.5	rockylinux	podman-docker	< 1.0.0-8.git921f98f.module+el8.5.0+681+c9a1951f	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/oci-umount?arch=x86_64&distro=rockylinux-8.4	rockylinux	oci-umount	< 2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/oci-umount?arch=aarch64&distro=rockylinux-8.4	rockylinux	oci-umount	< 2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/oci-systemd-hook?arch=x86_64&distro=rockylinux-8.4	rockylinux	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/oci-systemd-hook?arch=aarch64&distro=rockylinux-8.4	rockylinux	oci-systemd-hook	< 0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/fuse-overlayfs?arch=x86_64&distro=rockylinux-8.5	rockylinux	fuse-overlayfs	< 0.3-5.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/fuse-overlayfs?arch=aarch64&distro=rockylinux-8.5	rockylinux	fuse-overlayfs	< 0.3-5.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/criu?arch=x86_64&distro=rockylinux-8.5	rockylinux	criu	< 3.12-9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/criu?arch=aarch64&distro=rockylinux-8.5	rockylinux	criu	< 3.12-9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/crit?arch=x86_64&distro=rockylinux-8.5	rockylinux	crit	< 3.12-9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/crit?arch=aarch64&distro=rockylinux-8.5	rockylinux	crit	< 3.12-9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/containers-common?arch=x86_64&distro=rockylinux-8.5	rockylinux	containers-common	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/containers-common?arch=aarch64&distro=rockylinux-8.5	rockylinux	containers-common	< 0.1.32-6.git1715c90.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/containernetworking-plugins?arch=x86_64&distro=rockylinux-8.5	rockylinux	containernetworking-plugins	< 0.7.4-4.git9ebe139.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/containernetworking-plugins?arch=aarch64&distro=rockylinux-8.5	rockylinux	containernetworking-plugins	< 0.7.4-4.git9ebe139.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/container-selinux?arch=noarch&distro=rockylinux-8.5	rockylinux	container-selinux	< 2.124.0-1.gitf958d0c.module+el8.5.0+681+c9a1951f	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/buildah?arch=x86_64&distro=rockylinux-8.5	rockylinux	buildah	< 1.5-8.gite94b4f9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/buildah?arch=aarch64&distro=rockylinux-8.5	rockylinux	buildah	< 1.5-8.gite94b4f9.module+el8.5.0+681+c9a1951f	rockylinux-8.5	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date