[RLSA-2021:4154] container-tools:rhel8 security, bug fix, and enhancement update
An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
buildah: Host environment variables leaked in build container when using chroot isolation (CVE-2021-3602)
containers/storage: DoS via malicious image (CVE-2021-20291)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.
- ID
- RLSA-2021:4154
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2021:4154
- Published
-
2021-11-09T08:24:51
(2 years ago) - Modified
-
2023-02-02T13:28:35
(19 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALBA-2022:0348
- ALPINE:CVE-2021-3602
- ALSA-2021:4154
- ALSA-2021:4221
- ALSA-2021:4222
- ALSA-2022:7954
- ALSA-2022:7955
- ALSA-2022:8008
- ELSA-2021-4154
- ELSA-2021-4221
- ELSA-2021-4222
- ELSA-2022-7954
- ELSA-2022-7955
- ELSA-2022-8008
- FEDORA-2021-0c53d8738d
- FEDORA-2021-112557d2c5
- FEDORA-2021-440e34200c
- FEDORA-2021-723a480816
- FEDORA-2021-83b3740389
- FEDORA-2021-a3703b9dc8
- FEDORA-2021-c56a213327
- FEDORA-2021-ec00da7faa
- GO-2021-0100
- GO-2022-0345
- RHBA-2022:0348
- RHSA-2021:4154
- RHSA-2021:4221
- RHSA-2021:4222
- RHSA-2022:7954
- RHSA-2022:7955
- RHSA-2022:8008
- RLBA-2022:0348
- RLSA-2021:4221
- RLSA-2021:4222
- SUSE-SU-2022:3312-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/slirp4netns?arch=x86_64&distro=rockylinux-8.7 | rockylinux | slirp4netns | < 1.1.8-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/slirp4netns?arch=aarch64&distro=rockylinux-8.7 | rockylinux | slirp4netns | < 1.1.8-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/python3-criu?arch=x86_64&distro=rockylinux-8.7 | rockylinux | python3-criu | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/python3-criu?arch=aarch64&distro=rockylinux-8.7 | rockylinux | python3-criu | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/libslirp?arch=x86_64&distro=rockylinux-8.7 | rockylinux | libslirp | < 4.4.0-1.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/libslirp?arch=aarch64&distro=rockylinux-8.7 | rockylinux | libslirp | < 4.4.0-1.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/libslirp-devel?arch=x86_64&distro=rockylinux-8.7 | rockylinux | libslirp-devel | < 4.4.0-1.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/libslirp-devel?arch=aarch64&distro=rockylinux-8.7 | rockylinux | libslirp-devel | < 4.4.0-1.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/criu?arch=x86_64&distro=rockylinux-8.7 | rockylinux | criu | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/criu?arch=aarch64&distro=rockylinux-8.7 | rockylinux | criu | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/criu-libs?arch=x86_64&distro=rockylinux-8.7 | rockylinux | criu-libs | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/criu-libs?arch=aarch64&distro=rockylinux-8.7 | rockylinux | criu-libs | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/criu-devel?arch=x86_64&distro=rockylinux-8.7 | rockylinux | criu-devel | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/criu-devel?arch=aarch64&distro=rockylinux-8.7 | rockylinux | criu-devel | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 | |
Affected | pkg:rpm/rockylinux/crit?arch=x86_64&distro=rockylinux-8.7 | rockylinux | crit | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/crit?arch=aarch64&distro=rockylinux-8.7 | rockylinux | crit | < 3.15-3.module+el8.7.0+1077+0e4f03d4 | rockylinux-8.7 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |