[RLSA-2022:7529] container-tools:3.0 security update
Severity
Moderate
Affected Packages
52
CVEs
10
An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
- ID
- RLSA-2022:7529
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2022:7529
- Published
-
2022-11-08T06:22:08
(22 months ago) - Modified
-
2023-02-02T13:50:53
(19 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
-
ALAS-2022-1635
-
ALAS2-2022-1846
-
ALAS2-2022-1847
-
ALAS2-2022-1858
-
ALAS2-2022-1859
-
ALAS2-2022-1860
-
ALAS2-2022-1861
-
ALAS2-2022-1862
-
ALAS2-2022-1863
-
ALAS2-2022-1864
-
ALAS2-2022-1865
-
ALPINE:CVE-2022-1705
-
ALPINE:CVE-2022-1962
-
ALPINE:CVE-2022-21698
-
ALPINE:CVE-2022-28131
-
ALPINE:CVE-2022-30630
-
ALPINE:CVE-2022-30631
-
ALPINE:CVE-2022-30632
-
ALPINE:CVE-2022-30633
-
ALPINE:CVE-2022-32148
-
ALSA-2022:1762
-
ALSA-2022:5775
-
ALSA-2022:5799
-
ALSA-2022:7129
-
ALSA-2022:7469
-
ALSA-2022:7519
-
ALSA-2022:7529
-
ALSA-2022:7648
-
ALSA-2022:8057
-
ALSA-2022:8098
-
ALSA-2022:8250
-
ALSA-2023:2357
-
ALSA-2023:2758
-
ALSA-2023:2802
-
ALSA-2024:2180
-
ELSA-2022-1762
-
ELSA-2022-23681
-
ELSA-2022-24267
-
ELSA-2022-5775
-
ELSA-2022-5799
-
ELSA-2022-7129
-
ELSA-2022-7457
-
ELSA-2022-7469
-
ELSA-2022-7519
-
ELSA-2022-7529
-
ELSA-2022-7648
-
ELSA-2022-8057
-
ELSA-2022-8250
-
ELSA-2022-9717
-
ELSA-2022-9718
-
ELSA-2022-9719
-
ELSA-2022-9720
-
ELSA-2023-2357
-
ELSA-2023-2758
-
ELSA-2023-2802
-
ELSA-2024-2180
-
FEDORA-2022-13ad572b5a
-
FEDORA-2022-2067702f06
-
FEDORA-2022-30c5ed5625
-
FEDORA-2022-3969b64d4b
-
FEDORA-2022-396c568c5e
-
FEDORA-2022-5038c3236c
-
FEDORA-2022-5e637f6cc6
-
FEDORA-2022-5f253807ce
-
FEDORA-2022-6043a7b938
-
FEDORA-2022-6c4cb64314
-
FEDORA-2022-739c7a0058
-
FEDORA-2022-741325e9a0
-
FEDORA-2022-83405f9d5b
-
FEDORA-2022-92ef43c439
-
FEDORA-2022-9dd03cab55
-
FEDORA-2022-a7d438b30b
-
FEDORA-2022-c5383675d9
-
FEDORA-2022-c87047f163
-
FEDORA-2022-e244ad73d6
-
FEDORA-2022-eda0e65b01
-
FEDORA-2022-fae3ecee19
-
FREEBSD:A4F2416C-02A0-11ED-B817-10C37B4AC2EA
-
GLSA-202208-02
-
GO-2022-0322
-
GO-2022-0515
-
GO-2022-0520
-
GO-2022-0521
-
GO-2022-0522
-
GO-2022-0523
-
GO-2022-0524
-
GO-2022-0525
-
GO-2022-0527
-
MS:CVE-2022-1705
-
MS:CVE-2022-1962
-
MS:CVE-2022-21698
-
MS:CVE-2022-28131
-
MS:CVE-2022-30630
-
MS:CVE-2022-30631
-
MS:CVE-2022-30632
-
MS:CVE-2022-30633
-
MS:CVE-2022-32148
-
RHSA-2022:1762
-
RHSA-2022:5775
-
RHSA-2022:5799
-
RHSA-2022:7129
-
RHSA-2022:7457
-
RHSA-2022:7469
-
RHSA-2022:7519
-
RHSA-2022:7529
-
RHSA-2022:7648
-
RHSA-2022:8057
-
RHSA-2022:8098
-
RHSA-2022:8250
-
RHSA-2023:2357
-
RHSA-2023:2758
-
RHSA-2023:2802
-
RHSA-2024:2180
-
RLSA-2022:1762
-
RLSA-2022:5775
-
RLSA-2022:7129
-
RLSA-2022:7457
-
RLSA-2022:7469
-
RLSA-2022:7519
-
RLSA-2022:7648
-
RLSA-2022:8057
-
RLSA-2022:8098
-
RLSA-2022:8250
-
SUSE-SU-2022:1433-1
-
SUSE-SU-2022:1434-1
-
SUSE-SU-2022:1435-1
-
SUSE-SU-2022:1531-1
-
SUSE-SU-2022:1545-1
-
SUSE-SU-2022:2134-1
-
SUSE-SU-2022:2137-1
-
SUSE-SU-2022:2139-1
-
SUSE-SU-2022:2140-1
-
SUSE-SU-2022:2145-1
-
SUSE-SU-2022:2671-1
-
SUSE-SU-2022:2672-1
-
SUSE-SU-2022:2834-1
-
SUSE-SU-2022:2839-1
-
SUSE-SU-2022:2839-2
-
SUSE-SU-2022:3745-1
-
SUSE-SU-2022:3747-1
-
SUSE-SU-2022:3896-1
-
SUSE-SU-2022:4607-1
-
SUSE-SU-2022:4635-1
-
SUSE-SU-2023:2312-1
-
SUSE-SU-2024:0191-1
-
USN-6038-1
-
USN-6038-2
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/rockylinux/udica?arch=noarch&distro=rockylinux-8.7 | rockylinux |
 udica
|
< 0.2.4-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | noarch | |
| Affected | pkg:rpm/rockylinux/toolbox?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
toolbox
|
< 0.0.99.3-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/toolbox?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
toolbox
|
< 0.0.99.3-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/toolbox-tests?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
toolbox-tests
|
< 0.0.99.3-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/toolbox-tests?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
toolbox-tests
|
< 0.0.99.3-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/slirp4netns?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
slirp4netns
|
< 1.1.8-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/slirp4netns?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
slirp4netns
|
< 1.1.8-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/skopeo?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
skopeo
|
< 1.2.4-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/skopeo?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
skopeo
|
< 1.2.4-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/skopeo-tests?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
skopeo-tests
|
< 1.2.4-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/skopeo-tests?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
skopeo-tests
|
< 1.2.4-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/runc?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
runc
|
< 1.0.0-73.rc95.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/runc?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
runc
|
< 1.0.0-73.rc95.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python3-criu?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
python3-criu
|
< 3.15-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python3-criu?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
python3-criu
|
< 3.15-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/podman?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
podman
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/podman?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
podman
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/podman-tests?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
podman-tests
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/podman-tests?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
podman-tests
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/podman-remote?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
podman-remote
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/podman-remote?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
podman-remote
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/podman-plugins?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
podman-plugins
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/podman-plugins?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
podman-plugins
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/podman-docker?arch=noarch&distro=rockylinux-8.7 | rockylinux |
podman-docker
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | noarch | |
| Affected | pkg:rpm/rockylinux/podman-catatonit?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
podman-catatonit
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/podman-catatonit?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
podman-catatonit
|
< 3.0.1-13.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/oci-seccomp-bpf-hook?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
oci-seccomp-bpf-hook
|
< 1.2.0-3.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/oci-seccomp-bpf-hook?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
oci-seccomp-bpf-hook
|
< 1.2.0-3.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/libslirp?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
libslirp
|
< 4.3.1-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/libslirp?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
libslirp
|
< 4.3.1-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/libslirp-devel?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
libslirp-devel
|
< 4.3.1-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/libslirp-devel?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
libslirp-devel
|
< 4.3.1-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/fuse-overlayfs?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
fuse-overlayfs
|
< 1.4.0-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/fuse-overlayfs?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
fuse-overlayfs
|
< 1.4.0-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/crun?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
crun
|
< 0.18-3.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/crun?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
crun
|
< 0.18-3.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/criu?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
criu
|
< 3.15-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/criu?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
criu
|
< 3.15-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/crit?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
crit
|
< 3.15-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/crit?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
crit
|
< 3.15-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/containers-common?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
containers-common
|
< 1.2.4-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/containers-common?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
containers-common
|
< 1.2.4-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/containernetworking-plugins?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
containernetworking-plugins
|
< 0.9.1-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/containernetworking-plugins?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
containernetworking-plugins
|
< 0.9.1-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/container-selinux?arch=noarch&distro=rockylinux-8.7 | rockylinux |
container-selinux
|
< 2.189.0-1.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | noarch | |
| Affected | pkg:rpm/rockylinux/conmon?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
conmon
|
< 2.0.26-3.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/conmon?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
conmon
|
< 2.0.26-3.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/cockpit-podman?arch=noarch&distro=rockylinux-8.7 | rockylinux |
cockpit-podman
|
< 29-2.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | noarch | |
| Affected | pkg:rpm/rockylinux/buildah?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
buildah
|
< 1.19.9-6.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/buildah?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
buildah
|
< 1.19.9-6.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 | |
| Affected | pkg:rpm/rockylinux/buildah-tests?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
buildah-tests
|
< 1.19.9-6.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/buildah-tests?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
buildah-tests
|
< 1.19.9-6.module+el8.7.0+1076+9b1c11c1 | rockylinux-8.7 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |