Lucene search
GoogleOSV:ALSA-2022:1762HistoryMay 10, 2022 - 12:00 a.m.
Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-1000:00:00
Google
osv.dev
7
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
- psgo: Privilege escalation in ‘podman top’ (CVE-2022-1227)
- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
- podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)
- crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)
- buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
access.redhat.com/errata/RHSA-2022:1762
access.redhat.com/security/cve/CVE-2022-1227
access.redhat.com/security/cve/CVE-2022-21698
access.redhat.com/security/cve/CVE-2022-27649
access.redhat.com/security/cve/CVE-2022-27650
access.redhat.com/security/cve/CVE-2022-27651
bugzilla.redhat.com/2045880
bugzilla.redhat.com/2066568
bugzilla.redhat.com/2066840
bugzilla.redhat.com/2066845
bugzilla.redhat.com/2070368
errata.almalinux.org/8/ALSA-2022-1762.html
vulners.com/cve/CVE-2022-1227
vulners.com/cve/CVE-2022-21698
vulners.com/cve/CVE-2022-27649
vulners.com/cve/CVE-2022-27650
vulners.com/cve/CVE-2022-27651
Related
redhat
redhat
(RHSA-2022:1762) Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
(RHSA-2022:4651) Important: container-tools:2.0 security update
2022-05-18 12:25:20
(RHSA-2022:4816) Important: container-tools:3.0 security update
2022-05-31 09:59:42
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
container-tools:2.0 security update
2022-04-26 13:51:50
osv
osv
Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2022-05-17 00:00:00
container-tools:2.0 security update
2022-04-28 00:00:00
container-tools:3.0 security and bug fix update
2022-04-28 00:00:00
almalinux
almalinux
Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 00:00:00
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
nessus
nessus
Oracle Linux 8 : container-tools:ol8 (ELSA-2022-1762)
2022-05-18 00:00:00
Rocky Linux 8 : container-tools:rhel8 (RLSA-2022:1762)
2023-11-06 00:00:00
RHEL 8 : container-tools:rhel8 (RHSA-2022:1762)
2022-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: podman-3.4.7-1.fc34
2022-05-14 01:24:16
[SECURITY] Fedora 35 Update: podman-3.4.7-1.fc35
2022-04-29 07:11:23
[SECURITY] Fedora 36 Update: podman-4.0.3-1.fc36
2022-05-07 04:47:20
openvas
openvas
Fedora: Security Advisory for podman (FEDORA-2022-c87047f163)
2022-04-30 00:00:00
Fedora: Security Advisory for podman (FEDORA-2022-5e637f6cc6)
2022-05-15 00:00:00
Fedora: Security Advisory for podman (FEDORA-2022-2067702f06)
2022-05-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 4.0.3-alt1
2022-04-08 00:00:00
suse
suse
Security update for podman (important)
2022-08-18 00:00:00
Security update for podman (important)
2022-08-17 00:00:00
Security update for podman (important)
2022-09-01 00:00:00
ubuntucve
ubuntucve
cve
cve
cvelist
cvelist
debiancve
debiancve
prion
prion
Default credentials
2022-04-04 20:15:00
Default credentials
2022-04-04 20:15:00
Design/Logic Flaw
2022-04-04 20:15:00
nvd
nvd
veracode
veracode
Privilege Escalation
2022-03-25 04:59:58
Privilege Escalation
2022-04-06 08:53:19
Denial Of Service (DoS)
2022-04-02 08:56:27
alpinelinux
alpinelinux
mageia
mageia
Updated crun packages fix security vulnerability
2022-04-16 00:35:09
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45
cbl_mariner
cbl_mariner
CVE-2022-27649 affecting package podman for versions less than 4.1.1-1
2022-08-03 21:00:10
CVE-2022-27651 affecting package buildah 1.18.0-24
2024-07-03 03:08:37
CVE-2022-27651 affecting package buildah for versions less than 1.18.0-8
2023-02-14 22:19:20
github
github
Podman's default inheritable capabilities for linux container not empty
2022-04-01 20:52:29
Non-empty default inheritable capabilities for linux container in Buildah
2022-04-01 13:56:42
Podman publishes a malicious image to public registries
2022-04-30 00:00:35
redos
redos
ROS-20230710-01
2023-07-10 00:00:00
cnvd
cnvd
Podman lifting vulnerability
2022-04-24 00:00:00
githubexploit
githubexploit
Exploit for Improper Preservation of Permissions in Podman Project Podman
2023-04-01 07:28:15
redhatcve
redhatcve
rosalinux
rosalinux
Advisory ROSA-SA-2023-2227
2023-09-05 09:31:53
wolfi
wolfi
CVE-2022-21698 vulnerabilities
2024-07-03 09:08:38