Lucene search

GoogleOSV:ALSA-2022:7822

HistoryNov 08, 2022 - 12:00 a.m.

Low: container-tools:rhel8 security, bug fix, and enhancement update

2022-11-0800:00:00

Google

osv.dev

container-tools

rhel8

security

bug fix

enhancement

podman

buildah

skopeo

runc

cve-2022-2989

cve-2022-2990

bz#2125644

bz#2125645

bz#2125647

bz#2125648

bz#2125686

bz#2129767

bz#2130234

bz#2130236

bz#2132412

bz#2133390

bz#2136406

bz#2136433

bz#2136438

bz#2137295

rfe

python-podman

volume plugin timeout

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

podman: possible information disclosure and modification (CVE-2022-2989)
buildah: possible information disclosure and modification (CVE-2022-2990)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644)
(podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645)
podman kill may deadlock (BZ#2125647)
Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [AlmaLinux 8.7] (BZ#2125648)
containers-common-1-44 is missing RPM-GPG-KEY-AlmaLinux-beta [AlmaLinux 8.7] (BZ#2125686)
ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0] (BZ#2129767)
Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark) (BZ#2130234)
containers config.json gets empty after sudden power loss (BZ#2130236)
PANIC podman API service endpoint handler panic (BZ#2132412)
Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390)
Skopeo push image to AlmaLinux quay with sigstore was failed (BZ#2136406)
Podman push image to AlmaLinux quay with sigstore was failed (BZ#2136433)
Buildah push image to AlmaLinux quay with sigstore was failed (BZ#2136438)
Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) (BZ#2137295)

Enhancement(s):

[RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911)
[RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360)
Podman volume plugin timeout should be configurable (BZ#2132992)