Lucene search

GoogleOSV:RLSA-2021:4154

HistoryNov 09, 2021 - 8:24 a.m.

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

2021-11-0908:24:51

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

buildah: Host environment variables leaked in build container when using chroot isolation (CVE-2021-3602)
containers/storage: DoS via malicious image (CVE-2021-20291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=1914687

bugzilla.redhat.com/show_bug.cgi?id=1928935

bugzilla.redhat.com/show_bug.cgi?id=1932399

bugzilla.redhat.com/show_bug.cgi?id=1933775

bugzilla.redhat.com/show_bug.cgi?id=1933776

bugzilla.redhat.com/show_bug.cgi?id=1934415

bugzilla.redhat.com/show_bug.cgi?id=1934480

bugzilla.redhat.com/show_bug.cgi?id=1937641

bugzilla.redhat.com/show_bug.cgi?id=1937830

bugzilla.redhat.com/show_bug.cgi?id=1939485

bugzilla.redhat.com/show_bug.cgi?id=1940037

bugzilla.redhat.com/show_bug.cgi?id=1940054

bugzilla.redhat.com/show_bug.cgi?id=1940082

bugzilla.redhat.com/show_bug.cgi?id=1940493

bugzilla.redhat.com/show_bug.cgi?id=1941380

bugzilla.redhat.com/show_bug.cgi?id=1947432

bugzilla.redhat.com/show_bug.cgi?id=1947999

bugzilla.redhat.com/show_bug.cgi?id=1952204

bugzilla.redhat.com/show_bug.cgi?id=1952698

bugzilla.redhat.com/show_bug.cgi?id=1957299

bugzilla.redhat.com/show_bug.cgi?id=1957840

bugzilla.redhat.com/show_bug.cgi?id=1957904

bugzilla.redhat.com/show_bug.cgi?id=1958353

bugzilla.redhat.com/show_bug.cgi?id=1960948

bugzilla.redhat.com/show_bug.cgi?id=1966538

bugzilla.redhat.com/show_bug.cgi?id=1966872

bugzilla.redhat.com/show_bug.cgi?id=1969264

bugzilla.redhat.com/show_bug.cgi?id=1972150

bugzilla.redhat.com/show_bug.cgi?id=1972209

bugzilla.redhat.com/show_bug.cgi?id=1972211

bugzilla.redhat.com/show_bug.cgi?id=1972282

bugzilla.redhat.com/show_bug.cgi?id=1972648

bugzilla.redhat.com/show_bug.cgi?id=1973418

bugzilla.redhat.com/show_bug.cgi?id=1976283

bugzilla.redhat.com/show_bug.cgi?id=1977280

bugzilla.redhat.com/show_bug.cgi?id=1977673

bugzilla.redhat.com/show_bug.cgi?id=1978415

bugzilla.redhat.com/show_bug.cgi?id=1978556

bugzilla.redhat.com/show_bug.cgi?id=1978647

bugzilla.redhat.com/show_bug.cgi?id=1979497

bugzilla.redhat.com/show_bug.cgi?id=1980212

bugzilla.redhat.com/show_bug.cgi?id=1982593

bugzilla.redhat.com/show_bug.cgi?id=1982762

bugzilla.redhat.com/show_bug.cgi?id=1985499

bugzilla.redhat.com/show_bug.cgi?id=1985905

bugzilla.redhat.com/show_bug.cgi?id=1987049

bugzilla.redhat.com/show_bug.cgi?id=1993209

bugzilla.redhat.com/show_bug.cgi?id=1993249

bugzilla.redhat.com/show_bug.cgi?id=1995041

bugzilla.redhat.com/show_bug.cgi?id=1998191

bugzilla.redhat.com/show_bug.cgi?id=1999144

bugzilla.redhat.com/show_bug.cgi?id=2000943

bugzilla.redhat.com/show_bug.cgi?id=2004562

bugzilla.redhat.com/show_bug.cgi?id=2005018

errata.rockylinux.org/RLSA-2021:4154