GoogleOSV:RLSA-2022:7822Low: container-tools:rhel8 security, bug fix, and enhancement update
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
17.8%
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
podman: possible information disclosure and modification (CVE-2022-2989)
-
buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644)
-
(podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645)
-
podman kill may deadlock (BZ#2125647)
-
Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [Rocky Linux 8.7] (BZ#2125648)
-
containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [Rocky Linux 8.7] (BZ#2125686)
-
ADD Dockerfile reference is not validating HTTP status code [Rocky Linux8-8.7.0] (BZ#2129767)
-
Two aardvark-dns instances trying to use the same port on the same interface. [Rocky Linux-8.7.0.z] (netavark) (BZ#2130234)
-
containers config.json gets empty after sudden power loss (BZ#2130236)
-
PANIC podman API service endpoint handler panic (BZ#2132412)
-
Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390)
-
Skopeo push image to redhat quay with sigstore was failed (BZ#2136406)
-
Podman push image to redhat quay with sigstore was failed (BZ#2136433)
-
Buildah push image to redhat quay with sigstore was failed (BZ#2136438)
-
Two aardvark-dns instances trying to use the same port on the same interface. [Rocky Linux-8.8] (aardvark-dns) (BZ#2137295)
Enhancement(s):
-
[RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911)
-
[RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360)
-
Podman volume plugin timeout should be configurable (BZ#2132992)
References
bugzilla.redhat.com/show_bug.cgi?id=2121445
bugzilla.redhat.com/show_bug.cgi?id=2121453
bugzilla.redhat.com/show_bug.cgi?id=2125644
bugzilla.redhat.com/show_bug.cgi?id=2125645
bugzilla.redhat.com/show_bug.cgi?id=2125647
bugzilla.redhat.com/show_bug.cgi?id=2125648
bugzilla.redhat.com/show_bug.cgi?id=2125686
bugzilla.redhat.com/show_bug.cgi?id=2129767
bugzilla.redhat.com/show_bug.cgi?id=2130234
bugzilla.redhat.com/show_bug.cgi?id=2130236
bugzilla.redhat.com/show_bug.cgi?id=2130911
bugzilla.redhat.com/show_bug.cgi?id=2132360
bugzilla.redhat.com/show_bug.cgi?id=2132412
bugzilla.redhat.com/show_bug.cgi?id=2132992
bugzilla.redhat.com/show_bug.cgi?id=2133390
bugzilla.redhat.com/show_bug.cgi?id=2136406
bugzilla.redhat.com/show_bug.cgi?id=2136433
bugzilla.redhat.com/show_bug.cgi?id=2136438
bugzilla.redhat.com/show_bug.cgi?id=2137295
errata.rockylinux.org/RLSA-2022:7822
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
17.8%