(RHSA-2021:2292) Important: container-tools:2.0 security update

2021-06-0811:20:29

access.redhat.com

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

runc: vulnerable to symlink exchange attack (CVE-2021-30465)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64python3-criu< 3.12-9.module+el8.2.0+11121+714aca16python3-criu-3.12-9.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHatanyx86_64buildah-debugsource< 1.11.6-7.module+el8.2.0+11121+714aca16buildah-debugsource-1.11.6-7.module+el8.2.0+11121+714aca16.x86_64.rpm
RedHatanyaarch64runc-debuginfo< 1.0.0-65.rc10.module+el8.2.0+11121+714aca16runc-debuginfo-1.0.0-65.rc10.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHatanyppc64lerunc-debugsource< 1.0.0-65.rc10.module+el8.2.0+11121+714aca16runc-debugsource-1.0.0-65.rc10.module+el8.2.0+11121+714aca16.ppc64le.rpm
RedHatanyx86_64runc-debugsource< 1.0.0-65.rc10.module+el8.2.0+11121+714aca16runc-debugsource-1.0.0-65.rc10.module+el8.2.0+11121+714aca16.x86_64.rpm
RedHatanyx86_64podman-tests< 1.6.4-19.module+el8.2.0+11121+714aca16podman-tests-1.6.4-19.module+el8.2.0+11121+714aca16.x86_64.rpm
RedHatanyaarch64criu-debuginfo< 3.12-9.module+el8.2.0+11121+714aca16criu-debuginfo-3.12-9.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHatanyppc64lepodman-debugsource< 1.6.4-19.module+el8.2.0+11121+714aca16podman-debugsource-1.6.4-19.module+el8.2.0+11121+714aca16.ppc64le.rpm
RedHatanyaarch64skopeo-tests< 0.1.40-9.module+el8.2.0+11121+714aca16skopeo-tests-0.1.40-9.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHatanys390xpodman-tests< 1.6.4-19.module+el8.2.0+11121+714aca16podman-tests-1.6.4-19.module+el8.2.0+11121+714aca16.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	python3-criu	< 3.12-9.module+el8.2.0+11121+714aca16	python3-criu-3.12-9.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHat	any	x86_64	buildah-debugsource	< 1.11.6-7.module+el8.2.0+11121+714aca16	buildah-debugsource-1.11.6-7.module+el8.2.0+11121+714aca16.x86_64.rpm
RedHat	any	aarch64	runc-debuginfo	< 1.0.0-65.rc10.module+el8.2.0+11121+714aca16	runc-debuginfo-1.0.0-65.rc10.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHat	any	ppc64le	runc-debugsource	< 1.0.0-65.rc10.module+el8.2.0+11121+714aca16	runc-debugsource-1.0.0-65.rc10.module+el8.2.0+11121+714aca16.ppc64le.rpm
RedHat	any	x86_64	runc-debugsource	< 1.0.0-65.rc10.module+el8.2.0+11121+714aca16	runc-debugsource-1.0.0-65.rc10.module+el8.2.0+11121+714aca16.x86_64.rpm
RedHat	any	x86_64	podman-tests	< 1.6.4-19.module+el8.2.0+11121+714aca16	podman-tests-1.6.4-19.module+el8.2.0+11121+714aca16.x86_64.rpm
RedHat	any	aarch64	criu-debuginfo	< 3.12-9.module+el8.2.0+11121+714aca16	criu-debuginfo-3.12-9.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHat	any	ppc64le	podman-debugsource	< 1.6.4-19.module+el8.2.0+11121+714aca16	podman-debugsource-1.6.4-19.module+el8.2.0+11121+714aca16.ppc64le.rpm
RedHat	any	aarch64	skopeo-tests	< 0.1.40-9.module+el8.2.0+11121+714aca16	skopeo-tests-0.1.40-9.module+el8.2.0+11121+714aca16.aarch64.rpm
RedHat	any	s390x	podman-tests	< 1.6.4-19.module+el8.2.0+11121+714aca16	podman-tests-1.6.4-19.module+el8.2.0+11121+714aca16.s390x.rpm