Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:7457
HistoryNov 08, 2022 - 6:20 a.m.

(RHSA-2022:7457) Moderate: container-tools:rhel8 security, bug fix, and enhancement update

2022-11-0806:20:07
access.redhat.com
27
container tools
podman
buildah
skopeo
runc
golang
cri-o
opencontainers
security fix
memory exhaustion
information disclosure
cve-2021-36221
cve-2022-1708
cve-2022-27191
cve-2021-41190
cve-2022-2990
cve-2022-29162
red hat enterprise linux 8.7

0.007 Low

EPSS

Percentile

80.5%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

  • cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

  • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

  • buildah: possible information disclosure and modification (CVE-2022-2990)

  • runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64toolbox-tests< 0.0.99.3-0.6.module+el8.7.0+16772+33343656toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
RedHatanyaarch64toolbox-debuginfo< 0.0.99.3-0.6.module+el8.7.0+16772+33343656toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
RedHatanyx86_64criu-debuginfo< 3.15-3.module+el8.7.0+16772+33343656criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
RedHatanyx86_64podman-plugins< 4.2.0-1.module+el8.7.0+16772+33343656podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
RedHatanys390xskopeo< 1.9.2-1.module+el8.7.0+16772+33343656skopeo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
RedHatanyx86_64podman-catatonit< 4.2.0-1.module+el8.7.0+16772+33343656podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
RedHatanyppc64lecriu-libs-debuginfo< 3.15-3.module+el8.7.0+16772+33343656criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
RedHatanyaarch64criu< 3.15-3.module+el8.7.0+16772+33343656criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
RedHatanyx86_64libslirp-debugsource< 4.4.0-1.module+el8.7.0+16772+33343656libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
RedHatanyppc64lefuse-overlayfs-debuginfo< 1.9-1.module+el8.7.0+16772+33343656fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
Rows per page:
1-10 of 2491

Related

nessus 48
oraclelinux 5
osv 14
rocky 3
almalinux 2
redhat 5
openvas 35
redhatcve 3
fedora 17
prion 5
cvelist 3
veracode 4
github 4
ubuntucve 4
cve 5
suse 5
amazon 2
cgr 1
cbl_mariner 6
altlinux 4
ibm 7
nvd 4
mageia 4
freebsd 1
alpinelinux 4
debiancve 3
wolfi 1
nessus
nessus
Rocky Linux 8 : container-tools:rhel8 (RLSA-2022:7457)
2023-02-16 00:00:00
Oracle Linux 8 : container-tools:ol8 (ELSA-2022-7457)
2022-11-15 00:00:00
AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)
2022-11-12 00:00:00
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2022-11-15 00:00:00
container-tools:4.0 security and bug fix update
2022-11-15 00:00:00
runc security update
2022-11-22 00:00:00
osv
osv
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
runc security update
2022-11-15 06:15:20
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 00:00:00
Low: runc security update
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:7469) Moderate: container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
(RHSA-2022:8090) Low: runc security update
2022-11-15 06:15:20
(RHSA-2022:4999) Moderate: OpenShift Container Platform 3.11.715 packages and security update
2022-06-21 16:13:52
openvas
openvas
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2240)
2022-08-18 00:00:00
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2253)
2022-08-18 00:00:00
Fedora: Security Advisory for moby-engine (FEDORA-2021-79ba5abef6)
2021-12-04 00:00:00
redhatcve
redhatcve
CVE-2021-41190
2021-11-19 15:20:21
CVE-2022-29162
2022-06-07 02:29:38
CVE-2021-36221
2022-04-30 13:09:05
fedora
fedora
[SECURITY] Fedora 35 Update: skopeo-1.5.2-1.fc35
2021-12-05 01:07:29
[SECURITY] Fedora 35 Update: stargz-snapshotter-0.10.1-1.fc35
2021-11-29 02:24:31
[SECURITY] Fedora 34 Update: stargz-snapshotter-0.10.1-1.fc34
2021-11-29 01:11:31
prion
prion
Design/Logic Flaw
2021-11-17 20:15:00
Information disclosure
2022-09-13 14:15:00
Design/Logic Flaw
2022-05-17 21:15:00
cvelist
cvelist
CVE-2022-29162 Incorrect Default Permissions in runc
2022-05-17 00:00:00
CVE-2021-41190 Clarify Content-Type handling in OCI spec
2021-11-17 19:20:11
CVE-2021-36221
2021-08-08 00:00:00
veracode
veracode
Incorrect Content-type Handling
2021-11-18 06:30:58
Privilege Escalation
2022-05-16 13:23:56
Information Disclosure
2022-09-16 06:55:11
github
github
Clarify Content-Type handling
2021-11-18 16:13:08
Default inheritable capabilities for linux container should be empty
2022-05-24 17:36:56
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
2022-09-14 00:00:48
ubuntucve
ubuntucve
CVE-2021-41190
2021-11-17 00:00:00
CVE-2022-29162
2022-05-17 00:00:00
CVE-2022-2990
2022-09-13 00:00:00
cve
cve
CVE-2021-41190
2021-11-17 20:15:10
CVE-2022-29162
2022-05-17 21:15:08
CVE-2022-2990
2022-09-13 14:15:08
suse
suse
Security update for singularity (moderate)
2021-12-04 00:00:00
Security update for go1.16 (moderate)
2021-08-26 00:00:00
Security update for go1.16 (moderate)
2021-08-20 00:00:00
amazon
amazon
Medium: containerd, docker
2021-11-17 15:38:00
Medium: golang
2021-09-30 19:24:00
cgr
cgr
CVE-2022-29162 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2022-29162 affecting package moby-runc 1.1.0+azure-6
2022-07-14 21:00:02
CVE-2022-2990 affecting package buildah for versions less than 1.18.0-17
2023-09-28 11:57:58
CVE-2022-2990 affecting package buildah for versions less than 1.18.0-24
2024-04-17 23:32:37
altlinux
altlinux
Security fix for the ALT Linux 10 package runc version 1.1.2-alt1
2022-05-12 00:00:00
Security fix for the ALT Linux 9 package golang version 1.15.15-alt1
2021-08-11 00:00:00
Security fix for the ALT Linux 10 package cri-o version 1.24.3-alt1
2022-11-24 00:00:00
ibm
ibm
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:00:14
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-29162)
2022-06-24 15:36:17
Security Bulletin: IBM CICS TX Standard is vulnerable to an Open Container Initiative Distribution Specification vulnerability (CVE-2021-41190).
2023-02-14 21:14:53
nvd
nvd
CVE-2021-41190
2021-11-17 20:15:10
CVE-2022-29162
2022-05-17 21:15:08
CVE-2022-2990
2022-09-13 14:15:08
mageia
mageia
Updated docker-containerd packages fix security vulnerability
2021-12-02 19:49:28
Updated golang packages fix security vulnerability
2021-09-04 20:01:38
Updated opencontainers-runc packages fix security vulnerability
2022-05-21 11:50:18
freebsd
freebsd
go -- net/http: panic due to racy read of persistConn after handler panic
2021-06-21 00:00:00
alpinelinux
alpinelinux
CVE-2021-36221
2021-08-08 06:15:08
CVE-2022-2990
2022-09-13 14:15:08
CVE-2021-41190
2021-11-17 20:15:10
debiancve
debiancve
CVE-2022-29162
2022-05-17 21:15:08
CVE-2021-36221
2021-08-08 06:15:08
CVE-2022-2990
2022-09-13 14:15:08
wolfi
wolfi
CVE-2022-29162 vulnerabilities
2024-06-29 09:08:33

0.007 Low

EPSS

Percentile

80.5%

JSON
Related for RHSA-2022:7457
nessus48oraclelinux5osv14rocky3almalinux2redhat5openvas35redhatcve3fedora17prion5cvelist3veracode4github4ubuntucve4cve5suse5amazon2cgr1cbl_mariner6altlinux4ibm7nvd4mageia4freebsd1alpinelinux4debiancve3wolfi1