(RHSA-2024:2090) Important: container-tools:rhel8 security update

2024-04-2908:31:22

access.redhat.com

container-tools

rhel8

security update

fix

full container escape vulnerability

buildah

podman

skopeo

runc

cve-2024-1753

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

buildah: full container escape at build time (CVE-2024-1753)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64criu-libs< 3.15-3.module+el8.6.0+21745+f5f35196criu-libs-3.15-3.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHatanyppc64lecriu< 3.15-3.module+el8.6.0+21745+f5f35196criu-3.15-3.module+el8.6.0+21745+f5f35196.ppc64le.rpm
RedHatanynoarchcontainer-selinux< 2.189.0-1.module+el8.6.0+21745+f5f35196container-selinux-2.189.0-1.module+el8.6.0+21745+f5f35196.noarch.rpm
RedHatanyaarch64podman-remote-debuginfo< 4.2.0-3.module+el8.6.0+21745+f5f35196podman-remote-debuginfo-4.2.0-3.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyx86_64runc-debugsource< 1.1.12-1.module+el8.6.0+21745+f5f35196runc-debugsource-1.1.12-1.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHatanyaarch64slirp4netns< 1.2.0-3.module+el8.6.0+21745+f5f35196slirp4netns-1.2.0-3.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyaarch64aardvark-dns< 1.0.1-40.module+el8.6.0+21745+f5f35196aardvark-dns-1.0.1-40.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyaarch64buildah-debugsource< 1.26.7-1.module+el8.6.0+21745+f5f35196buildah-debugsource-1.26.7-1.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHatanyppc64leoci-seccomp-bpf-hook-debuginfo< 1.2.6-1.module+el8.6.0+21745+f5f35196oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.6.0+21745+f5f35196.ppc64le.rpm
RedHatanyx86_64fuse-overlayfs< 1.9-1.module+el8.6.0+21745+f5f35196fuse-overlayfs-1.9-1.module+el8.6.0+21745+f5f35196.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	criu-libs	< 3.15-3.module+el8.6.0+21745+f5f35196	criu-libs-3.15-3.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHat	any	ppc64le	criu	< 3.15-3.module+el8.6.0+21745+f5f35196	criu-3.15-3.module+el8.6.0+21745+f5f35196.ppc64le.rpm
RedHat	any	noarch	container-selinux	< 2.189.0-1.module+el8.6.0+21745+f5f35196	container-selinux-2.189.0-1.module+el8.6.0+21745+f5f35196.noarch.rpm
RedHat	any	aarch64	podman-remote-debuginfo	< 4.2.0-3.module+el8.6.0+21745+f5f35196	podman-remote-debuginfo-4.2.0-3.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	x86_64	runc-debugsource	< 1.1.12-1.module+el8.6.0+21745+f5f35196	runc-debugsource-1.1.12-1.module+el8.6.0+21745+f5f35196.x86_64.rpm
RedHat	any	aarch64	slirp4netns	< 1.2.0-3.module+el8.6.0+21745+f5f35196	slirp4netns-1.2.0-3.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	aarch64	aardvark-dns	< 1.0.1-40.module+el8.6.0+21745+f5f35196	aardvark-dns-1.0.1-40.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	aarch64	buildah-debugsource	< 1.26.7-1.module+el8.6.0+21745+f5f35196	buildah-debugsource-1.26.7-1.module+el8.6.0+21745+f5f35196.aarch64.rpm
RedHat	any	ppc64le	oci-seccomp-bpf-hook-debuginfo	< 1.2.6-1.module+el8.6.0+21745+f5f35196	oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.6.0+21745+f5f35196.ppc64le.rpm
RedHat	any	x86_64	fuse-overlayfs	< 1.9-1.module+el8.6.0+21745+f5f35196	fuse-overlayfs-1.9-1.module+el8.6.0+21745+f5f35196.x86_64.rpm