ALSA-2020:1379

Source
https://errata.almalinux.org/8/ALSA-2020-1379.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1379.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2020:1379
Related
Published
2020-04-07T09:15:36Z
Modified
2020-04-07T09:15:25Z
Summary
Important: container-tools:rhel8 security and bug fix update
Details

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • useradd and groupadd fail under rootless Buildah and podman [stream-container-tools-rhel8-rhel-8.1.1] (BZ#1803495)

  • Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1804188)

  • Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/podman] (BZ#1804194)

  • fuse-overlayfs segfault [stream-container-tools-rhel8-rhel-8.1.1/fuse-overlayfs] (BZ#1805016)

  • buildah COPY command is slow when .dockerignore file is not present [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1806119)

References

Affected packages

AlmaLinux:8 / cockpit-podman

Package

Name
cockpit-podman

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11-1.module_el8.5.0+108+00865455

AlmaLinux:8 / cockpit-podman

Package

Name
cockpit-podman

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11-1.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / containernetworking-plugins

Package

Name
containernetworking-plugins

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.3-4.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / containernetworking-plugins

Package

Name
containernetworking-plugins

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.3-4.module_el8.5.0+108+00865455

AlmaLinux:8 / python-podman-api

Package

Name
python-podman-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / python-podman-api

Package

Name
python-podman-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-0.2.gitd0a45fe.module_el8.5.0+108+00865455

AlmaLinux:8 / slirp4netns

Package

Name
slirp4netns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.2-3.git21fdece.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / slirp4netns

Package

Name
slirp4netns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.2-3.git21fdece.module_el8.5.0+108+00865455

AlmaLinux:8 / udica

Package

Name
udica

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.1-2.module_el8.5.0+108+00865455

AlmaLinux:8 / udica

Package

Name
udica

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.1-2.module_el8.5.0+2635+e4386a39