RLSA-2024:10289
- Source
- https://errata.rockylinux.org/RLSA-2024:10289
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2024:10289.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2024:10289
- Related
- Published
- 2024-12-19T04:18:05.672002Z
- Modified
- 2024-12-19T04:20:55.811065Z
- Summary
- Moderate: container-tools:rhel8 security update
- Details
-
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)
Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / aardvark-dns
Package
- Name
- aardvark-dns
- Purl
- pkg:rpm/rocky-linux/aardvark-dns?distro=rocky-linux-8&epoch=2
Rocky Linux:8 / buildah
Package
- Name
- buildah
- Purl
- pkg:rpm/rocky-linux/buildah?distro=rocky-linux-8&epoch=2
Rocky Linux:8 / cockpit-podman
Package
- Name
- cockpit-podman
- Purl
- pkg:rpm/rocky-linux/cockpit-podman?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / conmon
Package
- Name
- conmon
- Purl
- pkg:rpm/rocky-linux/conmon?distro=rocky-linux-8&epoch=3
Rocky Linux:8 / containernetworking-plugins
Package
- Name
- containernetworking-plugins
- Purl
- pkg:rpm/rocky-linux/containernetworking-plugins?distro=rocky-linux-8&epoch=1
Rocky Linux:8 / containers-common
Package
- Name
- containers-common
- Purl
- pkg:rpm/rocky-linux/containers-common?distro=rocky-linux-8&epoch=2
Rocky Linux:8 / container-selinux
Package
- Name
- container-selinux
- Purl
- pkg:rpm/rocky-linux/container-selinux?distro=rocky-linux-8&epoch=2
Rocky Linux:8 / criu
Package
- Name
- criu
- Purl
- pkg:rpm/rocky-linux/criu?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / crun
Package
- Name
- crun
- Purl
- pkg:rpm/rocky-linux/crun?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / fuse-overlayfs
Package
- Name
- fuse-overlayfs
- Purl
- pkg:rpm/rocky-linux/fuse-overlayfs?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / libslirp
Package
- Name
- libslirp
- Purl
- pkg:rpm/rocky-linux/libslirp?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / netavark
Package
- Name
- netavark
- Purl
- pkg:rpm/rocky-linux/netavark?distro=rocky-linux-8&epoch=2
Rocky Linux:8 / oci-seccomp-bpf-hook
Package
- Name
- oci-seccomp-bpf-hook
- Purl
- pkg:rpm/rocky-linux/oci-seccomp-bpf-hook?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / podman
Package
- Name
- podman
- Purl
- pkg:rpm/rocky-linux/podman?distro=rocky-linux-8&epoch=4
Rocky Linux:8 / python-podman
Package
- Name
- python-podman
- Purl
- pkg:rpm/rocky-linux/python-podman?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / runc
Package
- Name
- runc
- Purl
- pkg:rpm/rocky-linux/runc?distro=rocky-linux-8&epoch=1
Rocky Linux:8 / skopeo
Package
- Name
- skopeo
- Purl
- pkg:rpm/rocky-linux/skopeo?distro=rocky-linux-8&epoch=2
Rocky Linux:8 / slirp4netns
Package
- Name
- slirp4netns
- Purl
- pkg:rpm/rocky-linux/slirp4netns?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / toolbox
Package
- Name
- toolbox
- Purl
- pkg:rpm/rocky-linux/toolbox?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / udica
Package
- Name
- udica
- Purl
- pkg:rpm/rocky-linux/udica?distro=rocky-linux-8&epoch=0