Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3721
container-tools:rhel8 security, bug fix, and enhancement update
10 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: container-tools:rhel8
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service -- Remote with User Interaction
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20291 CVE-2021-3602
Reference: ESB-2021.2693
ESB-2021.2555
ESB-2021.1336
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:4154
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4154-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4154
Issue date: 2021-11-09
CVE Names: CVE-2021-3602 CVE-2021-20291
=====================================================================
1. Summary:
An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.
Security Fix(es):
* buildah: Host environment variables leaked in build container when using
chroot isolation (CVE-2021-3602)
* containers/storage: DoS via malicious image (CVE-2021-20291)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1914687 - Rebase to github.com/containers/toolbox
1928935 - RFE: Let `podman volume prune` show the volumes that are going to be removed
1932399 - IPv6 errors after exiting crictl
1933775 - shortname for ubi8-minimal leads to "Repo not found" error [RHEL 8.5]
1933776 - podman 3.0.1 ships with a v2 go module [RHEL 8.5]
1934415 - Work on 8.5.0 container-tools module.
1934480 - Podman will pull image for rootless CNI
1937641 - Regression: Overlay mounts is broken on existing directories. [rhel-8.5.0]
1937830 - regressions cp command in Podman v3.0 [rhel-8.5.0]
1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
1940037 - toolbox does not provide /:/host mount required for sosreport
1940054 - Support logging into a registry if necessary
1940082 - toolbox does not support a config file
1940493 - [gss][podman]Getting the error while starting container "Error: readlink /var/lib/containers/storage/overlay/l/XXX no such file or directory" [rhel-8.5.0]
1941380 - Podman - secondary groups not available in container when using userns=keep-id
1947432 - podman run --pid=host command causes OCI permission error
1947999 - rootless podman --cgroup-manager=cgroupfs run command causes OCI permission error when CGroups V2 is enabled
1952204 - shortnames for containerized images
1952698 - Permission on /dev/null are changing from 666 to 777 after running podman as root
1957299 - Podman "--format" does not support "join"
1957840 - kubelet service fail to load EnvironmentFile due to SELinux denial
1957904 - Confined selinux users of type staff_u and user_u cannot run rootless podman containers
1958353 - "rootless-cni-infra": executable file not found in $PATH: OCI not found
1960948 - Error refreshing container XXX: error acquiring lock 0 for container
1966538 - Podman returns development version
1966872 - podman's image index corrupted during WAN emulation tests
1969264 - CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation
1972150 - Image fails to prune from registry, preventing subsequent prunes
1972209 - Under load, container failed to be created due to missing cgroup scope
1972211 - When running a lot of one-off containers, podman hangs forever
1972282 - TMPDIR is not working in podman pull and podman load
1972648 - Update shortname list
1973418 - kubelet service fail to load EnvironmentFile due to SELinux denial (Re-opened)
1976283 - podman search does not return an exact match
1977280 - registries.conf mixes v1 and v2 syntax
1977673 - podman v3.2.2 writes image events too early
1978415 - Supply the python-podman package in RHEL 8.5.0
1978556 - podman v3.2.2 - error resolving image of another architecture
1978647 - [RFE] Podman secrets for RHEL 8.4
1979497 - podman v3.2.2 - cannot get logs when running in namespace with /var/log overmounted
1980212 - [Cockpit 8.5] [ja_JP, ko_KR] Podman Container Page is not localized
1982593 - podman 3.2 - CNI-in-slirp4netns DNS gets broken when running a rootful container after running a rootless container
1982762 - podman v3.2.2 - race condition with rootless cni networking
1985499 - podman: Cannot run Fedora 35/RHEL 9 Beta images due to clone3 incompatibility
1985905 - Podman report unsupported pull policy if set imagePullPolicy with capitalized Word
1987049 - inability to start container with runc caused by redundant seccomp rules
1993209 - new containers-common packaging conflicts with redhat-release
1993249 - Make volume removal with third-party drivers consistent with Docker behavior
1995041 - Rebase udica to v0.2.5
1998191 - Suggest a way forward if coreos/toolbox was used
1999144 - podman update to 3.3 removes default network config
2000943 - podman auto update fails to login to registry after podman upgrade to 3.2
2004562 - Switch to using the Toolbox-specific UBI image by default
2005018 - [8.4.0.z] kubelet service fail to load EnvironmentFile due to SELinux denial (Re-opened)
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.src.rpm
cockpit-podman-33-1.module+el8.5.0+12582+56d94c81.src.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.src.rpm
container-selinux-2.167.0-1.module+el8.5.0+12582+56d94c81.src.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.src.rpm
containers-common-1-2.module+el8.5.0+12582+56d94c81.src.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.src.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.src.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.src.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.src.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.src.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.src.rpm
python-podman-3.2.0-2.module+el8.5.0+12582+56d94c81.src.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.src.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.src.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.src.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.src.rpm
udica-0.2.5-2.module+el8.5.0+12582+56d94c81.src.rpm
aarch64:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.aarch64.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.aarch64.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.aarch64.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.aarch64.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.aarch64.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.aarch64.rpm
noarch:
cockpit-podman-33-1.module+el8.5.0+12582+56d94c81.noarch.rpm
container-selinux-2.167.0-1.module+el8.5.0+12582+56d94c81.noarch.rpm
containers-common-1-2.module+el8.5.0+12582+56d94c81.noarch.rpm
podman-docker-3.3.1-9.module+el8.5.0+12697+018f24d7.noarch.rpm
python3-podman-3.2.0-2.module+el8.5.0+12582+56d94c81.noarch.rpm
udica-0.2.5-2.module+el8.5.0+12582+56d94c81.noarch.rpm
ppc64le:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.ppc64le.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.ppc64le.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.ppc64le.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.ppc64le.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.ppc64le.rpm
s390x:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.s390x.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.s390x.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.s390x.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.s390x.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.s390x.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.s390x.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.s390x.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.s390x.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.s390x.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.s390x.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.s390x.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.s390x.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.s390x.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.s390x.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.s390x.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.s390x.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.s390x.rpm
x86_64:
buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm
conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
crit-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
crun-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
podman-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm
python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm
runc-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm
slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm
toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3602
https://access.redhat.com/security/cve/CVE-2021-20291
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYrextzjgjWX9erEAQgZsw//UrBplDsCk50ovZvWcb17FRhaTPTW4oD1
1ju80/AtjQPccjDn3dk/1LLtGmjZIDyHwcI51Azy91h2Gr4aR5oDzeRP+pYogsBr
aGoQkJoJ0NXHVR3rDTePRbsF63d9HBjNHubgvuIWb1OZf1DGKAmxioRwrKMiJfcg
/pGPe6hAj/ieJgFqugDe0KTKSxc0YpFJEHndr9BS+rr/M4sSBTsGGcEj4JMMaRpi
eIeXYV07x5R0CSb/cz2DA5Ol0XKCysB1MK2qxO1iTOx4zCnfqnSF5WN0ATzvcBEZ
dPQUHWtWDWThY1eNINOh+0P38ml3dEdiVPlrSlGojz6ZsaUW1TqbKaXO1hzV6bQq
bN3R+I6eed9xKiMLHFGSR6dycvGdTEoePSxgrHXaMPyXw3OV/vMtNbA1EWPRtyXi
tDc9JNDGAEib9K7YJ+MG3sbpwnKawvEdav5uWeaHC2jQd7y9QFcTsfCZCZLYm2j6
AcD2ow58wLFJ5gzAjLgPJ0YlzlfTG25nKXx2iiMGFcmPimaBVBYvWF60A4jhs605
6luIXgTSnTSe+gQPhRordt4WfjlO3xcV78g75RWXXvBJBG+NSqxo7DtjcJtHUwMY
jHHon+TvBTPIvv0gCXyYw/xN9LMMESVpO+Z1y6dtdyQaIUEtDhFqNA8uKTrD3DZu
2rTJwzhEooo=
=uvmC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYYsNKuNLKJtyKPYoAQhwGg/5AfhzEvKugMIhzIFu+9HX27YN7eNniLO6
xHdFabRFWXWnaNaA/2LsVx5+lz9iNAO8bp2pq8zbcqItu1P0C92ciiGMgy7lBHdF
jnbgWaAz60XUqWtzqQo/X1xlGgw4X2CciuZMwYJsHXKALQ+yAcFnnzgTKzuScqBg
lHgiu4z0wYxyVnQHx2vWN0trSG6zKR3TenHAjXSlrRaewNdrpsA+V9jKe4f0Fh+i
S2CIzxLNR5lCp3z+90EkM7QHIMp8Z45skAI+pd070cJ0FbM28G1aVIRJN885Xjsr
HpiEH6S8I0C5+l2th4/0YqsNAKzEIsOZCoxFKfcPNLWAXR+62kqEmi4ebkfPlwm+
7vfqZPyRpUpy0zrwaBk5yGq95i0dTSQSGytmfTEwpIM5EtuNOqm3mhE1jrUxtHHx
jZKs8TPk+U2tw8HXBtE9O61uRJg93EgGO0GbJEsojzSc0vQLt7OIytT4p3iCsmDi
6LG1w5nu0kQs1DygBDh9mcZPdS6tdMKkLhP3F0y+mB0stSADvIp3v6H47rFb8Cy8
8sQdz1e8o+NhmH1pwDvDUbqWjbOohCq0zzvIQE4UlY1zhVFASWGMEqN3uqS3JvcG
6EwboOB9v7I+mcsFEi+EpxL8WsPI1mYX+jZzvc/sMlYcCIf0P2QVKHDsKFJPEam4
O8YNRDuURtI=
=g8dP
-----END PGP SIGNATURE-----