Oracle alert ELSA-2023-12578 (buildah)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2023-12578 Important: Oracle Linux 8 buildah security update | |
| Date: | Thu, 10 Aug 2023 11:29:23 -0700 | |
| Message-ID: | <mailman.147.1691692176.15189.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2023-12578 http://linux.oracle.com/errata/ELSA-2023-12578.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm crit-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm crun-1.6-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpm podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.x86_64.rpm skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm aarch64: aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm crit-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm crun-1.6-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpm podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.aarch64.rpm skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpm skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpm slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//buildah-1.24.6-5... http://oss.oracle.com/ol8/SRPMS-updates//cockpit-podman-4... http://oss.oracle.com/ol8/SRPMS-updates//conmon-2.1.4-1.m... http://oss.oracle.com/ol8/SRPMS-updates//containernetwork... http://oss.oracle.com/ol8/SRPMS-updates//containers-commo... http://oss.oracle.com/ol8/SRPMS-updates//container-selinu... http://oss.oracle.com/ol8/SRPMS-updates//criu-3.15-3.modu... http://oss.oracle.com/ol8/SRPMS-updates//crun-1.6-1.modul... http://oss.oracle.com/ol8/SRPMS-updates//fuse-overlayfs-1... http://oss.oracle.com/ol8/SRPMS-updates//libslirp-4.4.0-1... http://oss.oracle.com/ol8/SRPMS-updates//oci-seccomp-bpf-... http://oss.oracle.com/ol8/SRPMS-updates//podman-4.0.2-20.... http://oss.oracle.com/ol8/SRPMS-updates//python-podman-4.... http://oss.oracle.com/ol8/SRPMS-updates//runc-1.1.4-1.0.1... http://oss.oracle.com/ol8/SRPMS-updates//skopeo-1.6.2-6.m... http://oss.oracle.com/ol8/SRPMS-updates//slirp4netns-1.1.... http://oss.oracle.com/ol8/SRPMS-updates//udica-0.2.6-3.mo... Related CVEs: CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 Description of changes: runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata