ALSA-2020:1650

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/8/ALSA-2020-1650.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1650.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2020:1650
Related
Published
2020-04-28T09:01:00Z
Modified
2020-04-28T09:00:50Z
Summary
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Details

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921)

  • containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

  • podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / crit

Package

Name
crit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.3.0+2044+12421f43

AlmaLinux:8 / crit

Package

Name
crit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.4.0+2496+12421f43

AlmaLinux:8 / crit

Package

Name
crit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.5.0+119+9a9ec082

AlmaLinux:8 / criu

Package

Name
criu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.4.0+2496+12421f43

AlmaLinux:8 / criu

Package

Name
criu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.3.0+2044+12421f43

AlmaLinux:8 / criu

Package

Name
criu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.5.0+119+9a9ec082

AlmaLinux:8 / python-podman-api

Package

Name
python-podman-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / python-podman-api

Package

Name
python-podman-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-0.2.gitd0a45fe.module_el8.5.0+108+00865455

AlmaLinux:8 / python3-criu

Package

Name
python3-criu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.3.0+2044+12421f43

AlmaLinux:8 / python3-criu

Package

Name
python3-criu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.4.0+2496+12421f43

AlmaLinux:8 / python3-criu

Package

Name
python3-criu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12-9.module_el8.5.0+119+9a9ec082

AlmaLinux:8 / slirp4netns

Package

Name
slirp4netns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.2-3.git21fdece.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / slirp4netns

Package

Name
slirp4netns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.2-3.git21fdece.module_el8.5.0+108+00865455

AlmaLinux:8 / toolbox

Package

Name
toolbox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.7-1.module_el8.5.0+108+00865455

AlmaLinux:8 / toolbox

Package

Name
toolbox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.7-1.module_el8.5.0+2635+e4386a39

AlmaLinux:8 / udica

Package

Name
udica

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.1-2.module_el8.5.0+108+00865455

AlmaLinux:8 / udica

Package

Name
udica

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.1-2.module_el8.5.0+2635+e4386a39