RLSA-2021:1796

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2021:1796.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2021:1796
Related
Published
2021-05-18T06:06:39Z
Modified
2023-02-02T13:20:12.816810Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Details

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)

  • podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / buildah

Package

Name
buildah
Purl
pkg:rpm/rocky-linux/buildah?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.19.7-1.module+el8.4.0+558+7340b765

Rocky Linux:8 / cockpit-podman

Package

Name
cockpit-podman
Purl
pkg:rpm/rocky-linux/cockpit-podman?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:29-2.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / cockpit-podman

Package

Name
cockpit-podman
Purl
pkg:rpm/rocky-linux/cockpit-podman?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:29-2.module+el8.4.0+556+40122d08

Rocky Linux:8 / cockpit-podman

Package

Name
cockpit-podman
Purl
pkg:rpm/rocky-linux/cockpit-podman?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:29-2.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / cockpit-podman

Package

Name
cockpit-podman
Purl
pkg:rpm/rocky-linux/cockpit-podman?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:29-2.module+el8.6.0+783+10209741

Rocky Linux:8 / conmon

Package

Name
conmon
Purl
pkg:rpm/rocky-linux/conmon?distro=rocky-linux-8-4-legacy&epoch=2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.0.26-1.module+el8.4.0+558+7340b765

Rocky Linux:8 / conmon

Package

Name
conmon
Purl
pkg:rpm/rocky-linux/conmon?distro=rocky-linux-8-5-legacy&epoch=2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.0.26-1.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / conmon

Package

Name
conmon
Purl
pkg:rpm/rocky-linux/conmon?distro=rocky-linux-8-6-legacy&epoch=2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.0.26-1.module+el8.6.0+783+10209741

Rocky Linux:8 / containernetworking-plugins

Package

Name
containernetworking-plugins
Purl
pkg:rpm/rocky-linux/containernetworking-plugins?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.9.1-1.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / containernetworking-plugins

Package

Name
containernetworking-plugins
Purl
pkg:rpm/rocky-linux/containernetworking-plugins?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.9.1-1.module+el8.4.0+556+40122d08

Rocky Linux:8 / containernetworking-plugins

Package

Name
containernetworking-plugins
Purl
pkg:rpm/rocky-linux/containernetworking-plugins?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.9.1-1.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / containernetworking-plugins

Package

Name
containernetworking-plugins
Purl
pkg:rpm/rocky-linux/containernetworking-plugins?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.9.1-1.module+el8.6.0+783+10209741

Rocky Linux:8 / container-selinux

Package

Name
container-selinux
Purl
pkg:rpm/rocky-linux/container-selinux?distro=rocky-linux-8-4-legacy&epoch=2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.158.0-1.module+el8.4.0+558+7340b765

Rocky Linux:8 / criu

Package

Name
criu
Purl
pkg:rpm/rocky-linux/criu?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.15-1.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / criu

Package

Name
criu
Purl
pkg:rpm/rocky-linux/criu?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.15-1.module+el8.4.0+556+40122d08

Rocky Linux:8 / criu

Package

Name
criu
Purl
pkg:rpm/rocky-linux/criu?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.15-1.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / criu

Package

Name
criu
Purl
pkg:rpm/rocky-linux/criu?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.15-1.module+el8.6.0+783+10209741

Rocky Linux:8 / fuse-overlayfs

Package

Name
fuse-overlayfs
Purl
pkg:rpm/rocky-linux/fuse-overlayfs?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4.0-2.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / fuse-overlayfs

Package

Name
fuse-overlayfs
Purl
pkg:rpm/rocky-linux/fuse-overlayfs?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4.0-2.module+el8.4.0+558+7340b765

Rocky Linux:8 / fuse-overlayfs

Package

Name
fuse-overlayfs
Purl
pkg:rpm/rocky-linux/fuse-overlayfs?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4.0-2.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / fuse-overlayfs

Package

Name
fuse-overlayfs
Purl
pkg:rpm/rocky-linux/fuse-overlayfs?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4.0-2.module+el8.6.0+783+10209741

Rocky Linux:8 / libslirp

Package

Name
libslirp
Purl
pkg:rpm/rocky-linux/libslirp?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.3.1-1.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / libslirp

Package

Name
libslirp
Purl
pkg:rpm/rocky-linux/libslirp?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.3.1-1.module+el8.4.0+556+40122d08

Rocky Linux:8 / libslirp

Package

Name
libslirp
Purl
pkg:rpm/rocky-linux/libslirp?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.3.1-1.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / libslirp

Package

Name
libslirp
Purl
pkg:rpm/rocky-linux/libslirp?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.3.1-1.module+el8.6.0+783+10209741

Rocky Linux:8 / oci-seccomp-bpf-hook

Package

Name
oci-seccomp-bpf-hook
Purl
pkg:rpm/rocky-linux/oci-seccomp-bpf-hook?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-2.module+el8.4.0+556+40122d08

Rocky Linux:8 / podman

Package

Name
podman
Purl
pkg:rpm/rocky-linux/podman?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.0.1-6.module+el8.4.0+558+7340b765

Rocky Linux:8 / podman

Package

Name
podman
Purl
pkg:rpm/rocky-linux/podman?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.0.1-6.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / skopeo

Package

Name
skopeo
Purl
pkg:rpm/rocky-linux/skopeo?distro=rocky-linux-8-4-legacy&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.2-8.module+el8.5.0+661+c0df01f6

Rocky Linux:8 / slirp4netns

Package

Name
slirp4netns
Purl
pkg:rpm/rocky-linux/slirp4netns?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.8-1.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / slirp4netns

Package

Name
slirp4netns
Purl
pkg:rpm/rocky-linux/slirp4netns?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.8-1.module+el8.4.0+537+38cf4e42

Rocky Linux:8 / slirp4netns

Package

Name
slirp4netns
Purl
pkg:rpm/rocky-linux/slirp4netns?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.8-1.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / slirp4netns

Package

Name
slirp4netns
Purl
pkg:rpm/rocky-linux/slirp4netns?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.8-1.module+el8.6.0+783+10209741

Rocky Linux:8 / toolbox

Package

Name
toolbox
Purl
pkg:rpm/rocky-linux/toolbox?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.0.8-1.module+el8.4.0+556+40122d08

Rocky Linux:8 / udica

Package

Name
udica
Purl
pkg:rpm/rocky-linux/udica?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.2.4-1.module+el8.7.0+1076+9b1c11c1

Rocky Linux:8 / udica

Package

Name
udica
Purl
pkg:rpm/rocky-linux/udica?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.2.4-1.module+el8.4.0+556+40122d08

Rocky Linux:8 / udica

Package

Name
udica
Purl
pkg:rpm/rocky-linux/udica?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.2.4-1.module+el8.5.0+709+440d5e7e

Rocky Linux:8 / udica

Package

Name
udica
Purl
pkg:rpm/rocky-linux/udica?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.2.4-1.module+el8.6.0+783+10209741