RHSA-2023:6938

Description

Red Hat Security Advisory: container-tools:4.0 security and bug fix update

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•aardvark-dns

  < 2:1.0.1-38.module+el8.9.0+19098+6e7a5e3f

• redhat•buildah

  < 1:1.24.6-7.module+el8.9.0+19784+443be299

• redhat•buildah-debuginfo

  < 1:1.24.6-7.module+el8.9.0+19784+443be299

• redhat•buildah-debugsource

  < 1:1.24.6-7.module+el8.9.0+19784+443be299

• redhat•buildah-tests

  < 1:1.24.6-7.module+el8.9.0+19784+443be299

• redhat•buildah-tests-debuginfo

  < 1:1.24.6-7.module+el8.9.0+19784+443be299

• redhat•cockpit-podman

  < 0:46-1.module+el8.9.0+19098+6e7a5e3f

• redhat•conmon

  < 2:2.1.4-2.module+el8.9.0+19098+6e7a5e3f

• redhat•conmon-debuginfo

  < 2:2.1.4-2.module+el8.9.0+19098+6e7a5e3f

• redhat•conmon-debugsource

  < 2:2.1.4-2.module+el8.9.0+19098+6e7a5e3f

• redhat•container-selinux

  < 2:2.205.0-3.module+el8.9.0+19098+6e7a5e3f

• redhat•containernetworking-plugins

  < 1:1.1.1-5.module+el8.9.0+19784+443be299

• redhat•containernetworking-plugins-debuginfo

  < 1:1.1.1-5.module+el8.9.0+19784+443be299

• redhat•containernetworking-plugins-debugsource

  < 1:1.1.1-5.module+el8.9.0+19784+443be299

• redhat•containers-common

  < 2:1-38.module+el8.9.0+19098+6e7a5e3f

• redhat•crit

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•criu

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•criu-debuginfo

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•criu-debugsource

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•criu-devel

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•criu-libs

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•criu-libs-debuginfo

  < 0:3.15-3.module+el8.9.0+19243+df4d9ff2

• redhat•crun

  < 0:1.8.3-1.module+el8.9.0+19098+6e7a5e3f

• redhat•crun-debuginfo

  < 0:1.8.3-1.module+el8.9.0+19098+6e7a5e3f

• redhat•crun-debugsource

  < 0:1.8.3-1.module+el8.9.0+19098+6e7a5e3f

• redhat•fuse-overlayfs

  < 0:1.9-2.module+el8.9.0+19098+6e7a5e3f

• redhat•fuse-overlayfs-debuginfo

  < 0:1.9-2.module+el8.9.0+19098+6e7a5e3f

• redhat•fuse-overlayfs-debugsource

  < 0:1.9-2.module+el8.9.0+19098+6e7a5e3f

• redhat•libslirp

  < 0:4.4.0-1.module+el8.9.0+19243+df4d9ff2

• redhat•libslirp-debuginfo

  < 0:4.4.0-1.module+el8.9.0+19243+df4d9ff2

• redhat•libslirp-debugsource

  < 0:4.4.0-1.module+el8.9.0+19243+df4d9ff2

• redhat•libslirp-devel

  < 0:4.4.0-1.module+el8.9.0+19243+df4d9ff2

• redhat•netavark

  < 2:1.0.1-38.module+el8.9.0+19098+6e7a5e3f

• redhat•oci-seccomp-bpf-hook

  < 0:1.2.5-2.module+el8.9.0+19098+6e7a5e3f

• redhat•oci-seccomp-bpf-hook-debuginfo

  < 0:1.2.5-2.module+el8.9.0+19098+6e7a5e3f

• redhat•oci-seccomp-bpf-hook-debugsource

  < 0:1.2.5-2.module+el8.9.0+19098+6e7a5e3f

• redhat•podman

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-catatonit

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-catatonit-debuginfo

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-debuginfo

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-debugsource

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-docker

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-gvproxy

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-gvproxy-debuginfo

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-plugins

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-plugins-debuginfo

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-remote

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-remote-debuginfo

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•podman-tests

  < 2:4.0.2-24.module+el8.9.0+19784+443be299

• redhat•python-podman

  < 0:4.0.0-2.module+el8.9.0+19098+6e7a5e3f

Showing first 50 affected entries in server-rendered view.

References (106)

• https://access.redhat.com/errata/RHSA-2023:6938
• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index
• https://bugzilla.redhat.com/show_bug.cgi?id=2163037
• https://bugzilla.redhat.com/show_bug.cgi?id=2165743
• https://bugzilla.redhat.com/show_bug.cgi?id=2175721
• https://bugzilla.redhat.com/show_bug.cgi?id=2178358
• https://bugzilla.redhat.com/show_bug.cgi?id=2178488
• https://bugzilla.redhat.com/show_bug.cgi?id=2178492
• https://bugzilla.redhat.com/show_bug.cgi?id=2182883
• https://bugzilla.redhat.com/show_bug.cgi?id=2182884
• https://bugzilla.redhat.com/show_bug.cgi?id=2184481
• https://bugzilla.redhat.com/show_bug.cgi?id=2184482
• https://bugzilla.redhat.com/show_bug.cgi?id=2184483
• https://bugzilla.redhat.com/show_bug.cgi?id=2184484
• https://bugzilla.redhat.com/show_bug.cgi?id=2196026
• https://bugzilla.redhat.com/show_bug.cgi?id=2196027
• https://bugzilla.redhat.com/show_bug.cgi?id=2196029
• https://bugzilla.redhat.com/show_bug.cgi?id=2222167
• https://bugzilla.redhat.com/show_bug.cgi?id=2228689
• https://bugzilla.redhat.com/show_bug.cgi?id=2231464
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6938.json
• https://access.redhat.com/security/cve/CVE-2022-3064
• https://www.cve.org/CVERecord?id=CVE-2022-3064
• https://nvd.nist.gov/vuln/detail/CVE-2022-3064
• https://github.com/advisories/GHSA-6q6q-88xp-6f2r
• https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
• https://github.com/go-yaml/yaml/releases/tag/v2.2.4
• https://pkg.go.dev/vuln/GO-2022-0956
• https://access.redhat.com/security/cve/CVE-2022-41723
• https://www.cve.org/CVERecord?id=CVE-2022-41723
• https://nvd.nist.gov/vuln/detail/CVE-2022-41723
• https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
• https://go.dev/cl/468135
• https://go.dev/cl/468295
• https://go.dev/issue/57855
• https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
• https://pkg.go.dev/vuln/GO-2023-1571
• https://vuln.go.dev/ID/GO-2023-1571.json
• https://access.redhat.com/security/cve/CVE-2022-41724
• https://www.cve.org/CVERecord?id=CVE-2022-41724
• https://nvd.nist.gov/vuln/detail/CVE-2022-41724
• https://go.dev/cl/468125
• https://go.dev/issue/58001
• https://pkg.go.dev/vuln/GO-2023-1570
• https://access.redhat.com/security/cve/CVE-2022-41725
• https://www.cve.org/CVERecord?id=CVE-2022-41725
• https://nvd.nist.gov/vuln/detail/CVE-2022-41725
• https://go.dev/cl/468124
• https://go.dev/issue/58006
• https://pkg.go.dev/vuln/GO-2023-1569
• https://access.redhat.com/security/cve/CVE-2023-3978
• https://www.cve.org/CVERecord?id=CVE-2023-3978
• https://nvd.nist.gov/vuln/detail/CVE-2023-3978
• https://go.dev/cl/514896
• https://go.dev/issue/61615
• https://pkg.go.dev/vuln/GO-2023-1988
• https://access.redhat.com/security/cve/CVE-2023-24534
• https://www.cve.org/CVERecord?id=CVE-2023-24534
• https://nvd.nist.gov/vuln/detail/CVE-2023-24534
• https://go.dev/issue/58975
• https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
• https://access.redhat.com/security/cve/CVE-2023-24536
• https://www.cve.org/CVERecord?id=CVE-2023-24536
• https://nvd.nist.gov/vuln/detail/CVE-2023-24536
• https://go.dev/issue/59153
• https://access.redhat.com/security/cve/CVE-2023-24537
• https://www.cve.org/CVERecord?id=CVE-2023-24537
• https://nvd.nist.gov/vuln/detail/CVE-2023-24537
• https://github.com/golang/go/issues/59180
• https://access.redhat.com/security/cve/CVE-2023-24538
• https://www.cve.org/CVERecord?id=CVE-2023-24538
• https://nvd.nist.gov/vuln/detail/CVE-2023-24538
• https://github.com/golang/go/issues/59234
• https://access.redhat.com/security/cve/CVE-2023-24539
• https://www.cve.org/CVERecord?id=CVE-2023-24539
• https://nvd.nist.gov/vuln/detail/CVE-2023-24539
• https://github.com/golang/go/issues/59720
• https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
• https://access.redhat.com/security/cve/CVE-2023-24540
• https://www.cve.org/CVERecord?id=CVE-2023-24540
• https://nvd.nist.gov/vuln/detail/CVE-2023-24540
• https://go.dev/issue/59721
• https://access.redhat.com/security/cve/CVE-2023-25809
• https://www.cve.org/CVERecord?id=CVE-2023-25809
• https://nvd.nist.gov/vuln/detail/CVE-2023-25809
• https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17
• https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
• https://access.redhat.com/security/cve/CVE-2023-27561
• https://www.cve.org/CVERecord?id=CVE-2023-27561
• https://nvd.nist.gov/vuln/detail/CVE-2023-27561
• https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
• https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
• https://github.com/opencontainers/runc/issues/3751
• https://access.redhat.com/security/cve/CVE-2023-28642
• https://www.cve.org/CVERecord?id=CVE-2023-28642
• https://nvd.nist.gov/vuln/detail/CVE-2023-28642
• https://github.com/advisories/GHSA-g2j6-57v7-gm8c
• https://access.redhat.com/security/cve/CVE-2023-29400
• https://www.cve.org/CVERecord?id=CVE-2023-29400
• https://nvd.nist.gov/vuln/detail/CVE-2023-29400
• https://go.dev/issue/59722
• https://access.redhat.com/security/cve/CVE-2023-29406
• https://www.cve.org/CVERecord?id=CVE-2023-29406
• https://nvd.nist.gov/vuln/detail/CVE-2023-29406
• https://groups.google.com/g/golang-announce/c/2q13H6LEEx0