ELSA-2023-12578 Important: Oracle Linux 8 buildah security update

Oracle Linux 6175 Published 2023-08-11 08:04 by Philipp Esselbach

News

A buildah security update has been released for Oracle Linux 8.

ELSA-2023-12578 Important: Oracle Linux 8 buildah security update

Oracle Linux Security Advisory ELSA-2023-12578

http://linux.oracle.com/errata/ELSA-2023-12578.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm
conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm
crit-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
crun-1.6-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpm
podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm
runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.x86_64.rpm
skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.x86_64.rpm
udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm

aarch64:
aardvark-dns-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
buildah-tests-1.24.6-5.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm
conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm
crit-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
criu-devel-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
criu-libs-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
crun-1.6-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
netavark-1.0.1-37.0.1.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
podman-catatonit-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
podman-docker-4.0.2-20.module+el8.8.0+20984+ab6ce66c.noarch.rpm
podman-gvproxy-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
podman-plugins-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
podman-remote-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
podman-tests-4.0.2-20.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
python3-criu-3.15-3.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
python3-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.noarch.rpm
runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.aarch64.rpm
skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
skopeo-tests-1.6.2-6.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.aarch64.rpm
udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//buildah-1.24.6-5.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//cockpit-podman-46-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//conmon-2.1.4-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//containernetworking-plugins-1.1.1-2.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//containers-common-1-37.0.1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//container-selinux-2.199.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//criu-3.15-3.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//crun-1.6-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//fuse-overlayfs-1.9-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//libslirp-4.4.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//podman-4.0.2-20.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-podman-4.0.0-1.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//runc-1.1.4-1.0.1.module+el8.8.0+21118+db7590d7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//skopeo-1.6.2-6.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//slirp4netns-1.1.8-2.module+el8.8.0+20984+ab6ce66c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//udica-0.2.6-3.module+el8.8.0+20984+ab6ce66c.src.rpm

Related CVEs:

CVE-2023-25809
CVE-2023-27561
CVE-2023-28642

Description of changes:

runc
[1:1.1.4-1.0.1]
- rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809
- rootfs: prohibit symlinks that conflicts with readonlyPaths
and/or maskedPaths to prevent CVE-2023-27561
- Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642

ELSA-2023-12588 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELEA-2023-4372 Oracle Linux 9 WALinuxAgent bug fix update

ELSA-2023-12578 Important: Oracle Linux 8 buildah security update

ELSA-2023-12578 Important: Oracle Linux 8 buildah security update

Windows

Linux

macOS

Community