[RHSA-2022:7457-01] Moderate: container-tools:rhel8 security, bug fix, and enhancement update

Security announcements for all Red Hat products and services. rhsa-announce at redhat.com
Tue Nov 8 12:55:41 UTC 2022


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:7457-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7457
Issue date:        2022-11-08
CVE Names:         CVE-2021-36221 CVE-2021-41190 CVE-2022-1708 
                   CVE-2022-2990 CVE-2022-27191 CVE-2022-29162 
=====================================================================

1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

* golang: net/http/httputil: panic due to racy read of persistConn after
handler panic (CVE-2021-36221)

* cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)

* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

* buildah: possible information disclosure and modification (CVE-2022-2990)

* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1820551 - Automatically starting a container on boot is not possible through cockpit WebUI
1941727 - Module meta data is wrong
1945929 - Every podman run invocation generates two "Couldn't stat device /dev/char/10:200: No such file or directory" lines in the journal
1974423 - No equivalent buildah bud argument to docker build --ssh
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
1996050 - [RFE] podman to create a rootless container that attempts to publish ports from a host with static IPv6 address.
2005866 - Udica was rebased prematurely
2009264 - Cannot get logs with --follow
2009346 - Podman name resolution not working as expected
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2027662 - Udica crashes when processing inspect file without capabilities
2028408 - Podman healthcheck fails if the command contains unicode characters.
2030195 - Add restart-sec option to systemd generate
2039045 - /etc/containers/registries.conf missing registry.redhat.io terms-based registry definition
2052697 - Inconsistency in how the podman service behaves depending on whether it is providing API via UNIX or TCP socket.
2053990 - runc has unversioned dependency on libseccomp
2055313 - Creating a pod uses bad infra_image registry in podman
2059666 - There is no man page for Containerfile provided by containers-common
2062697 - [cockpit-podman] RHEL 8.7 Tier 0 Localization
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2066145 - The results showed significant difference between with and without --no-stream option for podman stats
2068006 - CentOS Stream 8 podman: symbol lookup error: podman: undefined symbol: seccomp_notify_fd [rhel-8.7.0]
2072452 - error during chown: storage-chown-by-maps: lgetxattr usr/bin/ping: value too large for defined data type
2073958 - Podman v3.4.2 regression with hosts file breaks getHostAddress() call
2078925 - podman command crash with segment fault in rootless user mode
2079759 - skopeo segfaults after rebuild with golang-1.18
2079761 - podman fails to build with golang-1.18
2081836 - networking is broken when building containers due to missing container networking package dependencies
2083570 - symlinks doesn't work on volumes under podman when SELINUX is enabled
2083997 - catatonit not found when starting pod (podman 4.0 under RHEL 8.6)
2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api
2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities
2086757 - Error: plugin type="bridge" failed (add): failed to find plugin "bridge" in path
2090609 - ERRO[0009] Error forwarding signal 18 to container using rootless user with timeout+sleep in the podman run command
2090920 - Podman load keeps stale files in TMPDIR
2093079 - Podman does not detect volume from the volume plugin, unlike docker
2094610 - Healthcheck does not get executed if --interval not specified in Dockerfile
2094875 - podman not being able to mount devices during podman build
2095097 - [RFE] Podman copying the entries of /etc/hosts in the container
2096264 - podman images --format incompatibility with docker
2097865 - Removing podman-2:4.0.2-6.module+el8.6.0+14877+f643d2d6.x86_64 does not remove podman socket if sudo systemctl enable podman.socket has been run prior to yum remove podman
2100740 - podman can not force remove paused container
2102140 - ADD Dockerfile reference is not validating HTTP status code [rhel8]
2102361 - Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems
2102381 - podman image failed with ERRO[0000] Unmounting /home/maor/.local/share/containers/storage/overlay/XX/merged: invalid argument
2113941 - podman did not set selinux labels to symbolic links
2117699 - podman 4.2 version bump
2117928 - Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied
2118231 - mount through procfd: operation not permitted: OCI permission denied
2119072 - podman gating test issues in RHEL8.7
2120651 - Add beta keys to default-policy.json
2121453 - CVE-2022-2990 buildah: possible information disclosure and modification

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.src.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.src.rpm
cockpit-podman-53-1.module+el8.7.0+16772+33343656.src.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.src.rpm
container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.src.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.src.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.src.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.src.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.src.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.src.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.src.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.src.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.src.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm
python-podman-4.2.0-1.module+el8.7.0+16772+33343656.src.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.src.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.src.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.src.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.src.rpm
udica-0.2.6-3.module+el8.7.0+16772+33343656.src.rpm

aarch64:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.aarch64.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.aarch64.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.aarch64.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.aarch64.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.aarch64.rpm

noarch:
cockpit-podman-53-1.module+el8.7.0+16772+33343656.noarch.rpm
container-selinux-2.189.0-1.module+el8.7.0+16772+33343656.noarch.rpm
podman-docker-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm
python3-podman-4.2.0-1.module+el8.7.0+16772+33343656.noarch.rpm
udica-0.2.6-3.module+el8.7.0+16772+33343656.noarch.rpm

ppc64le:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.ppc64le.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.ppc64le.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.ppc64le.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.ppc64le.rpm

s390x:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.s390x.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.s390x.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.s390x.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.s390x.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.s390x.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.s390x.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.s390x.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.s390x.rpm

x86_64:
aardvark-dns-1.1.0-4.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-debugsource-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-tests-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
buildah-tests-debuginfo-1.27.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-debuginfo-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
conmon-debugsource-2.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-debuginfo-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containernetworking-plugins-debugsource-1.1.1-3.module+el8.7.0+16772+33343656.x86_64.rpm
containers-common-1-40.module+el8.7.0+16772+33343656.x86_64.rpm
crit-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-debugsource-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-devel-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-libs-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
criu-libs-debuginfo-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
crun-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
crun-debuginfo-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
crun-debugsource-1.5-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-debuginfo-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
fuse-overlayfs-debugsource-1.9-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-debuginfo-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-debugsource-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
libslirp-devel-4.4.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
netavark-1.1.0-6.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-debuginfo-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
oci-seccomp-bpf-hook-debugsource-1.2.6-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-catatonit-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-catatonit-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-debugsource-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-gvproxy-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-gvproxy-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-plugins-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-plugins-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-remote-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-remote-debuginfo-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
podman-tests-4.2.0-1.module+el8.7.0+16772+33343656.x86_64.rpm
python3-criu-3.15-3.module+el8.7.0+16772+33343656.x86_64.rpm
runc-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
runc-debuginfo-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
runc-debugsource-1.1.4-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-debuginfo-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-debugsource-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
skopeo-tests-1.9.2-1.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-debuginfo-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
slirp4netns-debugsource-1.2.0-2.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-debuginfo-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-debugsource-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm
toolbox-tests-0.0.99.3-0.6.module+el8.7.0+16772+33343656.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-36221
https://access.redhat.com/security/cve/CVE-2021-41190
https://access.redhat.com/security/cve/CVE-2022-1708
https://access.redhat.com/security/cve/CVE-2022-2990
https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-29162
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2pRzdzjgjWX9erEAQhHihAAgrFL0P9/bHWMhFtBpYGiGDrb3gjbezqu
JIDXtNcA5oKpRy6uttd5Hgfqqn1f818ff9rquI0OA4OH7lZrp2vh4vv+p5bHFGGQ
1Iu0ouZdBM/cX6wSM1SHjO9BN7Auoh4RNat5FNSQ9YVdUj6Gwyz9w1ueIxMw3Bsg
/b8ICWyKqQv4PrmZjJrc8Q/b6A828nxVPg57civ+I45QCiXJ7zw8GkD6NtVju7+X
awq5ktcaXk0SMQ4xcbiiBqnbOk5UXuATAXiiCqUClxGQWyfehgXV2d14vf0CgtUk
YVneXMPOnPZOOzmEYES8rdx5z/AOBwV+b5qT36fXyvkndrhDRc5rggJUJLbL6RHk
v5yz1kQpz99Cq0zTNuv14F0qeNM+ygF7SU4xnGUbelZN5qF4tEsPH8PJmkvr4Cc7
7oAz9tZbrODx69799jwzXM7kPBcur/WN82Vq20DfG4GcLAqG472LA7FIb1tT3+9w
I/AgcM8wDAHVKRiAVESFmvPzynfRntX6VPaXqkxKh1J+M7JmiplAIfE2AqRseW29
R+r6QJwEqGYnWCez7gQCvsrjqFgZC8HnYpAd/k22LdDU5Q2r17W5/uDrLPGYC70t
EEvzZ3EehWVCMAf3V7Aawexdm7N6ow4hFLMcgflsOutVsmjs9kvCN84Lm6KlobpY
2ejHAfdliw8=
=m1Pz
-----END PGP SIGNATURE-----


More information about the RHSA-announce mailing list