Detections
Analytics

Oracle Linux 8 : container-tools:ol8 (ELSA-2021-0531)

medium Nessus Plugin ID 146640

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0531 advisory.

 buildah [1.16.7-4.0.1]
 - Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)

 [1.16.7-4]
 - update to the latest content of https://github.com/containers/buildah/tree/release-1.16 (https://github.com/containers/buildah/commit/aaed66b)
 - Related: #1888571

 [1.16.7-3]
 - revert back to buildah-1.16 for the quarterly release
 - Related: #1888571

 [1.19.0-2]
 - bump version to refrect buildah upgrade
 - Related: #1888571

 [1.16.7-2]
 - bump to release-1.19 branch
 - Related: #1888571

 [1.16.5-5]
 - update to the latest content of https://github.com/containers/buildah/tree/release-1.16 (https://github.com/containers/buildah/commit/56ed75b)
 - Related: #1888571

 [1.16.5-4]
 - simplify spec file
 - use short commit ID in tarball name
 - Related: #1888571

 [1.16.5-3]
 - update to the latest content of https://github.com/containers/buildah/tree/release-1.16 (https://github.com/containers/buildah/commit/9e02bf9)
 - Related: #1888571

 [1.16.5-2]
 - use shortcommit ID in branch tarball name
 - Related: #1888571

 [1.16.5-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 cockpit-podman [27.1-3]
 - run much more tests - patch from Matej Marusak
 - Related: #1888571

 [27.1-2]
 - gating tests - always set VM password
 - Related: #1888571

 [27.1-1]
 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/27.1
 - Related: #1888571

 [27-1]
 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/27
 - Related: #1888571

 [26-1]
 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/26
 - Related: #1888571

 [25-5]
 - remove redundant patch
 - Related: #1888571

 [25-4]
 - replace docker.io with quay.io for gating tests due do docker.io new pull rate limit requirements
 - Related: #1888571

 [25-3]
 - test: Cleanup images before pulling the ones we need - thanks to Matej Marusak
 - Related: #1888571

 [25-2]
 - remove hack in tests
 - add LICENSE
 - Related: #1888571

 [25-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 conmon [2:2.0.22-3]
 - exclude i686 as golang is not suppoerted there
 - Related: #1888571

 [2:2.0.22-2]
 - add BR: golang, go-md2man
 - add man pages
 - Related: #1888571

 [2:2.0.22-1]
 - update to https://github.com/containers/conmon/releases/tag/v2.0.22
 - Related: #1888571

 [2:2.0.21-3]
 - simplify spec
 - Related: #1888571

 [2:2.0.21-2]
 - be sure to harden the linked binary
 - compile with debuginfo enabled
 - Related: #1888571

 [2:2.0.21-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 containernetworking-plugins [0.9.0-1]
 - update to https://github.com/containernetworking/plugins/releases/tag/v0.9.0
 - Related: #1888571

 container-selinux [2:2.155.0-1]
 - update to https://github.com/containers/container-selinux/releases/tag/v2.155.0
 - Related: #1888571

 [2:2.154.0-1]
 - update to https://github.com/containers/container-selinux/releases/tag/v2.154.0
 - Related: #1888571

 [2:2.153.0-1]
 - update to https://github.com/containers/container-selinux/releases/tag/v2.153.0
 - Related: #1888571

 [2:2.152.0-1]
 - update to https://github.com/containers/container-selinux/releases/tag/v2.152.0
 - Related: #1888571

 [2:2.151.0-1]
 - update to https://github.com/containers/container-selinux/releases/tag/v2.151.0
 - Related: #1888571

 [2:2.150.0-1]
 - update to https://github.com/containers/container-selinux/releases/tag/v2.150.0
 - Related: #1888571

 [2:2.145.0-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Resolves: #1873064

 criu [3.15-1]
 - update to https://github.com/checkpoint-restore/criu/releases/tag/v3.15
 - Related: #1888571

 [3.14-2]
 - fix 'Need to fix bugs found by coverity.'
 - Related: #1821193

 [3.14-1]
 - synchronize containter-tools 8.3.0 with 8.2.1
 - Related: #1821193

 crun [0.16-2]
 - exclude i686 because of build failures
 - Related: #1888571

 [0.16-1]
 - update to https://github.com/containers/crun/releases/tag/0.16
 - Related: #1888571

 [0.15.1-1]
 - update to https://github.com/containers/crun/releases/tag/0.15.1
 - Related: #1888571

 [0.15-2]
 - backport 'exec: check read bytes from sync' ([email protected]) (https://github.com/containers/crun/issues/511)
 - Related: #1888571

 [0.15-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 fuse-overlayfs [1.3.0-2]
 - disable openat2 syscall again - still unsupported in current RHEL8 kernel
 - Resolves: #1921863

 [1.3.0-1]
 - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.3.0
 - Related: #1888571

 [1.2.0-3]
 - be sure to harden the linked binary
 - Related: #1888571

 [1.2.0-2]
 - ensure fuse module is loaded
 - Related: #1888571

 [1.2.0-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 libslirp oci-seccomp-bpf-hook [1.2.0-1]
 - update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.0
 - Related: #1888571

 podman [2.2.1-7.0.1]
 - Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)

 [2.2.1-7]
 - Resolves: #1925928 - Fix varlink GetVersion()
 - Upstream PR: https://github.com/containers/podman/pull/9274

 [2.2.1-6]
 - update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel (https://github.com/containers/podman/commit/1741f15)
 - Related: #1888571

 [2.2.1-5]
 - update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel (https://github.com/containers/podman/commit/b5bc6a7)
 - Related: #1877188

 [2.2.1-4]
 - add Requires: oci-runtime
 - Related: #1888571

 [2.2.1-3]
 - update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel (https://github.com/containers/podman/commit/14c35f6)
 - Related: #1888571

 [2.2.1-2]
 - update to https://github.com/containers/dnsname/releases/tag/v1.1.1

 [2.2.1-1]
 - update to the latest content of https://github.com/containers/podman/tree/v2.2.1-rhel (https://github.com/containers/podman/commit/a0d478e)
 - Related: #1888571

 [2.2.0-2]
 - attempt to fix gatng tests
 - Related: #1888571

 [2.2.0-1]
 - update to https://github.com/containers/podman/releases/tag/v2.2.0
 - Related: #1888571

 [2.1.1-3]
 - attempt to fix linker error with golang-1.15
 - add Requires: httpd-tools to tests, needed to work around missing htpasswd in docker registry image, thanks to Ed Santiago
 - Related: #1888571

 [2.1.1-2]
 - update to the latest content of https://github.com/containers/podman/tree/v2.1.1-rhel (https://github.com/containers/podman/commit/450615a)
 - Resolves: #1873204
 - Resolves: #1884668

 [2.1.1-1]
 - update podman to 2.1.1-rhel
 - Resolves: #1743687
 - Resolves: #1811570
 - Resolves: #1869322
 - Resolves: #1678546
 - Resolves: #1853455
 - Resolves: #1874271

 python-podman-api [1.2.0-0.2.gitd0a45fe]
 - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL
 - Related: RHELPLAN-25139

 [1.2.0-0.1.gitd0a45fe]
 - Initial package

 runc [1.0.0-70.rc92]
 - add Provides: oci-runtime = 1
 - Related: #1888571

 [1.0.0-69.rc92]
 - still use ExcludeArch as go_arches macro is broken for 8.4
 - Related: #1888571

 skopeo [1:1.2.0-9.0.1]
 - Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
 - Add oracle registry into the conf file [Orabug: 29845934 31306708]

 [1:1.2.0-9]
 - upload proper source tarball
 - Related: #1888571

 [1:1.2.0-8]
 - revert back to version aimed at 8.3.1 - skopeo-1.2.0
 - also downgrade versions of vendored libraries
 - Related: #1888571

 [1:1.2.1-1]
 - update vendored component versions
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.2 (https://github.com/containers/skopeo/commit/2e90a8a)
 - Related: #1888571

 [1:1.2.0-6]
 - always build with debuginfo
 - use less verbose output when compiling
 - Related: #1888571

 [1:1.2.0-5]
 - re-sync config files
 - assure events_logger = 'file'
 - Related: #1888571

 [1:1.2.0-4]
 - change default logging mechanism to use for container engine events in containers.conf to be events_logger = 'file' - it should fix RHEL gating tests for podman nonroot (thanks to Dan Walsh)
 - Related: #1888571

 [1:1.2.0-3]
 - simplify spec file
 - use short commit ID in tarball name
 - Related: #1888571

 [1:1.2.0-2]
 - use shortcommit ID in branch tarball name
 - Related: #1888571

 [1:1.2.0-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 slirp4netns [1.1.8-1]
 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
 - Related: #1888571

 [1.1.7-2]
 - exclude i686 because of build failures
 - Related: #1888571

 [1.1.7-1]
 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.7
 - Related: #1888571

 [1.1.6-2]
 - - be sure to harden the linked binary
 - Related: #1888571

 [1.1.6-1]
 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.6
 - Related: #1888571

 udica [0.2.4-1]
 - update to https://github.com/containers/udica/releases/tag/v0.2.4
 - Related: #1888571

 [0.2.3-1]
 - synchronize with stream-container-tools-rhel8-rhel-8.4.0
 - Related: #1888571

 [0.2.2-1]
 - https://github.com/containers/udica/releases/tag/v0.2.2
 - Related: #1821193

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2021-0531.html

Plugin Details

Severity: Medium

ID: 146640

File Name: oraclelinux_ELSA-2021-0531.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2/20/2021

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2020-14370

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:containernetworking-plugins, p-cpe:/a:oracle:linux:podman-docker, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:podman-plugins, p-cpe:/a:oracle:linux:python-podman-api, p-cpe:/a:oracle:linux:runc, p-cpe:/a:oracle:linux:oci-seccomp-bpf-hook, p-cpe:/a:oracle:linux:crun, p-cpe:/a:oracle:linux:libslirp, p-cpe:/a:oracle:linux:criu, p-cpe:/a:oracle:linux:libslirp-devel, p-cpe:/a:oracle:linux:podman-catatonit, p-cpe:/a:oracle:linux:python3-criu, p-cpe:/a:oracle:linux:container-selinux, p-cpe:/a:oracle:linux:skopeo-tests, p-cpe:/a:oracle:linux:buildah, p-cpe:/a:oracle:linux:conmon, p-cpe:/a:oracle:linux:crit, p-cpe:/a:oracle:linux:containers-common, p-cpe:/a:oracle:linux:cockpit-podman, p-cpe:/a:oracle:linux:slirp4netns, p-cpe:/a:oracle:linux:podman, p-cpe:/a:oracle:linux:fuse-overlayfs, p-cpe:/a:oracle:linux:buildah-tests, p-cpe:/a:oracle:linux:podman-tests, p-cpe:/a:oracle:linux:podman-remote, p-cpe:/a:oracle:linux:udica, p-cpe:/a:oracle:linux:skopeo

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 2/20/2021

Vulnerability Publication Date: 9/22/2020

Reference Information

CVE: CVE-2020-14370