Detections
Analytics

Oracle Linux 8 : container-tools:4.0 (ELSA-2022-7469)

high Nessus Plugin ID 167561

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7469 advisory.

 buildah [1:1.24.5-2]
 - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 (https://github.com/containers/buildah/commit/8cc4586)
 - Related: #2061390

 [1:1.24.5-1]
 - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 (https://github.com/containers/buildah/commit/83c5f26)
 - Related: #2061390

 cockpit-podman [46-1]
 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46
 - Related: #2061390

 conmon [2:2.1.4-1]
 - update to https://github.com/containers/conmon/releases/tag/v2.1.4
 - Related: #2061390

 containernetworking-plugins [1:1.1.1-2]
 - bump golang BR to 1.17.7
 - Related: #2061390

 [1:1.1.1-1]
 - update to https://github.com/containernetworking/plugins/releases/tag/v1.1.1
 - Related: #2061390

 containers-common [2:1-35.0.1]
 - Updated removed references [Orabug: 33473101] (Alex Burmashev)
 - Adjust registries.conf (Nikita Gerasimov)
 - remove references to RedHat registry (Nikita Gerasimov)

 [2:1-35]
 - update vendored components and configuration files
 - Related: #2061390

 [2:1-34]
 - update shortnames and be sure to remove rhel-els
 - Related: #2061390

 [2:1-33]
 - additional fix for unqualified registries
 - Related: #2061390

 oci-seccomp-bpf-hook [1.2.5-1]
 - update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.5
 - Related: #2061390

 podman [2:4.0.2-8]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/33084eb)
 - Related: #2061390

 [2:4.0.2-7]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/3efe4c2)
 - Related: #2061390

 [2:4.0.2-6]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/bfc8b36)
 - Related: #2061390

 [2:4.0.2-5]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/2e12f02)
 - Related: #2061390

 [2:4.0.2-4]
 - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18
 - Related: #2061390

 [2:4.0.2-3]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/6cb5039)
 - Related: #2061390

 [2:4.0.2-2]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/ce91610)
 - Related: #2061390

 [2:4.0.2-1]
 - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/94aa329)
 - Related: #2061390

 python-podman [4.0.0-1]
 - bump to v4.0.0
 - Related: #2001445

 runc [1:1.1.4-1]
 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4
 - Related: #2061390

 skopeo [2:1.6.2-5]
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/c20c32d)
 - Related: #2061390

 [2:1.6.2-4]
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/f952195)
 - Related: #2061390

 [2:1.6.2-3]
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/4414e52)
 - Related: #2061390

 [2:1.6.2-2]
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/4336972)
 - Related: #2061390

 [2:1.6.2-1]
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/540efb3)
 - Related: #2061390

 slirp4netns [1.1.8-2]
 - fix gating - dont use insecure functions - thanks to Marc-Andre Lureau
 - Related: #2001445

 [1.1.8-1]
 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
 - Related: #1883490

 udica [0.2.6-3]
 - Make sure each section of the inspect exists before accessing (#2027662)

 [0.2.6-2]
 - Require container-selinux shipping policy templates (#2005866)

 [0.2.6-1]
 - update to https://github.com/containers/udica/releases/tag/v0.2.6
 - Related: #2001445

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2022-7469.html

Plugin Details

Severity: High

ID: 167561

File Name: oraclelinux_ELSA-2022-7469.nasl

Version: 1.6

Type: local

Agent: unix

Published: 11/15/2022

Updated: 11/1/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-29162

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:containernetworking-plugins, p-cpe:/a:oracle:linux:aardvark-dns, p-cpe:/a:oracle:linux:podman-docker, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:podman-plugins, p-cpe:/a:oracle:linux:runc, p-cpe:/a:oracle:linux:oci-seccomp-bpf-hook, p-cpe:/a:oracle:linux:crun, p-cpe:/a:oracle:linux:libslirp, p-cpe:/a:oracle:linux:criu, p-cpe:/a:oracle:linux:libslirp-devel, p-cpe:/a:oracle:linux:podman-catatonit, p-cpe:/a:oracle:linux:podman-gvproxy, p-cpe:/a:oracle:linux:container-selinux, p-cpe:/a:oracle:linux:netavark, p-cpe:/a:oracle:linux:buildah, p-cpe:/a:oracle:linux:python3-criu, p-cpe:/a:oracle:linux:skopeo-tests, p-cpe:/a:oracle:linux:conmon, p-cpe:/a:oracle:linux:crit, p-cpe:/a:oracle:linux:containers-common, p-cpe:/a:oracle:linux:cockpit-podman, p-cpe:/a:oracle:linux:slirp4netns, p-cpe:/a:oracle:linux:podman, p-cpe:/a:oracle:linux:criu-libs, p-cpe:/a:oracle:linux:python3-podman, p-cpe:/a:oracle:linux:fuse-overlayfs, p-cpe:/a:oracle:linux:buildah-tests, p-cpe:/a:oracle:linux:podman-tests, p-cpe:/a:oracle:linux:podman-remote, p-cpe:/a:oracle:linux:udica, p-cpe:/a:oracle:linux:skopeo, p-cpe:/a:oracle:linux:criu-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/15/2022

Vulnerability Publication Date: 3/18/2022

Reference Information

CVE: CVE-2022-1708, CVE-2022-27191, CVE-2022-29162