Security Vulnerabilities fixed in aardvark-dns RHSA-2022:7822

description-logoDescription

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): podman: possible information disclosure and modification (CVE-2022-2989) buildah: possible information disclosure and modification (CVE-2022-2990) podman: possible information disclosure and modification (CVE-2022-2989) buildah: possible information disclosure and modification (CVE-2022-2990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644) (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645) podman kill may deadlock (BZ#2125647) Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [RHEL 8.7] (BZ#2125648) containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7] (BZ#2125686) ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0] (BZ#2129767) Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark) (BZ#2130234) containers config.json gets empty after sudden power loss (BZ#2130236) PANIC podman API service endpoint handler panic (BZ#2132412) Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390) Skopeo push image to redhat quay with sigstore was failed (BZ#2136406) Podman push image to redhat quay with sigstore was failed (BZ#2136433) Buildah push image to redhat quay with sigstore was failed (BZ#2136438) Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) (BZ#2137295) podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644) (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2125645) podman kill may deadlock (BZ#2125647) Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: OCI permission denied [RHEL 8.7] (BZ#2125648) containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7] (BZ#2125686) ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0] (BZ#2129767) Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark) (BZ#2130234) containers config.json gets empty after sudden power loss (BZ#2130236) PANIC podman API service endpoint handler panic (BZ#2132412) Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network (BZ#2133390) Skopeo push image to redhat quay with sigstore was failed (BZ#2136406) Podman push image to redhat quay with sigstore was failed (BZ#2136433) Buildah push image to redhat quay with sigstore was failed (BZ#2136438) Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns) (BZ#2137295) Enhancement(s): [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911) [RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360) Podman volume plugin timeout should be configurable (BZ#2132992) [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911) [RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360) Podman volume plugin timeout should be configurable (BZ#2132992) SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

aardvark-dns

CVE References

CVE-2022-2990 CVE-2022-2989