[El-errata] ELBA-2021-3070 Oracle Linux 8 container-tools:ol8 security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Aug 12 07:04:22 PDT 2021


Oracle Linux Bug Fix Advisory ELBA-2021-3070

http://linux.oracle.com/errata/ELBA-2021-3070.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
buildah-1.21.4-1.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
buildah-tests-1.21.4-1.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
cockpit-podman-32-2.module+el8.4.0+20289+730b73cc.noarch.rpm
conmon-2.0.29-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
containernetworking-plugins-0.9.1-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
containers-common-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
container-selinux-2.164.1-1.module+el8.4.0+20289+730b73cc.noarch.rpm
crit-3.15-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
criu-3.15-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
crun-0.20.1-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
fuse-overlayfs-1.6-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
libslirp-4.3.1-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
libslirp-devel-4.3.1-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+20289+730b73cc.x86_64.rpm
podman-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
podman-catatonit-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
podman-docker-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.noarch.rpm
podman-plugins-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
podman-remote-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
podman-tests-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
python3-criu-3.15-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
runc-1.0.0-74.rc95.module+el8.4.0+20289+730b73cc.x86_64.rpm
skopeo-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
skopeo-tests-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.x86_64.rpm
slirp4netns-1.1.8-1.module+el8.4.0+20289+730b73cc.x86_64.rpm
udica-0.2.4-2.module+el8.4.0+20289+730b73cc.noarch.rpm

aarch64:
buildah-1.21.4-1.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
buildah-tests-1.21.4-1.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
cockpit-podman-32-2.module+el8.4.0+20289+730b73cc.noarch.rpm
conmon-2.0.29-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
containernetworking-plugins-0.9.1-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
containers-common-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
container-selinux-2.164.1-1.module+el8.4.0+20289+730b73cc.noarch.rpm
crit-3.15-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
criu-3.15-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
crun-0.20.1-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
fuse-overlayfs-1.6-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
libslirp-4.3.1-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
libslirp-devel-4.3.1-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+20289+730b73cc.aarch64.rpm
podman-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
podman-catatonit-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
podman-docker-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.noarch.rpm
podman-plugins-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
podman-remote-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
podman-tests-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
python3-criu-3.15-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
runc-1.0.0-74.rc95.module+el8.4.0+20289+730b73cc.aarch64.rpm
skopeo-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
skopeo-tests-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.aarch64.rpm
slirp4netns-1.1.8-1.module+el8.4.0+20289+730b73cc.aarch64.rpm
udica-0.2.4-2.module+el8.4.0+20289+730b73cc.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/buildah-1.21.4-1.0.1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/cockpit-podman-32-2.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.0.29-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containernetworking-plugins-0.9.1-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/container-selinux-2.164.1-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/criu-3.15-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/crun-0.20.1-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/fuse-overlayfs-1.6-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/libslirp-4.3.1-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/podman-3.2.3-0.10.0.1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/runc-1.0.0-74.rc95.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/skopeo-1.3.1-5.0.1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/slirp4netns-1.1.8-1.module+el8.4.0+20289+730b73cc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/udica-0.2.4-2.module+el8.4.0+20289+730b73cc.src.rpm



Description of changes:

buildah
[1.21.4-1.0.1]
- Fixes troubles with oracle registry login [Orabug: 29937283]

[1.21.4-1]
- add buildah-copy helper
- Related: #1954702

[1.21.3-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.21
  (https://github.com/containers/buildah/commit/7f9540d)
- Related: #1954702

[1.21.1-2]
- "buildah version" produces correct output
- Related: #1954702

[1.21.1-1]
- update to buildah 1.21.1 from the release-1.21 upstream branch
- Related: #1954702

[1.19.7-2]
- revert changes to the state of 3.0-8.4.0
- Related: #1954702

[1.20.2-0.2]
- update to the latest content of https://github.com/containers/buildah/tree/master
  (https://github.com/containers/buildah/commit/135d63d)
- Related: #1954702

[1.20.2-0.1]
- update to the latest content of https://github.com/containers/buildah/tree/master
  (https://github.com/containers/buildah/commit/22fc573)
- Related: #1954702

[1.20.1-1]
- update to https://github.com/containers/buildah/releases/tag/v1.20.1
- Related: #1954702

cockpit-podman
[32-2]
- attempt to fix gating tests - thanks for Matej Marusak
- Related: #1954702

[32-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/32
- Related: #1954702

[31-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/31
- Related: #1954702

conmon
[2:2.0.29-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.29
- Related: #1954702

[2:2.0.26-3]
- fix "Permission on /dev/null are changing from 666 to 777 after running podman as root [rhel-8.4.0.z]"
- Resolves: #1961682

[2:2.0.26-2]
- revert back to the state of 3.0-8.4.0
- Related: #1954702

[2:2.0.27-3]
- upload new source tarball
- Related: #1954702

[2:2.0.27-2]
- switch to master branch to fix /dev/null ownership issues
  (https://github.com/containers/conmon/commit/372fa19211cfeabdb2bad52a4ab8a4d1b0b0063c)
- Related: #1954702

[2:2.0.27-1]
- update to https://github.com/containers/conmon/releases/tag/v2.0.27
- Related: #1954702

container-selinux
[2:2.164.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1
- Related: #1954702

[2:2.163.0-1]
- fix the build of 2.163.0
- Related: #1954702

crun
[0.20.1-1]
- update to https://github.com/containers/crun/releases/tag/0.20.1
- Related: #1954702

fuse-overlayfs
[1.6-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.6
- Related: #1954702

[1.4.0-3]
- revert back to the state of 3.0-8.4.0
- Related: #1954702

[1.5.0-2]
- be sure to disable openat2 syscall also with 1.5.0 - this is not supported
  in RHEL8 kernel (yet)
- Related: #1954702

[1.5.0-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.5.0
- Related: #1954702

oci-seccomp-bpf-hook
[1.2.3-2]
- fix build on 8.4.0 with older bcc in buildroot
- Related: #1954702

[1.2.3-1]
- change runc dependency to conflict
- Related: #1954702

[1.2.0-2]
- revert back to 1.2.0 - build issues
- Related: #1883490

[1.2.1-1]
- update to
  https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
- require crun >= 0.17
- Related: #1883490

podman
[3.2.3-0.10.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)

[3.2.3-0.10]
- update to the latest content of https://github.com/containers/podman/tree/v3.2.3-rhel
  (https://github.com/containers/podman/commit/78f0bd7)
- Related: #1954702

[3.2.3-0.9]
- switch to v3.2.3-rhel branch
- Related: #1954702

[3.2.3-0.8]
- update to the latest content of https://github.com/containers/podman/tree/v3.2
  (https://github.com/containers/podman/commit/4136f8b)
- Related: #1954702

[3.2.3-0.7]
- update to the latest content of https://github.com/containers/podman/tree/v3.2
  (https://github.com/containers/podman/commit/60d12f7)
- Related: #1954702

[3.2.3-0.6]
- update to the latest content of https://github.com/containers/podman/tree/v3.2
  (https://github.com/containers/podman/commit/275b0d8)
- Related: #1954702

[3.2.3-0.5]
- install CNI manually as install.cni target is missing from the Makefile
- simplify unit file packaging
- put 87-podman-bridge.conflist to main podman package not podman-remote
- Related: #1954702

[3.2.3-0.4]
- update to the latest content of https://github.com/containers/podman/tree/v3.2
  (https://github.com/containers/podman/commit/6f0bf16)
- Related: #1954702

[3.2.3-0.3]
- install CNI properly
- Related: #1954702

[3.2.3-0.2]
- remove missing unit files
- Related: #1954702

[3.2.3-0.1]
- update to the latest content of https://github.com/containers/podman/tree/v3.2
  (https://github.com/containers/podman/commit/ac740c6)
- Related: #1954702

[3.2.2-2]
- don't install CNI (breaks the build)
- Related: #1954702

[3.2.2-1]
- sync with the current state of 8.5.0
- Related: #1954702

[3.2.2-2]
- update to podman 3.2.2 from v3.2 upstream branch
- Related: #1954702

[3.0.1-7]
- revert back to the state of 3.0-8.4.0
- Related: #1954702

[3.2.0-12]
- require at least conmon >= 2.0.25 to assure rootless podman is able to start containers
- Related: #1954702

[3.2.0-11]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/8dcd5b8)
- Related: #1954702

[3.2.0-10]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/57b6425)
- Related: #1954702

[3.2.0-9]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/54bed10)
- Related: #1954702

[3.2.0-8]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/034470e)
- Related: #1954702

[3.2.0-7]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/b6405c1)
- Related: #1954702

[3.2.0-6]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/ed6f399)
- Related: #1954702

[3.2.0-5]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/8eefca5)
- Related: #1954702

[3.2.0-4]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/9788289)
- Related: #1954702

[3.2.0-3]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/697ec8f)
- Related: #1954702

[3.2.0-2]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/49eb047)
- Related: #1954702

[3.2.0-1]
- update to the latest content of https://github.com/containers/podman/tree/master
  (https://github.com/containers/podman/commit/db67fed)
- Related: #1954702

runc
[1.0.0-74.rc95]
- updated to rc95 to fix CVE-2021-30465
- Related: #1954702

skopeo
[1.3.1-5.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]
- Switch back to the official Oracle Linux image

[1:1.3.1-5]
- move unqualified-search-registries to [registries.search]
- Related: #1954702

[1:1.3.1-4]
- update shortnames from Pyxis
- Related: #1954702

[1:1.3.1-3]
- add direct runc dependency to avoid situation when runc is listed
  as default runtime but only crun is present in RHEL8
- Related: #1954702

[1:1.3.1-2]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.3
  (https://github.com/containers/skopeo/commit/038f70e)
- Related: #1954702

[1:1.3.1-1]
- sync with 8.5.0 branch
- Related: #1954702

[1:1.2.2-13]
- put back ubi8/buildah and ubi8/skopeo as it was released in 8.4
  (only ubi8/podman was not)
- Related: #1972700

[1:1.2.2-12]
- remove all ubi8 references for 8.4 in 002-rhel-shortnames-overrides.conf
- Related: #1972700

[1:1.2.2-11]
- update shortnames
- Related: #1972700

[1:1.2.2-10]
- re-enable release-1.2 branch
- Related: #1954702

[1:1.2.2-9]
- revert back to state of 3.0-8.4.0
- sync shortnames with pyxis
- improve shortnames
- Related: #1954702

[1:1.2.3-2]
- update vendored components versions
- sync shortnames with pyxis
- Related: #1954702

[1:1.2.3-1]
- assure runc is set as default runtime in RHEL8
- update shortnames from upstream
- sync vendored component versions with upstream
- Related: #1954702

[1:1.2.2-8]
- use runc as default OCI runtime in RHEL8
- Resolves: #1940854

udica
[0.2.4-2]
- remove %check again and all related BRs
- Related: #1954702




More information about the El-errata mailing list