红帽产品勘误 RHSA-2024:2180 - Security Advisory
发布:
2024-04-30
已更新:
2024-04-30

RHSA-2024:2180 - Security Advisory

概述

Moderate: runc security update

类型/严重性

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for runc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.

Security Fix(es):

  • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
  • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
  • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
  • golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

修复

  • BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
  • BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
  • BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
  • BZ - 2253193 - CVE-2023-45287 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.
  • RHEL-25116 - Make runc Recommends criu (instead Requires)

Red Hat Enterprise Linux for x86_64 9

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
s390x
runc-1.1.12-2.el9.s390x.rpm SHA-256: 8c64a19ec899afa6c8871bc6f0fe61348d46befeb0b77a81a7620ff8a781a5e2
runc-debuginfo-1.1.12-2.el9.s390x.rpm SHA-256: 428c8f72132a94767bb9e33650ed791da985bd2c1f8641a4bce0bdad241ed5cf
runc-debugsource-1.1.12-2.el9.s390x.rpm SHA-256: 5caf69f1b9d73dd905d098bda36e55ad3d1cc2cce641d4dcb77721ddda46504e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
s390x
runc-1.1.12-2.el9.s390x.rpm SHA-256: 8c64a19ec899afa6c8871bc6f0fe61348d46befeb0b77a81a7620ff8a781a5e2
runc-debuginfo-1.1.12-2.el9.s390x.rpm SHA-256: 428c8f72132a94767bb9e33650ed791da985bd2c1f8641a4bce0bdad241ed5cf
runc-debugsource-1.1.12-2.el9.s390x.rpm SHA-256: 5caf69f1b9d73dd905d098bda36e55ad3d1cc2cce641d4dcb77721ddda46504e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
s390x
runc-1.1.12-2.el9.s390x.rpm SHA-256: 8c64a19ec899afa6c8871bc6f0fe61348d46befeb0b77a81a7620ff8a781a5e2
runc-debuginfo-1.1.12-2.el9.s390x.rpm SHA-256: 428c8f72132a94767bb9e33650ed791da985bd2c1f8641a4bce0bdad241ed5cf
runc-debugsource-1.1.12-2.el9.s390x.rpm SHA-256: 5caf69f1b9d73dd905d098bda36e55ad3d1cc2cce641d4dcb77721ddda46504e

Red Hat Enterprise Linux for Power, little endian 9

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
ppc64le
runc-1.1.12-2.el9.ppc64le.rpm SHA-256: 6e9644326e91d03f934619b063343f47aca34f9832668dae7a70a74c8928c1fa
runc-debuginfo-1.1.12-2.el9.ppc64le.rpm SHA-256: 2c75c37a2fa397b4c7c0d4484d280ad15c7d39b92807d2b7ef5611388a2675f0
runc-debugsource-1.1.12-2.el9.ppc64le.rpm SHA-256: f90427bb026c0ca5c4f91d5800ed7d189f20e631a0311278b8a26bed3f2491c6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
ppc64le
runc-1.1.12-2.el9.ppc64le.rpm SHA-256: 6e9644326e91d03f934619b063343f47aca34f9832668dae7a70a74c8928c1fa
runc-debuginfo-1.1.12-2.el9.ppc64le.rpm SHA-256: 2c75c37a2fa397b4c7c0d4484d280ad15c7d39b92807d2b7ef5611388a2675f0
runc-debugsource-1.1.12-2.el9.ppc64le.rpm SHA-256: f90427bb026c0ca5c4f91d5800ed7d189f20e631a0311278b8a26bed3f2491c6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
ppc64le
runc-1.1.12-2.el9.ppc64le.rpm SHA-256: 6e9644326e91d03f934619b063343f47aca34f9832668dae7a70a74c8928c1fa
runc-debuginfo-1.1.12-2.el9.ppc64le.rpm SHA-256: 2c75c37a2fa397b4c7c0d4484d280ad15c7d39b92807d2b7ef5611388a2675f0
runc-debugsource-1.1.12-2.el9.ppc64le.rpm SHA-256: f90427bb026c0ca5c4f91d5800ed7d189f20e631a0311278b8a26bed3f2491c6

Red Hat Enterprise Linux for ARM 64 9

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
aarch64
runc-1.1.12-2.el9.aarch64.rpm SHA-256: a194403e8027752b36fa3a3f6e82968588ea195edf62cecd7080df4a8c063210
runc-debuginfo-1.1.12-2.el9.aarch64.rpm SHA-256: 86994115573ada10b493f94905ecb010c541bb6e9f88d72c9429b32855dbafdd
runc-debugsource-1.1.12-2.el9.aarch64.rpm SHA-256: fe1c3e324ef134c96359e3053cc5a70481d9eb0c7e827a2278b4f3b5f240cd75

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
aarch64
runc-1.1.12-2.el9.aarch64.rpm SHA-256: a194403e8027752b36fa3a3f6e82968588ea195edf62cecd7080df4a8c063210
runc-debuginfo-1.1.12-2.el9.aarch64.rpm SHA-256: 86994115573ada10b493f94905ecb010c541bb6e9f88d72c9429b32855dbafdd
runc-debugsource-1.1.12-2.el9.aarch64.rpm SHA-256: fe1c3e324ef134c96359e3053cc5a70481d9eb0c7e827a2278b4f3b5f240cd75

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
aarch64
runc-1.1.12-2.el9.aarch64.rpm SHA-256: a194403e8027752b36fa3a3f6e82968588ea195edf62cecd7080df4a8c063210
runc-debuginfo-1.1.12-2.el9.aarch64.rpm SHA-256: 86994115573ada10b493f94905ecb010c541bb6e9f88d72c9429b32855dbafdd
runc-debugsource-1.1.12-2.el9.aarch64.rpm SHA-256: fe1c3e324ef134c96359e3053cc5a70481d9eb0c7e827a2278b4f3b5f240cd75

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
ppc64le
runc-1.1.12-2.el9.ppc64le.rpm SHA-256: 6e9644326e91d03f934619b063343f47aca34f9832668dae7a70a74c8928c1fa
runc-debuginfo-1.1.12-2.el9.ppc64le.rpm SHA-256: 2c75c37a2fa397b4c7c0d4484d280ad15c7d39b92807d2b7ef5611388a2675f0
runc-debugsource-1.1.12-2.el9.ppc64le.rpm SHA-256: f90427bb026c0ca5c4f91d5800ed7d189f20e631a0311278b8a26bed3f2491c6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
ppc64le
runc-1.1.12-2.el9.ppc64le.rpm SHA-256: 6e9644326e91d03f934619b063343f47aca34f9832668dae7a70a74c8928c1fa
runc-debuginfo-1.1.12-2.el9.ppc64le.rpm SHA-256: 2c75c37a2fa397b4c7c0d4484d280ad15c7d39b92807d2b7ef5611388a2675f0
runc-debugsource-1.1.12-2.el9.ppc64le.rpm SHA-256: f90427bb026c0ca5c4f91d5800ed7d189f20e631a0311278b8a26bed3f2491c6

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
x86_64
runc-1.1.12-2.el9.x86_64.rpm SHA-256: 85e8f6fdb33dfbceb39db2d1bf5bc0e9b86ea2f697df28a693b5e8aafd85659c
runc-debuginfo-1.1.12-2.el9.x86_64.rpm SHA-256: 958fbfc7c10fb71c50d517f4336a0ebced7c58d4478cbf90d7ac78dc03cd6a75
runc-debugsource-1.1.12-2.el9.x86_64.rpm SHA-256: 92e3da221d108eb46eaa7b86d3258929b4779020181b77594cf68adf6cdb7055

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
aarch64
runc-1.1.12-2.el9.aarch64.rpm SHA-256: a194403e8027752b36fa3a3f6e82968588ea195edf62cecd7080df4a8c063210
runc-debuginfo-1.1.12-2.el9.aarch64.rpm SHA-256: 86994115573ada10b493f94905ecb010c541bb6e9f88d72c9429b32855dbafdd
runc-debugsource-1.1.12-2.el9.aarch64.rpm SHA-256: fe1c3e324ef134c96359e3053cc5a70481d9eb0c7e827a2278b4f3b5f240cd75

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
aarch64
runc-1.1.12-2.el9.aarch64.rpm SHA-256: a194403e8027752b36fa3a3f6e82968588ea195edf62cecd7080df4a8c063210
runc-debuginfo-1.1.12-2.el9.aarch64.rpm SHA-256: 86994115573ada10b493f94905ecb010c541bb6e9f88d72c9429b32855dbafdd
runc-debugsource-1.1.12-2.el9.aarch64.rpm SHA-256: fe1c3e324ef134c96359e3053cc5a70481d9eb0c7e827a2278b4f3b5f240cd75

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
s390x
runc-1.1.12-2.el9.s390x.rpm SHA-256: 8c64a19ec899afa6c8871bc6f0fe61348d46befeb0b77a81a7620ff8a781a5e2
runc-debuginfo-1.1.12-2.el9.s390x.rpm SHA-256: 428c8f72132a94767bb9e33650ed791da985bd2c1f8641a4bce0bdad241ed5cf
runc-debugsource-1.1.12-2.el9.s390x.rpm SHA-256: 5caf69f1b9d73dd905d098bda36e55ad3d1cc2cce641d4dcb77721ddda46504e

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
runc-1.1.12-2.el9.src.rpm SHA-256: eb8f18b6136ebe3c5822b85863a100e28834e175a76b64cbf6626a9184a494c8
s390x
runc-1.1.12-2.el9.s390x.rpm SHA-256: 8c64a19ec899afa6c8871bc6f0fe61348d46befeb0b77a81a7620ff8a781a5e2
runc-debuginfo-1.1.12-2.el9.s390x.rpm SHA-256: 428c8f72132a94767bb9e33650ed791da985bd2c1f8641a4bce0bdad241ed5cf
runc-debugsource-1.1.12-2.el9.s390x.rpm SHA-256: 5caf69f1b9d73dd905d098bda36e55ad3d1cc2cce641d4dcb77721ddda46504e

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/