Red Hat Enterprise Linux 9 update for podman



Published: 2022-11-15
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2020-28851
CVE-2020-28852
CVE-2021-4024
CVE-2021-20199
CVE-2021-20291
CVE-2021-33197
CVE-2021-34558
CVE-2022-27191
CWE-ID CWE-129
CWE-200
CWE-346
CWE-667
CWE-862
CWE-295
CWE-327
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for ARM 64
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

podman (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Improper Validation of Array Index

EUVDB-ID: #VU68779

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-28851,CVE-2020-28852

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of array index in language.ParseAcceptLanguage while processing a BCP 47 tag. A remote attacker can send a specially crafted HTTP request containing a malformed HTTP Accept-Language header and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU58668

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-4024

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the "podman machine" function. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Origin validation error

EUVDB-ID: #VU50275

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-20199

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to missing authentication when connecting from all sources. A remote attacker can send a specially crafted request and bypass access restrictions to containerized applications.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper locking

EUVDB-ID: #VU62797

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20291

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Missing Authorization

EUVDB-ID: #VU56023

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33197

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to an error in some configurations of ReverseProxy (from net/http/httputil). A remote attacker can drop arbitrary headers and bypass authorization process. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper Certificate Validation

EUVDB-ID: #VU55665

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-34558

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper certificate verification in crypto/tls package in Go when processing X.509 certificates. The application does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU62039

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27191

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64: 9

podman (Red Hat package): before 4.2.0-3.el9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:7954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###