Detections
Analytics
RHEL 8 : container-tools:rhel8 (RHSA-2020:1650)
high Nessus Plugin ID 136053
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1650 advisory.The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921)
* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)
* podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?66b1b2d0
http://www.nessus.org/u?dd7b3f20
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/errata/RHSA-2020:1650
https://bugzilla.redhat.com/show_bug.cgi?id=1703245
https://bugzilla.redhat.com/show_bug.cgi?id=1717357
https://bugzilla.redhat.com/show_bug.cgi?id=1731107
https://bugzilla.redhat.com/show_bug.cgi?id=1732704
https://bugzilla.redhat.com/show_bug.cgi?id=1732713
https://bugzilla.redhat.com/show_bug.cgi?id=1748519
https://bugzilla.redhat.com/show_bug.cgi?id=1749999
https://bugzilla.redhat.com/show_bug.cgi?id=1754744
https://bugzilla.redhat.com/show_bug.cgi?id=1754763
https://bugzilla.redhat.com/show_bug.cgi?id=1755119
https://bugzilla.redhat.com/show_bug.cgi?id=1756919
https://bugzilla.redhat.com/show_bug.cgi?id=1757693
https://bugzilla.redhat.com/show_bug.cgi?id=1757845
https://bugzilla.redhat.com/show_bug.cgi?id=1763454
https://bugzilla.redhat.com/show_bug.cgi?id=1766774
https://bugzilla.redhat.com/show_bug.cgi?id=1768930
https://bugzilla.redhat.com/show_bug.cgi?id=1769469
https://bugzilla.redhat.com/show_bug.cgi?id=1771990
https://bugzilla.redhat.com/show_bug.cgi?id=1774755
https://bugzilla.redhat.com/show_bug.cgi?id=1775307
https://bugzilla.redhat.com/show_bug.cgi?id=1776112
https://bugzilla.redhat.com/show_bug.cgi?id=1779834
https://bugzilla.redhat.com/show_bug.cgi?id=1783267
https://bugzilla.redhat.com/show_bug.cgi?id=1783268
https://bugzilla.redhat.com/show_bug.cgi?id=1783270
https://bugzilla.redhat.com/show_bug.cgi?id=1783272
https://bugzilla.redhat.com/show_bug.cgi?id=1783274
https://bugzilla.redhat.com/show_bug.cgi?id=1784267
https://bugzilla.redhat.com/show_bug.cgi?id=1784952
https://bugzilla.redhat.com/show_bug.cgi?id=1788539
https://bugzilla.redhat.com/show_bug.cgi?id=1792796
https://bugzilla.redhat.com/show_bug.cgi?id=1793084
https://bugzilla.redhat.com/show_bug.cgi?id=1793598
https://bugzilla.redhat.com/show_bug.cgi?id=1796107
https://bugzilla.redhat.com/show_bug.cgi?id=1801152
https://bugzilla.redhat.com/show_bug.cgi?id=1802907
https://bugzilla.redhat.com/show_bug.cgi?id=1803496
https://bugzilla.redhat.com/show_bug.cgi?id=1804849
https://bugzilla.redhat.com/show_bug.cgi?id=1805017
https://bugzilla.redhat.com/show_bug.cgi?id=1805212
https://bugzilla.redhat.com/show_bug.cgi?id=1806901
https://bugzilla.redhat.com/show_bug.cgi?id=1808707
https://bugzilla.redhat.com/show_bug.cgi?id=1810053
Plugin Details
Severity: High
ID: 136053
File Name: redhat-RHSA-2020-1650.nasl
Version: 1.11
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/28/2020
Updated: 6/4/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS Score Source: CVE-2020-1726
CVSS v3
Risk Factor: High
Base Score: 7
Temporal Score: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2019-19921
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:conmon, p-cpe:/a:redhat:enterprise_linux:containers-common, p-cpe:/a:redhat:enterprise_linux:buildah-tests, p-cpe:/a:redhat:enterprise_linux:buildah, p-cpe:/a:redhat:enterprise_linux:crit, p-cpe:/a:redhat:enterprise_linux:podman-remote, p-cpe:/a:redhat:enterprise_linux:podman, p-cpe:/a:redhat:enterprise_linux:podman-tests, p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins, p-cpe:/a:redhat:enterprise_linux:container-selinux, p-cpe:/a:redhat:enterprise_linux:skopeo-tests, p-cpe:/a:redhat:enterprise_linux:podman-docker, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:udica, p-cpe:/a:redhat:enterprise_linux:runc, p-cpe:/a:redhat:enterprise_linux:skopeo, p-cpe:/a:redhat:enterprise_linux:toolbox, p-cpe:/a:redhat:enterprise_linux:cockpit-podman, p-cpe:/a:redhat:enterprise_linux:criu, p-cpe:/a:redhat:enterprise_linux:slirp4netns, p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs, p-cpe:/a:redhat:enterprise_linux:python-podman-api, p-cpe:/a:redhat:enterprise_linux:python3-criu
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/28/2020
Vulnerability Publication Date: 1/28/2020