Vulnerabilities > CVE-2020-1702

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
local
low complexity
containers-image-project
redhat
nessus

Summary

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1234.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135084
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135084
    titleRHEL 7 : docker (RHSA-2020:1234)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1234. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135084);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14");
    
      script_cve_id("CVE-2019-16884", "CVE-2020-1702", "CVE-2020-8945");
      script_xref(name:"RHSA", value:"2020:1234");
    
      script_name(english:"RHEL 7 : docker (RHSA-2020:1234)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1234 advisory.
    
      - runc: AppArmor/SELinux bypass with malicious image that
        specifies a volume at /proc (CVE-2019-16884)
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
      - proglottis/gpgme: Use-after-free in GPGME bindings
        during container image pull (CVE-2020-8945)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/41.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1234");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16884");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1784228");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795376");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796451");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(41, 400, 416);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-logrotate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-lvm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-novolume-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-rhel-push-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-v1.10-migrator");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker / docker-client / docker-common / etc');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1227.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. - podman: resolving symlink in host filesystem leads to unexpected results of copy operation (CVE-2019-18466) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135081
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135081
    titleRHEL 7 : podman (RHSA-2020:1227)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1227. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135081);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2019-18466", "CVE-2020-1702");
      script_xref(name:"RHSA", value:"2020:1227");
    
      script_name(english:"RHEL 7 : podman (RHSA-2020:1227)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1227 advisory.
    
      - podman: resolving symlink in host filesystem leads to
        unexpected results of copy operation (CVE-2019-18466)
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/59.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1227");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-18466");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1650395");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1758509");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788549");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1797599");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1806895");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1807437");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1807586");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1808702");
      script_set_attribute(attribute:"solution", value:
    "Update the affected podman and / or podman-docker packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(59, 400);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'podman-1.6.4-16.el7_8', 'cpu':'s390x', 'release':'7'},
        {'reference':'podman-1.6.4-16.el7_8', 'cpu':'x86_64', 'release':'7'},
        {'reference':'podman-docker-1.6.4-16.el7_8', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'podman / podman-docker');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2116.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-15
    modified2020-05-12
    plugin id136521
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136521
    titleRHEL 7 : buildah (RHSA-2020:2116)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2116. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136521);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13");
    
      script_cve_id("CVE-2020-1702", "CVE-2020-10696");
      script_xref(name:"RHSA", value:"2020:2116");
    
      script_name(english:"RHEL 7 : buildah (RHSA-2020:2116)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as
    referenced in the RHSA-2020:2116 advisory.
    
      - buildah: Crafted input tar file may lead to local file
        overwrite during image build process (CVE-2020-10696)
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2116");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-10696");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1817651");
      script_set_attribute(attribute:"solution", value:
    "Update the affected buildah package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10696");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(22, 400);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'buildah-1.11.6-11.el7_8', 'cpu':'s390x', 'release':'7'},
        {'reference':'buildah-1.11.6-11.el7_8', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1650.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-28
    plugin id136053
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136053
    titleRHEL 8 : container-tools:rhel8 (RHSA-2020:1650)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1650. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136053);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");
    
      script_cve_id("CVE-2019-19921", "CVE-2020-1702", "CVE-2020-1726");
      script_xref(name:"RHSA", value:"2020:1650");
    
      script_name(english:"RHEL 8 : container-tools:rhel8 (RHSA-2020:1650)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1650 advisory.
    
      - runc: volume mount race condition with shared mounts
        leads to information leak/integrity manipulation
        (CVE-2019-19921)
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
      - podman: incorrectly allows existing files in volumes to
        be overwritten by a container when it is created
        (CVE-2020-1726)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/41.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/552.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1650");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19921");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1726");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796107");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1801152");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1726");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(41, 400, 552);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-podman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:conmon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:container-selinux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:crit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-remote");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-podman-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-criu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:toolbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:udica");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
    if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');
    if ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);
    
    appstreams = {
        'container-tools:rhel8': [
          {'reference':'buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'s390x', 'release':'8'},
          {'reference':'buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'s390x', 'release':'8'},
          {'reference':'buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'s390x', 'release':'8'},
          {'reference':'buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'cockpit-podman-12-1.module+el8.2.0+5950+6d183a6a', 'release':'8'},
          {'reference':'conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
          {'reference':'conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
          {'reference':'conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
          {'reference':'container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4', 'release':'8', 'epoch':'2'},
          {'reference':'containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'s390x', 'release':'8'},
          {'reference':'containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'containernetworking-plugins-debugsource-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'containernetworking-plugins-debugsource-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'s390x', 'release':'8'},
          {'reference':'containernetworking-plugins-debugsource-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'crit-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'crit-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'},
          {'reference':'crit-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'},
          {'reference':'criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'criu-debugsource-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'criu-debugsource-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'},
          {'reference':'criu-debugsource-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'s390x', 'release':'8'},
          {'reference':'fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'fuse-overlayfs-debugsource-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'fuse-overlayfs-debugsource-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'s390x', 'release':'8'},
          {'reference':'fuse-overlayfs-debugsource-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'podman-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'podman-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'},
          {'reference':'podman-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'podman-debugsource-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'podman-debugsource-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'},
          {'reference':'podman-debugsource-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'podman-docker-1.6.4-10.module+el8.2.0+6063+e761893a', 'release':'8'},
          {'reference':'podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'},
          {'reference':'podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'},
          {'reference':'podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9', 'release':'8'},
          {'reference':'python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'},
          {'reference':'python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'aarch64', 'release':'8'},
          {'reference':'runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'s390x', 'release':'8'},
          {'reference':'runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'x86_64', 'release':'8'},
          {'reference':'runc-debugsource-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'aarch64', 'release':'8'},
          {'reference':'runc-debugsource-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'s390x', 'release':'8'},
          {'reference':'runc-debugsource-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'x86_64', 'release':'8'},
          {'reference':'skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-debugsource-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-debugsource-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-debugsource-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'s390x', 'release':'8'},
          {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'aarch64', 'release':'8'},
          {'reference':'slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'s390x', 'release':'8'},
          {'reference':'slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'x86_64', 'release':'8'},
          {'reference':'toolbox-0.0.7-1.module+el8.2.0+6096+9c3f08f3', 'release':'8'},
          {'reference':'udica-0.2.1-2.module+el8.2.0+4896+8f613c81', 'release':'8'}
        ],
    };
    
    flag = 0;
    appstreams_found = 0;
    foreach module (keys(appstreams)) {
      appstream = NULL;
      appstream_name = NULL;
      appstream_version = NULL;
      appstream_split = split(module, sep:':', keep:FALSE);
      if (!empty_or_null(appstream_split)) {
        appstream_name = appstream_split[0];
        appstream_version = appstream_split[1];
        appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
      }
      if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
        appstreams_found++;
        foreach package_array ( appstreams[module] ) {
          reference = NULL;
          release = NULL;
          sp = NULL;
          cpu = NULL;
          el_string = NULL;
          rpm_spec_vers_cmp = NULL;
          epoch = NULL;
          if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
          if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
          if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
          if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
          if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
          if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
          if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
          if (reference && release) {
            if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
          }
        }
      }
    }
    
    if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-debugsource / buildah-tests / etc');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1937.NASL
    descriptionThe remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-08
    modified2020-05-05
    plugin id136320
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136320
    titleRHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1937. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136320);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14");
    
      script_cve_id("CVE-2020-1702", "CVE-2020-8945");
      script_xref(name:"RHSA", value:"2020:1937");
    
      script_name(english:"RHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1937 advisory.
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
      - proglottis/gpgme: Use-after-free in GPGME bindings
        during container image pull (CVE-2020-8945)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1937");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795838");
      script_set_attribute(attribute:"solution", value:
    "Update the affected cri-o and / or cri-o-debugsource packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(400, 416);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el7");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o-debugsource");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^(7|8)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'cri-o-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'cri-o-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'cri-o-debugsource-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8', 'cpu':'x86_64', 'release':'8'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-o / cri-o-debugsource');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2218.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2218 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-01
    plugin id136977
    published2020-06-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136977
    titleRHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2218)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2218. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136977);
      script_version("1.1");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2020-1702");
      script_xref(name:"RHSA", value:"2020:2218");
    
      script_name(english:"RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2218)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in
    the RHSA-2020:2218 advisory.
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2218");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796");
      script_set_attribute(attribute:"solution", value:
    "Update the affected cri-o package.");
      script_set_attribute(attribute:"risk_factor", value:"Low");
      script_cwe_id(400);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:3.11");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:3.11::el7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'cri-o-1.11.16-0.9.dev.rhaos3.11.git6d43aae.el7', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-o');
    }
    

Redhat

rpms
  • podman-0:1.6.4-16.el7_8
  • podman-debuginfo-0:1.6.4-16.el7_8
  • podman-docker-0:1.6.4-16.el7_8
  • docker-2:1.13.1-161.git64e9980.el7_8
  • docker-client-2:1.13.1-161.git64e9980.el7_8
  • docker-common-2:1.13.1-161.git64e9980.el7_8
  • docker-debuginfo-2:1.13.1-161.git64e9980.el7_8
  • docker-logrotate-2:1.13.1-161.git64e9980.el7_8
  • docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8
  • buildah-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-debuginfo-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-debugsource-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-tests-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-tests-debuginfo-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • cockpit-podman-0:12-1.module+el8.2.0+5950+6d183a6a
  • conmon-2:2.0.6-1.module+el8.2.0+5182+3136e5d4
  • container-selinux-2:2.124.0-1.module+el8.2.0+5182+3136e5d4
  • containernetworking-plugins-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containernetworking-plugins-debuginfo-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containernetworking-plugins-debugsource-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containers-common-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • crit-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-debuginfo-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-debugsource-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • fuse-overlayfs-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • fuse-overlayfs-debuginfo-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • fuse-overlayfs-debugsource-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • podman-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-debuginfo-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-debugsource-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-docker-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-remote-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-remote-debuginfo-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-tests-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • python-podman-api-0:1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9
  • python3-criu-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • runc-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • runc-debuginfo-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • runc-debugsource-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • skopeo-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-debuginfo-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-debugsource-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-tests-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • slirp4netns-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • slirp4netns-debuginfo-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • slirp4netns-debugsource-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • toolbox-0:0.0.7-1.module+el8.2.0+6096+9c3f08f3
  • udica-0:0.2.1-2.module+el8.2.0+4896+8f613c81
  • cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7
  • cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
  • cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7
  • cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
  • cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
  • buildah-0:1.11.6-11.el7_8
  • buildah-debuginfo-0:1.11.6-11.el7_8
  • cri-o-0:1.11.16-0.9.dev.rhaos3.11.git6d43aae.el7
  • cri-o-debuginfo-0:1.11.16-0.9.dev.rhaos3.11.git6d43aae.el7