Описание
ELSA-2020-2117: podman security update (IMPORTANT)
[1.6.4-18.0.1]
- Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483]
- handle redirect from the docker registry v2 [Orabug: 29874238] (nikita.gerasimov@oracle.com)
[1.6.4-18]
- fix 'CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull'
- Resolves: #1806940
[1.6.4-17]
- fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'
- Resolves: #1817743
[1.6.4-16]
- use the full PR 5348 to fix 'no route to host from inside container'
- Resolves: #1806895
[1.6.4-15]
- update fix for 'podman (1.6.4) rhel 8.1 no route to host from inside container'
- Resolves: #1806895
[1.6.4-14]
- fix 'CVE-2020-1702 podman: containers/image: Container images read entire image manifest into memory'
- Resolves: #1810614
[1.6.4-13]
- fix '[FJ8.2 Bug]: [REG]The '--group-add' option of 'podman create' doesn't function.'
- Resolves: #1808702
[1.6.4-12]
- fix 'Podman can't reuse a container name, even if the container that was using it is no longer around'
- Resolves: #1807437
[1.6.4-11]
- fix 'podman exec does not reads from stdin'
- Resolves: #1807586
[1.6.4-10]
- fix 'podman (1.6.4) rhel 8.1 no route to host from inside container'
- Resolves: #1806895
[1.6.4-9]
- fix 'Podman support for FIPS Mode requires a bind mount inside the container'
- Resolves: #1804189
[1.6.4-8]
- Fix CVE-2020-1726
- Resolves: #1801825
[1.6.4-7]
- allow colon be present in tarball name (#1797599)
[1.6.4-6]
- resurrect s390x arch as kernel there now has the renameat2 syscall (#1773504)
[1.6.4-5]
- Fix thread safety of gpgme (#1792243)
[1.6.4-4]
- temporary disable s390x arch due to #1773504 causing fuse-overlayfs failing to build - podman requires it
[1.6.4-3]
- drop libvarlink and hard libseccomp deps: we don't have these in RHEL7.8
[1.6.4-2]
- merge podman-manpages with podman package and put man pages for podman-remote to its dedicated subpackage Resolves: #1788549
[1.6.4-1]
- update to 1.6.4
- split podman and conmon packages
[1.4.4-5]
- Fix CVE-2019-10214.
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
podman
1.6.4-18.0.1.el7_8
podman-docker
1.6.4-18.0.1.el7_8
Oracle Linux x86_64
podman
1.6.4-18.0.1.el7_8
podman-docker
1.6.4-18.0.1.el7_8
Связанные CVE
Связанные уязвимости
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.