Описание
ELSA-2022-20240: podman security update (MODERATE)
[1.6.4-36.0.1]
- Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483]
- handle redirect from the docker registry v2 [Orabug: 29874238] (nikita.gerasimov@oracle.com)
- remove changes in NaiveDiffDriver
[1.6.4-36]
- update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/7667df8)
[1.6.4-35]
- update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/e330751)
[1.6.4-34]
- fix RHEL7 regressions - thanks to Valentin Rothberg
[1.6.4-33]
- update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/68af661)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
podman
1.6.4-36.0.1.el7_9
podman-docker
1.6.4-36.0.1.el7_9
Oracle Linux x86_64
podman
1.6.4-36.0.1.el7_9
podman-docker
1.6.4-36.0.1.el7_9
Связанные CVE
Связанные уязвимости
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.