Описание
ELSA-2024-3826: podman security and bug fix update (MODERATE)
[4.9.4-4.0.1]
- Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655]
- Add devices on container startup, not on creation
- Backport fast gzip for compression [Orabug: 36420418]
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]
[4:4.9.4-4]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/4afc71a)
- Resolves: RHEL-28735
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
podman
4.9.4-4.0.1.el9_4
podman-docker
4.9.4-4.0.1.el9_4
podman-plugins
4.9.4-4.0.1.el9_4
podman-remote
4.9.4-4.0.1.el9_4
podman-tests
4.9.4-4.0.1.el9_4
Oracle Linux x86_64
podman
4.9.4-4.0.1.el9_4
podman-docker
4.9.4-4.0.1.el9_4
podman-plugins
4.9.4-4.0.1.el9_4
podman-remote
4.9.4-4.0.1.el9_4
podman-tests
4.9.4-4.0.1.el9_4
Связанные CVE
Связанные уязвимости
ELSA-2024-3827: buildah security and bug fix update (MODERATE)
ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.