Описание
ELSA-2024-6194: podman security update (IMPORTANT)
[4.9.4-10.0.1]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36073625]
- Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655]
- Add devices on container startup, not on creation
- Backport fast gzip for compression [Orabug: 36420418]
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]
[4:4.9.4-10]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6b45bb1)
- Resolves: RHEL-53250
[4:4.9.4-9]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1a2d8e3)
- Resolves: RHEL-50507
[4:4.9.4-8]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/affa589)
- Resolves: RHEL-45916
[4:4.9.4-7]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/8fa0c76)
- Resolves: RHEL-40804
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
podman
4.9.4-10.0.1.el9_4
podman-docker
4.9.4-10.0.1.el9_4
podman-plugins
4.9.4-10.0.1.el9_4
podman-remote
4.9.4-10.0.1.el9_4
podman-tests
4.9.4-10.0.1.el9_4
Oracle Linux x86_64
podman
4.9.4-10.0.1.el9_4
podman-docker
4.9.4-10.0.1.el9_4
podman-plugins
4.9.4-10.0.1.el9_4
podman-remote
4.9.4-10.0.1.el9_4
podman-tests
4.9.4-10.0.1.el9_4
Связанные CVE
Связанные уязвимости
ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT)
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
