ELSA-2025-15900

Опубликовано: 16 сент. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-15900: podman security update (IMPORTANT)

[5.4.0-13.0.1]

Fix a potential deadlock during podman cp [Orabug: 38252957]
Add devices on container startup, not on creation
overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]

[5:5.4.0-13]

update to the latest content of https://github.com/containers/podman/tree/v5.4-rhel (https://github.com/containers/podman/commit/b0d88c7)
fixes 'CVE-2025-9566 podman: Podman kube play command may overwrite host files [rhel-9.6.z]'
Resolves: RHEL-113152

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

podman

5.4.0-13.0.1.el9_6

podman-docker

5.4.0-13.0.1.el9_6

podman-plugins

5.4.0-13.0.1.el9_6

podman-remote

5.4.0-13.0.1.el9_6

podman-tests

5.4.0-13.0.1.el9_6

Oracle Linux x86_64

podman

5.4.0-13.0.1.el9_6

podman-docker

5.4.0-13.0.1.el9_6

podman-plugins

5.4.0-13.0.1.el9_6

podman-remote

5.4.0-13.0.1.el9_6

podman-tests

5.4.0-13.0.1.el9_6

Связанные CVE

CVE-2025-9566

Ссылки на источники

Связанные уязвимости

CVE-2025-9566

CVSS3: 8.1

ubuntu

4 месяца назад

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1