Описание
ELSA-2025-20909: podman security update (IMPORTANT)
[5.6.0-6.0.1]
- Add devices on container startup, not on creation
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]
[6:5.6.0-6]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel (https://github.com/containers/podman/commit/61231e1)
- fixes 'Timeouts while pushing Sigstore logs to Rekor - [RHEL 9.7] 0day'
- Resolves: RHEL-111076
[6:5.6.0-5]
- rebuild as last build was built in the wrong tag
- Related: RHEL-110317
[6:5.6.0-4]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel (https://github.com/containers/podman/commit/c5a3735)
- fixes 'Can not find network create and rm message from podman event when set --events-backend to journald - [RHEL 9.7] 0day'
- Resolves: RHEL-110317
[6:5.6.0-3]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel (https://github.com/containers/podman/commit/7078b79)
- fixes 'CVE-2025-9566 podman: Podman kube play command may overwrite host files [rhel-9.7]'
- Resolves: RHEL-113151
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
podman
5.6.0-6.0.1.el9_7
podman-docker
5.6.0-6.0.1.el9_7
podman-plugins
5.6.0-6.0.1.el9_7
podman-remote
5.6.0-6.0.1.el9_7
podman-tests
5.6.0-6.0.1.el9_7
Oracle Linux x86_64
podman
5.6.0-6.0.1.el9_7
podman-docker
5.6.0-6.0.1.el9_7
podman-plugins
5.6.0-6.0.1.el9_7
podman-remote
5.6.0-6.0.1.el9_7
podman-tests
5.6.0-6.0.1.el9_7
Связанные CVE
Связанные уязвимости
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
