Описание
ELSA-2025-20983: podman security update (IMPORTANT)
[5.6.0-6.0.1]
- Add devices on container startup, not on creation
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]
[7:5.6.0-6]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel (https://github.com/containers/podman/commit/2791007)
- fixes '[Minor Incident] CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-10.1.z]'
- Resolves: RHEL-126635
[7:5.6.0-5]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel (https://github.com/containers/podman/commit/61231e1)
- fixes 'Timeouts while pushing Sigstore logs to Rekor - [RHEL 10.1] 0day'
- Resolves: RHEL-111077
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
podman
5.6.0-6.0.1.el10_1
podman-docker
5.6.0-6.0.1.el10_1
podman-remote
5.6.0-6.0.1.el10_1
podman-tests
5.6.0-6.0.1.el10_1
Oracle Linux x86_64
podman
5.6.0-6.0.1.el10_1
podman-docker
5.6.0-6.0.1.el10_1
podman-remote
5.6.0-6.0.1.el10_1
podman-tests
5.6.0-6.0.1.el10_1
Связанные CVE
Связанные уязвимости
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
