ELSA-2025-3336

Опубликовано: 27 мар. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-3336: podman security update (IMPORTANT)

[5.2.2-15.0.1]

podman: do not set rlimits to the default value [Orabug: 37310981]
Add devices on container startup, not on creation
overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]

[4:5.2.2-15]

update to the latest content of https://github.com/containers/podman/tree/v5.2-rhel (https://github.com/containers/podman/commit/a2d774c)
fixes 'Excessive memory leak due to uncontrolled accumulation of health.log entries in Podman 5.x - [RHEL 9.5] Zstream'
Resolves: RHEL-83558

[4:5.2.2-14]

update to the latest content of https://github.com/containers/podman/tree/v5.2-rhel (https://github.com/containers/podman/commit/ea1bef4)
fixes 'CVE-2025-22869 podman: Potential denial of service in golang.org/x/crypto [rhel-9.5.z]'
Resolves: RHEL-81318

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

podman

5.2.2-15.0.1.el9_5

podman-docker

5.2.2-15.0.1.el9_5

podman-plugins

5.2.2-15.0.1.el9_5

podman-remote

5.2.2-15.0.1.el9_5

podman-tests

5.2.2-15.0.1.el9_5

Oracle Linux x86_64

podman

5.2.2-15.0.1.el9_5

podman-docker

5.2.2-15.0.1.el9_5

podman-plugins

5.2.2-15.0.1.el9_5

podman-remote

5.2.2-15.0.1.el9_5

podman-tests

5.2.2-15.0.1.el9_5

Связанные CVE

CVE-2025-22869

Ссылки на источники

Связанные уязвимости

CVE-2025-22869

CVSS3: 7.5

ubuntu

4 месяца назад

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.