Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:9051

Опубликовано: 19 нояб. 2024
Источник: rocky
Оценка: Important

Описание

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

  • Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)

  • buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)

  • Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
podmanx86_6416.el9_4podman-4.9.4-16.el9_4.x86_64.rpm
podman-dockernoarch16.el9_4podman-docker-4.9.4-16.el9_4.noarch.rpm
podman-pluginsx86_6416.el9_4podman-plugins-4.9.4-16.el9_4.x86_64.rpm
podman-remotex86_6416.el9_4podman-remote-4.9.4-16.el9_4.x86_64.rpm
podman-testsx86_6416.el9_4podman-tests-4.9.4-16.el9_4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-9407
CVE-2024-9675
CVE-2024-9676

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-9051

oracle-oval
7 месяцев назад

ELSA-2024-9051: podman security update (IMPORTANT)

suse-cvrf логотип

SUSE-SU-2024:4303-1

suse-cvrf
6 месяцев назад

Security update for buildah

suse-cvrf логотип

SUSE-SU-2024:3988-1

suse-cvrf
7 месяцев назад

Security update for buildah

suse-cvrf логотип

SUSE-SU-2025:0267-1

suse-cvrf
5 месяцев назад

Security update for podman

oracle-oval логотип

ELSA-2024-9459

oracle-oval
7 месяцев назад

ELSA-2024-9459: buildah security update (IMPORTANT)