Описание
Moderate: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
-
podman: Symlink error leads to information disclosure (CVE-2022-4122)
-
containers/image: digest type does not guarantee valid type (CVE-2024-3727)
-
golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
-
net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Ссылки на источники
Исправления
- Red Hat - 2144983
- Red Hat - 2274767
- Red Hat - 2292668
- Red Hat - 2295310
Связанные уязвимости
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
A vulnerability was found in buildah. Incorrect following of symlinks ...