RLSA-2026:3337

Опубликовано: 26 фев. 2026

Источник: rocky

Оценка: Important

Описание

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 9

Наименование	Архитектура	Релиз	RPM
podman	x86_64	14.el9_7	podman-5.6.0-14.el9_7.x86_64.rpm
podman-docker	noarch	14.el9_7	podman-docker-5.6.0-14.el9_7.noarch.rpm
podman-plugins	x86_64	14.el9_7	podman-plugins-5.6.0-14.el9_7.x86_64.rpm
podman-remote	x86_64	14.el9_7	podman-remote-5.6.0-14.el9_7.x86_64.rpm
podman-tests	x86_64	14.el9_7	podman-tests-5.6.0-14.el9_7.x86_64.rpm