Описание
Security update for podman
This update for podman fixes the following issues:
- CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809).
Список пакетов
SUSE Enterprise Storage 7.1
podman-3.4.7-150300.9.12.1
SUSE Linux Enterprise Micro 5.1
podman-3.4.7-150300.9.12.1
podman-cni-config-3.4.7-150300.9.12.1
SUSE Linux Enterprise Micro 5.2
podman-3.4.7-150300.9.12.1
podman-cni-config-3.4.7-150300.9.12.1
SUSE Linux Enterprise Module for Containers 15 SP3
podman-3.4.7-150300.9.12.1
podman-cni-config-3.4.7-150300.9.12.1
openSUSE Leap 15.3
podman-3.4.7-150300.9.12.1
podman-cni-config-3.4.7-150300.9.12.1
openSUSE Leap Micro 5.2
podman-3.4.7-150300.9.12.1
podman-cni-config-3.4.7-150300.9.12.1
Ссылки
- Link for SUSE-SU-2022:3819-1
- E-Mail link for SUSE-SU-2022:3819-1
- SUSE Security Ratings
- SUSE Bug 1202809
- SUSE CVE CVE-2022-2989 page
Описание
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Затронутые продукты
SUSE Enterprise Storage 7.1:podman-3.4.7-150300.9.12.1
SUSE Linux Enterprise Micro 5.1:podman-3.4.7-150300.9.12.1
SUSE Linux Enterprise Micro 5.1:podman-cni-config-3.4.7-150300.9.12.1
SUSE Linux Enterprise Micro 5.2:podman-3.4.7-150300.9.12.1
Ссылки
- CVE-2022-2989
- SUSE Bug 1202809