SUSE-SU-2024:1058-1

Опубликовано: 28 мар. 2024

Источник: suse-cvrf

Описание

Security update for podman

This update for podman fixes the following issues:

CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).

Список пакетов

Container rancher/elemental-teal-rt/5.4:latest

podman-4.4.4-150400.4.22.1

Container rancher/elemental-teal/5.4:latest

podman-4.4.4-150400.4.22.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

podman-docker-4.4.4-150400.4.22.1

podman-remote-4.4.4-150400.4.22.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

podman-docker-4.4.4-150400.4.22.1

podman-remote-4.4.4-150400.4.22.1

SUSE Linux Enterprise Micro 5.3

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

SUSE Linux Enterprise Micro 5.4

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

SUSE Linux Enterprise Server 15 SP4-LTSS

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

podman-docker-4.4.4-150400.4.22.1

podman-remote-4.4.4-150400.4.22.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

podman-docker-4.4.4-150400.4.22.1

podman-remote-4.4.4-150400.4.22.1

openSUSE Leap Micro 5.3

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

openSUSE Leap Micro 5.4

podman-4.4.4-150400.4.22.1

podman-cni-config-4.4.4-150400.4.22.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241058-1/
Link for SUSE-SU-2024:1058-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018241.html
E-Mail link for SUSE-SU-2024:1058-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1221677
SUSE Bug 1221677
https://www.suse.com/security/cve/CVE-2024-1753/
SUSE CVE CVE-2024-1753 page

Описание

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

Затронутые продукты

Container rancher/elemental-teal-rt/5.4:latest:podman-4.4.4-150400.4.22.1

Container rancher/elemental-teal/5.4:latest:podman-4.4.4-150400.4.22.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.4.4-150400.4.22.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-cni-config-4.4.4-150400.4.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-1753.html
CVE-2024-1753
https://bugzilla.suse.com/1221677
SUSE Bug 1221677

SUSE-SU-2024:1058-1

Описание

Список пакетов

Container rancher/elemental-teal-rt/5.4:latest

Container rancher/elemental-teal/5.4:latest

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

openSUSE Leap Micro 5.3

openSUSE Leap Micro 5.4

Ссылки

Уязвимость: CVE-2024-1753

Описание

Затронутые продукты

Ссылки