Описание
Security update for podman
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
Список пакетов
SUSE Enterprise Storage 7.1
podman-4.9.5-150300.9.31.1
podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
podman-4.9.5-150300.9.31.1
podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise Micro 5.1
podman-4.9.5-150300.9.31.1
podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise Micro 5.2
podman-4.9.5-150300.9.31.1
podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise Server 15 SP3-LTSS
podman-4.9.5-150300.9.31.1
podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
podman-4.9.5-150300.9.31.1
podman-remote-4.9.5-150300.9.31.1
Ссылки
- Link for SUSE-SU-2024:2050-2
- E-Mail link for SUSE-SU-2024:2050-2
- SUSE Security Ratings
- SUSE Bug 1224122
- SUSE Bug 1226136
- SUSE CVE CVE-2024-24786 page
- SUSE CVE CVE-2024-3727 page
Описание
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Затронутые продукты
SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.31.1
SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.31.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.31.1
Ссылки
- CVE-2024-24786
- SUSE Bug 1226136
Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Затронутые продукты
SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.31.1
SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.31.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.31.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.31.1
Ссылки
- CVE-2024-3727
- SUSE Bug 1224112