Описание
Security update for podman
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
podman-4.9.5-150400.4.27.1
podman-docker-4.9.5-150400.4.27.1
podman-remote-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
podman-4.9.5-150400.4.27.1
podman-docker-4.9.5-150400.4.27.1
podman-remote-4.9.5-150400.4.27.1
SUSE Linux Enterprise Micro 5.3
podman-4.9.5-150400.4.27.1
SUSE Linux Enterprise Micro 5.4
podman-4.9.5-150400.4.27.1
SUSE Linux Enterprise Server 15 SP4-LTSS
podman-4.9.5-150400.4.27.1
podman-docker-4.9.5-150400.4.27.1
podman-remote-4.9.5-150400.4.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
podman-4.9.5-150400.4.27.1
podman-docker-4.9.5-150400.4.27.1
podman-remote-4.9.5-150400.4.27.1
openSUSE Leap Micro 5.3
podman-4.9.5-150400.4.27.1
openSUSE Leap Micro 5.4
podman-4.9.5-150400.4.27.1
Ссылки
- Link for SUSE-SU-2024:2090-1
- E-Mail link for SUSE-SU-2024:2090-1
- SUSE Security Ratings
- SUSE Bug 1224122
- SUSE Bug 1226136
- SUSE CVE CVE-2024-24786 page
- SUSE CVE CVE-2024-3727 page
Описание
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.27.1
Ссылки
- CVE-2024-24786
- SUSE Bug 1226136
Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.27.1
Ссылки
- CVE-2024-3727
- SUSE Bug 1224112