Описание
Security update for podman
This update for podman fixes the following issues:
- CVE-2024-3727: Fixed digest type does not guarantee valid type in containers/image (bsc#1224122)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
podman-2.1.1-150100.4.31.1
podman-cni-config-2.1.1-150100.4.31.1
SUSE Linux Enterprise Server 15 SP2-LTSS
podman-2.1.1-150100.4.31.1
podman-cni-config-2.1.1-150100.4.31.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
podman-2.1.1-150100.4.31.1
podman-cni-config-2.1.1-150100.4.31.1
Ссылки
- Link for SUSE-SU-2024:2548-1
- E-Mail link for SUSE-SU-2024:2548-1
- SUSE Security Ratings
- SUSE Bug 1224122
- SUSE CVE CVE-2024-3727 page
Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:podman-2.1.1-150100.4.31.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:podman-cni-config-2.1.1-150100.4.31.1
SUSE Linux Enterprise Server 15 SP2-LTSS:podman-2.1.1-150100.4.31.1
SUSE Linux Enterprise Server 15 SP2-LTSS:podman-cni-config-2.1.1-150100.4.31.1
Ссылки
- CVE-2024-3727
- SUSE Bug 1224112