Описание
Security update for podman
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
Список пакетов
SUSE Enterprise Storage 7.1
podman-4.9.5-150300.9.52.1
podman-remote-4.9.5-150300.9.52.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
podman-4.9.5-150300.9.52.1
podman-remote-4.9.5-150300.9.52.1
SUSE Linux Enterprise Micro 5.1
podman-4.9.5-150300.9.52.1
podman-remote-4.9.5-150300.9.52.1
SUSE Linux Enterprise Micro 5.2
podman-4.9.5-150300.9.52.1
podman-remote-4.9.5-150300.9.52.1
SUSE Linux Enterprise Server 15 SP3-LTSS
podman-4.9.5-150300.9.52.1
podman-remote-4.9.5-150300.9.52.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
podman-4.9.5-150300.9.52.1
podman-remote-4.9.5-150300.9.52.1
Ссылки
- Link for SUSE-SU-2025:02806-1
- E-Mail link for SUSE-SU-2025:02806-1
- SUSE Security Ratings
- SUSE Bug 1245320
- SUSE CVE CVE-2025-6032 page
Описание
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Затронутые продукты
SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.52.1
SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.52.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.52.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.52.1
Ссылки
- CVE-2025-6032
- SUSE Bug 1245320