Описание
Security update for podman
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
podman-4.9.5-150400.4.50.1
podman-docker-4.9.5-150400.4.50.1
podman-remote-4.9.5-150400.4.50.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
podman-4.9.5-150400.4.50.1
podman-docker-4.9.5-150400.4.50.1
podman-remote-4.9.5-150400.4.50.1
SUSE Linux Enterprise Micro 5.3
podman-4.9.5-150400.4.50.1
podman-remote-4.9.5-150400.4.50.1
SUSE Linux Enterprise Micro 5.4
podman-4.9.5-150400.4.50.1
podman-remote-4.9.5-150400.4.50.1
SUSE Linux Enterprise Server 15 SP4-LTSS
podman-4.9.5-150400.4.50.1
podman-docker-4.9.5-150400.4.50.1
podman-remote-4.9.5-150400.4.50.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
podman-4.9.5-150400.4.50.1
podman-docker-4.9.5-150400.4.50.1
podman-remote-4.9.5-150400.4.50.1
Ссылки
- Link for SUSE-SU-2025:02807-1
- E-Mail link for SUSE-SU-2025:02807-1
- SUSE Security Ratings
- SUSE Bug 1245320
- SUSE CVE CVE-2025-6032 page
Описание
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.50.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.50.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.50.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.50.1
Ссылки
- CVE-2025-6032
- SUSE Bug 1245320